5963116d33d3f5428af4809e1a4c78e7

Sharing

Copy URL

Twitter E-mail

General

Target

5963116d33d3f5428af4809e1a4c78e7
Size

80KB
MD5

5963116d33d3f5428af4809e1a4c78e7
SHA1

f3390a35b5d0faf3d66e44e776d4e659e7d471d5
SHA256

bc7677052c49da89339152557417dc10c3a81716a59aeb9b2b23f10c24a21f30
SHA512

2a87990ceed616c42f745b4ccf310def6c88590677e8a15421f01f4ef6b3031bc72e93cd8933c1320846126489f4c8f6c07f2ed47b9be05b9d6facc35af455bc
SSDEEP

1536:o/ELy33wYpYCFd03SA+7d34w+CMep6Pe00chXKR7mGGkdc16nN9KCckuTCxNzwTw:hy3AVk2xmW5VSqwa4uAI8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5963116d33d3f5428af4809e1a4c78e7

Files

5963116d33d3f5428af4809e1a4c78e7
.dll windows:4 windows x86 arch:x86

0c157ae15988fdddbbaaa73d4a425fe1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
GetSystemDefaultLangID
FreeLibraryAndExitThread
InitializeCriticalSection
VirtualFree
FindNextVolumeW
GetStringTypeA
SuspendThread
OpenThread
OpenEventW
OpenJobObjectW
ReplaceFileW
RtlMoveMemory
GetCurrentProcess
ReadFile
CreateRemoteThread
LocalSize
GetEnvironmentStringsW
GlobalGetAtomNameA
SetConsoleWindowInfo
GetCommandLineW
GetAtomNameW
EnumResourceNamesW
GetOverlappedResult
ExpandEnvironmentStringsW
SetInformationJobObject
CreateDirectoryW
SetEvent
GetDiskFreeSpaceA
VerifyVersionInfoW
SetConsoleCursorPosition
SetLocalTime
GetCurrentThreadId
SwitchToThread
GetWindowsDirectoryA
LocalFlags
GlobalFindAtomA
HeapFree
GetCommTimeouts
GetLocaleInfoA
GetDriveTypeA
FindFirstFileExW
GetProcessVersion
GetCommState
GetLastError
SetLastError
GetSystemDirectoryA
VirtualQuery
UnmapViewOfFile
lstrlenW
VirtualProtect
GetModuleFileNameA
GetProcAddress
GetTickCount
CreateMutexA
LoadLibraryA
LocalFree
InterlockedExchange
SetProcessShutdownParameters

ole32

CoAllowSetForegroundWindow
OleCreateFromFile
StgOpenStorage
OleRegEnumVerbs
CoLockObjectExternal
CreateDataAdviseHolder
OleDestroyMenuDescriptor
CreateOleAdviseHolder
CoGetCallContext
RevokeDragDrop
OleUninitialize
CoEnableCallCancellation
SetConvertStg
CoUninitialize
OleLoad

shlwapi

PathIsFileSpecW
AssocQueryStringW
PathIsDirectoryW
SHGetValueA
PathIsURLW
PathIsRelativeW
PathIsDirectoryA
StrRetToBufW
PathCompactPathExW
StrFormatByteSizeW
StrRChrW
PathMatchSpecW
PathQuoteSpacesW
PathStripPathW
SHDeleteKeyA
PathIsUNCW
PathRenameExtensionW
SHGetValueW
StrStrIA
StrStrIW

shell32

ShellExecuteA
SHGetMalloc
SHSetLocalizedName

gdi32

GetRandomRgn
GetSystemPaletteUse
GetKerningPairsA
EnumFontFamiliesExW
PlayEnhMetaFileRecord
AbortDoc
DeleteEnhMetaFile
CreatePalette
GetTextCharacterExtra
SetTextCharacterExtra
SetPaletteEntries
SetMiterLimit
SetMetaRgn
ExtTextOutW
SetWindowExtEx
Ellipse
DPtoLP
RectVisible
ScaleWindowExtEx
EnumFontsA
GetFontResourceInfoW
CreatePen
GetNearestPaletteIndex
SetICMMode

Exports

Exports

mciGLTrust

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c157ae15988fdddbbaaa73d4a425fe1

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

shell32

gdi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB