f7aa8fbe5826351166c863d1edce8105[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

f7aa8fbe5826351166c863d1edce8105.dll
Size

2.1MB
MD5

f7aa8fbe5826351166c863d1edce8105
SHA1

5a07b24e0c065feeafa6a833853ddfa31da122fa
SHA256

2145cc1bb4315c608aa187ccbabe3aa5699d71727aa65a2b0fef88f01e21c377
SHA512

8f2f31003fa4c1b0191c28585d8e7a738d00e89140c0984aec19cf899c37b8bd8dcafbdc82f334b602a10081288c312214e610fda031227d4321fe29f079bacc
SSDEEP

49152:CSvlFunQ9ZC1c/wBR2xIgpGc/Ln+dywOcLZFjtKP67HPle:CS3uQPxxIgpv+owOUHj8P6J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7aa8fbe5826351166c863d1edce8105.dll

Files

f7aa8fbe5826351166c863d1edce8105.dll
.dll windows:5 windows x86 arch:x86

a4f80594f5feb06379c671d7bf991716

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

NetShareDelSticky
NetUserSetGroups
NetConnectionEnum

setupapi

SetupDiDestroyDeviceInfoList
SetupSetFileQueueFlags
SetupDiEnumDeviceInfo

advapi32

OpenEventLogW
RegCloseKey

ole32

OleGetAutoConvert
CoLoadLibrary
CoUnmarshalInterface

wintrust

WTHelperGetProvCertFromChain
CryptCATAdminAddCatalog

winmm

waveInGetID
waveOutPrepareHeader
mixerGetDevCapsW

winspool.drv

XcvDataW

urlmon

URLOpenBlockingStreamW
ReleaseBindInfo
CoInternetCreateZoneManager

gdi32

UnrealizeObject
GetViewportExtEx
GetNearestColor
GetTextAlign
ExtCreatePen
PathToRegion
ExtSelectClipRgn
OffsetViewportOrgEx

iphlpapi

NotifyRouteChange

user32

ActivateKeyboardLayout
VkKeyScanW
PostQuitMessage
UpdateWindow
RegisterWindowMessageA
CreateWindowExA
DefWindowProcA
MonitorFromWindow
GetUpdateRgn
ShowWindow
SetMenuInfo
MenuItemFromPoint
CreateIconIndirect
IsCharAlphaNumericW
GetWindowRect
DestroyWindow
FlashWindowEx
CloseDesktop
InflateRect
GetClipboardOwner

shell32

ExtractAssociatedIconExW
ExtractIconExW
SHGetFileInfoW
SHBrowseForFolderW

comdlg32

ChooseColorA

lz32

LZClose

wininet

FindCloseUrlCache

oleaut32

SafeArrayCreate
GetRecordInfoFromGuids
GetErrorInfo

kernel32

CreateFileA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
TlsSetValue
GetLocaleInfoA
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
LoadLibraryA
VirtualFree
HeapReAlloc
HeapAlloc
GetConsoleMode
GetConsoleCP
InterlockedIncrement
GetUserGeoID
TlsGetValue
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
WriteFile
SetFilePointer
RtlUnwind
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetSystemTimeAsFileTime
QueryPerformanceCounter
DeleteCriticalSection
SetStdHandle
TerminateProcess
VirtualAlloc
ConvertThreadToFiber
GetProcessHeap
GetModuleFileNameW
GetBinaryTypeW
GetSystemInfo
SetUserGeoID
GetSystemTime
GetPriorityClass
GlobalFlags
PurgeComm
SetLastError
TlsAlloc
OutputDebugStringA
GetModuleFileNameA
LoadLibraryW
GetStdHandle
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
MultiByteToWideChar
ReadFile
GetCurrentThreadId

ws2_32

WSAGetLastError

rasapi32

RasSetCredentialsW

rpcrt4

NdrInterfacePointerMarshall
NdrAsyncClientCall
I_RpcSessionStrictContextHandle

shlwapi

StrStrIA

Exports

Exports

EoouNooaiiewwahns

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

O
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

u
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4f80594f5feb06379c671d7bf991716

Headers

File Characteristics

Imports

netapi32

setupapi

advapi32

ole32

wintrust

winmm

winspool.drv

urlmon

gdi32

iphlpapi

user32

shell32

comdlg32

lz32

wininet

oleaut32

kernel32

ws2_32

rasapi32

rpcrt4

shlwapi

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 64KB - Virtual size: 69KB

CRT Size: 368KB - Virtual size: 366KB

PACK Size: 348KB - Virtual size: 346KB

O Size: 356KB - Virtual size: 355KB

CONST Size: 208KB - Virtual size: 205KB

.qdata Size: 636KB - Virtual size: 635KB

u Size: 96KB - Virtual size: 92KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 64KB - Virtual size: 69KB

CRT
Size: 368KB - Virtual size: 366KB

PACK
Size: 348KB - Virtual size: 346KB

O
Size: 356KB - Virtual size: 355KB

CONST
Size: 208KB - Virtual size: 205KB

.qdata
Size: 636KB - Virtual size: 635KB

u
Size: 96KB - Virtual size: 92KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB