1c72d5e0b1ab21bafa93c44c00963ea20c5c0ad51710fb5715ae43ae25ac9fb9

Sharing

Copy URL Twitter E-mail

General

Target

1c72d5e0b1ab21bafa93c44c00963ea20c5c0ad51710fb5715ae43ae25ac9fb9
Size

544KB
MD5

b66db82ce152353e9bfce8273dfda4f8
SHA1

f1a9693f5a974792288a68c188687d6f50aeb77f
SHA256

1c72d5e0b1ab21bafa93c44c00963ea20c5c0ad51710fb5715ae43ae25ac9fb9
SHA512

5e9772fb696e4053090946bf7b770f9a4a05576e8f5754651481403c8a0c34f93bb897c3d0354086feeaf2e7a51e494e04ca17d4b3e41f9fa6bac0586a1e68df
SSDEEP

12288:Wu6cyDMlBJk/Trox4my6z3rGE70/9qFMwEaWjKtRJKS0Vua3KZuQvm2G+xCqOdNs:WfcyDTGmYxCqINKSdg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c72d5e0b1ab21bafa93c44c00963ea20c5c0ad51710fb5715ae43ae25ac9fb9

Files

1c72d5e0b1ab21bafa93c44c00963ea20c5c0ad51710fb5715ae43ae25ac9fb9
.dll windows:5 windows x86 arch:x86

650521d78f66442a347e518e68323ba2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
CreateEventW
InterlockedIncrement
VirtualProtect
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
SetLastError
EnterCriticalSection
CreateTimerQueue
CreateMutexW
DeleteTimerQueueEx
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
Sleep
ExitThread
CreateTimerQueueTimer
ResetEvent
QueryPerformanceFrequency
OutputDebugStringA
ReleaseMutex
CloseHandle
CreateThread
PeekNamedPipe
WriteFile
ReadFile
CreateFileW
GetLastError
SetNamedPipeHandleState
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

user32

MessageBoxW

msvcp100

_Nan
?quiet_NaN@?$numeric_limits@N@std@@SANXZ

msvcr100

strncpy
strcpy_s
_vsnprintf
strerror
strstr
_errno
isalnum
isdigit
toupper
strspn
strchr
abort
longjmp
getenv
strtod
ldexp
strpbrk
rename
_mktime64
_gmtime64
tmpnam
memcpy_s
remove
clock
strftime
setlocale
_localtime64
_difftime64
_time64
exit
isgraph
isspace
memchr
ispunct
tolower
isalpha
_vswprintf
iscntrl
islower
isxdigit
frexp
strncat_s
strncpy_s
strcoll
_vsnprintf_s
free
malloc
vswprintf_s
vsprintf_s
wcsncpy_s
_beginthread
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_purecall
??_V@YAXPAX@Z
sprintf_s
??2@YAPAXI@Z
??3@YAXPAX@Z
_snprintf
sprintf
isupper
_copysign
_CIlog
_CIexp
memset
_CxxThrowException
memcpy
_CIpow
floor
_setjmp3
_CIsqrt
__CxxFrameHandler3
system

Exports

Exports

_CloseSimulationDevice@4
_OpenSimulationDevice@16
_SimulationDeviceIoControl@32

Sections

.text
Size: 484KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

650521d78f66442a347e518e68323ba2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 484KB - Virtual size: 483KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 484KB - Virtual size: 483KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB