0ec4b4e5a28162e0010434bcce8987e2a1e554eeb0e25d1048814b55cba70bef

General

Target

0ec4b4e5a28162e0010434bcce8987e2a1e554eeb0e25d1048814b55cba70bef
Size

127KB
MD5

6c97d83c51f4a62e7a1bdd4704a315a6
SHA1

95c884f843e834f2ff18d0fd07ff0e5a181151d4
SHA256

0ec4b4e5a28162e0010434bcce8987e2a1e554eeb0e25d1048814b55cba70bef
SHA512

6cb1c503fa96dd1d3d6c2705dafb8d91442625c217709dc132ff6fb833bb63ab9eb51720fc0e66a1a65ccc97b376e3dfa9d1c533854156ad89134cfa7731c648
SSDEEP

1536:tcM/4zEhf3GV28jSGzDTeuGHAbuxBBBxIJFHcE6daibsWjcddsV3vIh/xt:d4zCeV3/WzgUIJ98+dsVO/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ec4b4e5a28162e0010434bcce8987e2a1e554eeb0e25d1048814b55cba70bef

Files

0ec4b4e5a28162e0010434bcce8987e2a1e554eeb0e25d1048814b55cba70bef
.dll windows:6 windows x86 arch:x86

631f807fad220557406d50b182e6baa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetLastError
ExitProcess
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
LoadLibraryExW
WriteFile
RaiseException
SetLastError
GetProcessHeap
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
FreeLibrary
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapAlloc
VirtualQuery
RtlUnwind
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
SetStdHandle
SetFilePointerEx
CloseHandle
CreateFileW

Exports

Exports

XCP_ComputeKeyFromSeed
XCP_GetAvailablePrivileges

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

631f807fad220557406d50b182e6baa6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 4KB - Virtual size: 3KB