56061b8b2d20be46249b946ba5df637c

Sharing

Copy URL Twitter E-mail

General

Target

56061b8b2d20be46249b946ba5df637c
Size

128KB
MD5

56061b8b2d20be46249b946ba5df637c
SHA1

9978f2591afebb242c2ac64fba2f5ca74fefb596
SHA256

52b022921e9c5f1734f35e7ee085ca987975e64d3516c0ccbc195b6af1ec6462
SHA512

55ee6f95918df438ca84cc538d53d00fcc895eb11125f0e4837b774daa8a3196d4b75c6fcf8898a36f01aff5b15f492744497823cbc697782a4745e4d6ea2a4f
SSDEEP

3072:S6l69Ew865ZoM2UP2E8eKwe6T7WBDVCHcPNOBUN5YH4PFtzvuF0A:llr6YU+ErV7Tc1Oe5vFsD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56061b8b2d20be46249b946ba5df637c

Files

56061b8b2d20be46249b946ba5df637c
.dll windows:4 windows x86 arch:x86

1356f21eab21c20fdc6d140aaf100814

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
IsValidLocale
VirtualAlloc
GetVersion
LoadLibraryA
Heap32Next
GetVolumeNameForVolumeMountPointA
GetUserDefaultLCID
Heap32First
VerLanguageNameA
GetCurrentProcessId
OpenConsoleW
ExpandEnvironmentStringsA
GetConsoleAliasExesA
HeapLock
SetCommTimeouts
lstrcpynA
SetStdHandle
WritePrivateProfileSectionA
GetConsoleFontSize
SetLastConsoleEventActive
CreateJobObjectW
LockFile
GetLocalTime
WriteProfileSectionA
SetConsoleHardwareState
HeapDestroy
GetCommModemStatus
SetConsoleCtrlHandler
OpenJobObjectW
IsBadStringPtrW
GetProcessWorkingSetSize
SwitchToThread
SetConsoleTitleA
GetNextVDMCommand
Thread32First
SwitchToFiber
GetFileSizeEx
IsBadHugeWritePtr
VerLanguageNameW
GlobalFlags
IsDBCSLeadByte
UnmapViewOfFile
WaitForSingleObject
GetConsoleCommandHistoryLengthA
GetTimeFormatA
FreeLibrary
CloseConsoleHandle
InitializeCriticalSection
SetConsoleMenuClose
lstrcmpiA
GetProcAddress
IsBadReadPtr
GetHandleInformation
LocalFree
WriteTapemark
SetConsoleCursor
GetSystemTime
SetNamedPipeHandleState
GetConsoleAliasesW
WritePrivateProfileStructA

version

VerQueryValueA
VerInstallFileW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueW
VerInstallFileA
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoSizeA

winmm

mciSendCommandW
mixerGetDevCapsW
auxGetDevCapsW
midiOutReset
mmioRenameW
mixerClose
GetDriverModuleHandle
sndPlaySoundW
auxGetNumDevs
midiOutGetVolume
mmioDescend
mciExecute
mmioOpenA
waveOutGetDevCapsA
waveInGetPosition
waveOutMessage
mciSendStringA
midiInGetDevCapsA
waveOutSetPlaybackRate
timeKillEvent
SendDriverMessage
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
midiOutUnprepareHeader
waveOutSetPitch
mixerSetControlDetails
midiStreamOpen
midiOutLongMsg
midiStreamOut
joyGetDevCapsA
midiOutCachePatches
joyGetPosEx
joyGetThreshold
mixerGetLineInfoA
mciFreeCommandResource
mciGetDeviceIDFromElementIDA
joyGetPos
mixerGetDevCapsA
waveOutGetVolume
mciLoadCommandResource
waveInPrepareHeader
waveInStart
midiInClose
waveInGetNumDevs
waveOutReset
mmTaskBlock
DefDriverProc
waveInUnprepareHeader
midiOutMessage
mmDrvInstall
tid32Message
joyReleaseCapture
midiOutPrepareHeader
aux32Message
midiOutGetDevCapsA
mmioFlush
waveInOpen
waveOutGetErrorTextA
midiOutCacheDrumPatches
waveOutWrite
waveOutPause
mmioSetInfo
mixerOpen
mmioAdvance
midiInGetErrorTextA
auxGetVolume
mmioClose
timeGetTime
auxGetDevCapsA
mmTaskYield
joyGetDevCapsW
OpenDriver
waveOutRestart
mciGetDeviceIDA
joy32Message
DrvGetModuleHandle
waveOutGetPosition
timeSetEvent
mmioInstallIOProcW
waveInMessage
mixerGetControlDetailsA
timeBeginPeriod
mmioSeek
mciSendStringW
waveInGetDevCapsA
midiInGetErrorTextW
waveInGetDevCapsW
waveOutUnprepareHeader
waveOutGetDevCapsW
midiStreamPause
mmioSetBuffer
PlaySoundA
WOWAppExit
midiOutOpen
waveInGetErrorTextA
waveOutOpen

msvcrt

_mbsnbcmp
_mbsnbcpy
_beginthread
strchr
_wgetcwd
_mbsnbcat
__pxcptinfoptrs
ferror
_memccpy
_wfindnexti64
fclose
__p__winminor
swscanf
_safe_fprem1
_errno
_CIexp
strlen
printf
frexp
_heapchk
_getdiskfree
fputc
_sopen
_rotl
wcspbrk
strcoll
_close
iswupper
__p___winitenv
_unlink
memcmp
_ismbbalpha
__p__fileinfo
_adj_fdivr_m32
gmtime
_control87
_spawnve
_EH_prolog
_telli64
_fsopen
_Getdays
_CItanh
_ismbclegal
_adj_fdiv_r
sprintf
_wpopen
ftell
_findnexti64
fwrite
is_wctype
_mbctolower
_CIsqrt
_sleep
vfprintf
_amsg_exit
_ctype
fsetpos
_wcmdln
_ismbbprint
_adj_fdiv_m32
_rmtmp
fread
fputs
_wperror
fseek
_strrev
setbuf
_mbsstr
_creat
_pwctype
fwprintf
tan
memset
atof
feof
_CIsinh
free
_rotr
_fpieee_flt
_clearfp
_getch
_fpclass
fprintf
fopen

Exports

Exports

Ikalweaxn
Oytip
Sxjk
Wzzzyllctf
Zlbljrku

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1356f21eab21c20fdc6d140aaf100814

Headers

File Characteristics

Imports

kernel32

version

winmm

msvcrt

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 52KB - Virtual size: 50KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 52KB - Virtual size: 50KB

.reloc
Size: 8KB - Virtual size: 7KB