54807098ea8a1f054c55621c71c8e2e8

Sharing

Copy URL Twitter E-mail

General

Target

54807098ea8a1f054c55621c71c8e2e8
Size

5.7MB
MD5

54807098ea8a1f054c55621c71c8e2e8
SHA1

f5ef2799f35d4ad264da897c77a788671dd535cd
SHA256

999a774ec25a8ce5dfe2827c9ebe84652117d346aa8a2d0efd93362cdad9872a
SHA512

b8a9aca45fad2239a0e9368d2984a8cd31ad9e3244d76ebe6daf74e59558bbb12a7e491e32a64bc499a4f9655768571509fe29c702e058586b0dd5d321cf9e68
SSDEEP

98304:HITkOYylqWu2Kmj+7qOkJmLrWeQkE+e+15hZAopvRQHt8A5mpkOsSV8t6DslnQ6/:UvNq92Ks+1kJmvWeQGe+vAopYadpZg0y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aurora.dll

Files

54807098ea8a1f054c55621c71c8e2e8
.rar
aurora.dll
.dll windows:6 windows x86 arch:x86

847f6fb99eec1a6be1458fda23e38570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
FindNextFileA
GetFullPathNameA
FindClose
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
FormatMessageA
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
InitializeCriticalSectionEx
FreeLibrary
SystemTimeToFileTime
GetSystemTime
SetLastError
ReadConsoleW
CreateThread
GetEnvironmentVariableW
GlobalMemoryStatus
ConvertThreadToFiber
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GlobalUnlock
GlobalLock
GlobalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
K32EnumProcessModules
Module32NextW
Module32FirstW
K32GetModuleBaseNameA
CreateToolhelp32Snapshot
GetCurrentProcessId
SetStdHandle
FreeConsole
ReadConsoleA
ConvertFiberToThread
WideCharToMultiByte
CreateFiber
DeleteFiber
SwitchToFiber
MultiByteToWideChar
GetLastError
WriteFile
GetFileType
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
SetConsoleMode
WriteConsoleA
GetStdHandle
TerminateProcess
MulDiv
K32GetModuleInformation
WritePrivateProfileStringA
Sleep
DeleteCriticalSection
InitializeCriticalSection
VirtualQuery
GetModuleHandleW
GetProcAddress
CloseHandle
GetCurrentProcess
VirtualProtect
GetModuleHandleA
GetTickCount
GetPrivateProfileStringA
CreateDirectoryA
GetConsoleMode

user32

SetClipboardData
GetClipboardData
SetCursor
GetClientRect
SetCursorPos
FlashWindowEx
MessageBoxA
SetRect
CallWindowProcW
EmptyClipboard
CloseClipboard
SetWindowLongW
OpenClipboard
GetProcessWindowStation
GetUserObjectInformationW
GetKeyState
MessageBoxW
LoadCursorW
FillRect
ClientToScreen

gdi32

SetMapMode
DeleteObject
CreateFontA
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateBrushIndirect
GetDeviceCaps
GetTextMetricsW
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkColor
ExtTextOutW

advapi32

CryptGenRandom
RegOpenKeyExA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExA
CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
CryptAcquireContextA

shell32

ShellExecuteW

msvcp140

??Bid@locale@std@@QAEIXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
_Mtx_trylock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z

ws2_32

getsockname
WSASetLastError
ioctlsocket
setsockopt
WSAGetLastError
freeaddrinfo
socket
send
recv
getaddrinfo
WSACleanup
WSAStartup
htons
closesocket
ntohs
getsockopt
gethostname
htonl
ntohl
sendto
recvfrom
accept
bind
listen
__WSAFDIsSet
connect
WSAIoctl
getpeername
select

d3dx9_43

D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileInMemoryEx

winmm

PlaySoundA

imm32

ImmGetContext
ImmSetCompositionWindow

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore

wldap32

ord211
ord60
ord50
ord46
ord41
ord143
ord26
ord27
ord32
ord33
ord35
ord79
ord22
ord301
ord200
ord30

normaliz

IdnToAscii

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
__RTDynamicCast
memchr
wcsstr
strrchr
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
strstr
strchr
_CxxThrowException
memcpy
memmove
memset

api-ms-win-crt-math-l1-1-0

_fdtest
floor
fminf
_CIatan2
_libm_sse2_sin_precise
_except1
_libm_sse2_acos_precise
_libm_sse2_atan_precise
_libm_sse2_sqrt_precise
_libm_sse2_cos_precise
_CIfmod
_libm_sse2_pow_precise
ceil
_dsign
_dtest
fmaxf

api-ms-win-crt-convert-l1-1-0

strtoul
_strtoui64
_strtoi64
strtoll
strtod
strtol
atof
atoi
strtoull

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-runtime-l1-1-0

_errno
strerror
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_initterm
signal
_initterm_e
abort
strerror_s
_exit
__sys_nerr
_beginthreadex
_getpid
_invalid_parameter_noinfo_noreturn
raise
_execute_onexit_table
terminate

api-ms-win-crt-stdio-l1-1-0

fgetpos
__stdio_common_vswprintf
setvbuf
fsetpos
fread
_lseeki64
fwrite
_write
__acrt_iob_func
_read
__stdio_common_vfprintf
_close
fgetc
__stdio_common_vsprintf
fflush
fputc
__stdio_common_vsscanf
fclose
_setmode
_fileno
fgets
ferror
feof
_fseeki64
_open
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
ungetc
ftell
fopen
fseek
_wfopen
fputs
__stdio_common_vsprintf_s

api-ms-win-crt-utility-l1-1-0

ldiv
qsort
rand

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64i32
remove
_stat64
_unlock_file
_lock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
realloc
free

api-ms-win-crt-string-l1-1-0

isprint
strcat_s
_stricmp
strncmp
tolower
strcpy_s
isspace
isdigit
strpbrk
towlower
isgraph
islower
_strdup
isalnum
isalpha
isupper
strspn
strcspn
isxdigit
_strnicmp
strncpy
strcmp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.9MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

847f6fb99eec1a6be1458fda23e38570

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ws2_32

d3dx9_43

winmm

imm32

crypt32

wldap32

normaliz

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 4.9MB - Virtual size: 10.3MB

.rsrc Size: 229KB - Virtual size: 229KB

.reloc Size: 201KB - Virtual size: 201KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 4.9MB - Virtual size: 10.3MB

.rsrc
Size: 229KB - Virtual size: 229KB

.reloc
Size: 201KB - Virtual size: 201KB