56d0cafcd603d076e030714d648342b2

Sharing

Copy URL Twitter E-mail

General

Target

56d0cafcd603d076e030714d648342b2
Size

924KB
MD5

56d0cafcd603d076e030714d648342b2
SHA1

e15eb9827057037bc8168f8745678293a7717f86
SHA256

2a30409507f7ee5674b5449b2281d5c6658e89f7b75dac4b2daed5e4d7c0ced5
SHA512

8d2db43a28a2d0d9e0da69f56bcf8db9d43d3968f910b429c5368b2f7fab8b499efb64ff1e22f428b5cdd3a25fdeeb49575e3d857ee779a657b07361200b2eeb
SSDEEP

24576:ixzZSV1+0eQDFmptuQl8ebD6Jy9NPr0Sv:ide+0eQDFmptT88DdR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d0cafcd603d076e030714d648342b2

Files

56d0cafcd603d076e030714d648342b2
.dll windows:6 windows x64 arch:x64

84219f90b6394bc7a8a9e6bf8182ca5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrencyFormatW
FindActCtxSectionStringW
QueryInformationJobObject
CreateJobObjectA
BuildCommDCBW
DefineDosDeviceA
CreateFileMappingA
GetCommConfig
EscapeCommFunction
LocalFree
LocalAlloc
GlobalFree
GlobalFlags
GlobalAlloc
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTickCount
TlsFree
TlsGetValue
TlsAlloc
CreateThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetLastError
CloseHandle
ReadFile
GetFileSize
DeleteFileW
CreateFileW
SetStdHandle
GetStdHandle

gdi32

DeleteObject
GdiGetBatchLimit
GdiSetBatchLimit
GdiFlush
CombineTransform
CreateFontIndirectExA
GetRgnBox
GetRasterizerCaps
CreateDCA
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePenIndirect
DeleteDC

advapi32

IsValidSid
GetSecurityDescriptorDacl
AccessCheckAndAuditAlarmW
OpenProcessToken
InitializeSid
IsTokenRestricted
CloseEventLog
GetOldestEventLogRecord
OpenEventLogA
LookupPrivilegeNameA
CloseServiceHandle
CreateServiceW
DeleteService
FreeInheritedFromArray
GetInheritanceSourceW
CredFree
CredUnmarshalCredentialW
SaferIdentifyLevel
SaferCloseLevel
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
LsaFreeMemory
QueryServiceStatus
QueryServiceObjectSecurity
OpenServiceW
OpenServiceA
OpenSCManagerW
OpenSCManagerA
EnumDependentServicesW
InitializeAcl

shell32

ord4
ord154
DragFinish
SHAppBarMessage
ord2
SHChangeNotify
ord16
Shell_NotifyIconA
SHGetDiskFreeSpaceExW
SHLoadNonloadedIconOverlayIdentifiers
ord155
ord645
ord644

shlwapi

UrlGetLocationW
StrFromTimeIntervalA
StrIsIntlEqualA
StrRStrIW
SHRegSetUSValueA
SHRegSetPathW
SHRegGetPathW
ord346
SHRegGetUSValueA

dbghelp

FindDebugInfoFile
ImageNtHeader
ImageDirectoryEntryToDataEx
SearchTreeForFile
SymSetOptions
SymGetOptions
SymCleanup
SymGetModuleInfo64
SymInitialize
SymGetSearchPath
SymGetTypeInfo
SymGetSymPrev64

imm32

ImmGetCompositionFontW
ImmGetCompositionWindow
ImmGetIMEFileNameW
ImmRegisterWordA
ImmRegisterWordW
ImmUnregisterWordA
ImmUnregisterWordW
ImmGetImeMenuItemsA
ImmGetOpenStatus
ImmGetCandidateListA
ImmGetCandidateListCountW
ImmEnumRegisterWordA

winmm

joyGetNumDevs
mixerGetControlDetailsW
mixerGetID
mixerGetLineInfoW
mixerClose
mixerOpen
mixerGetDevCapsW
mixerGetDevCapsA
joyGetPos
mixerGetNumDevs
midiInMessage
midiInAddBuffer
midiInGetNumDevs
waveInGetID
waveInGetErrorTextW
waveInGetNumDevs
waveOutGetID
waveOutGetErrorTextW
waveOutGetNumDevs
joyGetDevCapsA
mmioInstallIOProcA
mciSendCommandA
mciGetDeviceIDA
mciGetErrorStringA
mmioOpenA
mmioOpenW
mmioClose
mmioRead
mmioWrite
mmioSetBuffer

rpcrt4

MesHandleFree
MesDecodeBufferHandleCreate
MesEncodeIncrementalHandleCreate
MesDecodeIncrementalHandleCreate
MesEncodeFixedBufferHandleCreate
MesIncrementalHandleReset

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

_CxxThrowException
longjmp
__std_exception_destroy
__std_exception_copy
strchr
memcmp
memcpy
memmove
memset
__C_specific_handler
__intrinsic_setjmp
memchr
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

strerror
abort
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_errno
_register_onexit_function
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

isalnum
tolower
_strnicmp
strncat
ispunct
strncpy
isspace
wcsncpy
isxdigit
isalpha
wcsncat
_wcsnicmp

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
realloc
free
malloc

api-ms-win-crt-convert-l1-1-0

_ultow
strtoul
_ultoa
_ltoa
_itoa
_itow
strtod

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-stdio-l1-1-0

fclose
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
fread
fopen
__acrt_iob_func
fflush

api-ms-win-crt-math-l1-1-0

pow

Exports

Exports

Gamepad_shutdown

Sections

.text
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.stab
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84219f90b6394bc7a8a9e6bf8182ca5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

shell32

shlwapi

dbghelp

imm32

winmm

rpcrt4

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 393KB - Virtual size: 393KB

.rdata Size: 311KB - Virtual size: 311KB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 8KB - Virtual size: 7KB

.stab Size: 206KB - Virtual size: 206KB

.buildid Size: 512B - Virtual size: 512B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 160B

.text
Size: 393KB - Virtual size: 393KB

.rdata
Size: 311KB - Virtual size: 311KB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 8KB - Virtual size: 7KB

.stab
Size: 206KB - Virtual size: 206KB

.buildid
Size: 512B - Virtual size: 512B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 160B