6c200a97313b7d6840ddec8f5049fab3268c3b00527dfc222eb260501ef0e8ac

Sharing

Copy URL

Twitter E-mail

General

Target

6c200a97313b7d6840ddec8f5049fab3268c3b00527dfc222eb260501ef0e8ac
Size

2.1MB
MD5

97263488ebaddfa22154e3a0c86add07
SHA1

68120c72555b59d9faa74c674d5ba2a1d8ec2cbf
SHA256

6c200a97313b7d6840ddec8f5049fab3268c3b00527dfc222eb260501ef0e8ac
SHA512

2e5176fc02308b252d7f5d1dfb101601d80c8416d67674e83d3dbfefd0865f4dda776437fbeac004a9b59ebe716fab1549c4f97ec060bddfb53d6c08ed6f8876
SSDEEP

49152:/l1raQcLMW+z8o0o4Hhb8zdM49fHDTFW6+ML2jF5mvLVCPikA:/lFaQcLF884ya33Fb+vDmC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c200a97313b7d6840ddec8f5049fab3268c3b00527dfc222eb260501ef0e8ac

Files

6c200a97313b7d6840ddec8f5049fab3268c3b00527dfc222eb260501ef0e8ac
.dll windows:5 windows x86 arch:x86

ca6d98932bbabd9491d5ee70d1739f29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

DsEnumerateDomainTrustsW
NetGroupSetInfo
NetLocalGroupDelMembers

winspool.drv

EnumPrintProcessorDatatypesW

advapi32

SetServiceObjectSecurity
RegDeleteValueA

comdlg32

GetOpenFileNameA

user32

CharPrevA
GetAncestor
DestroyCursor
PostQuitMessage
EmptyClipboard
ShowWindow
CreateWindowExA
ChildWindowFromPoint
WindowFromDC
SetRect
SetProcessWindowStation
GetKeyboardType
IsCharUpperW

ole32

StgOpenPropStg
OleRegEnumVerbs
CoFreeUnusedLibrariesEx

rasapi32

RasGetSubEntryHandleW

wintrust

CryptCATPutMemberInfo
CryptCATPutCatAttrInfo

ws2_32

WSAGetLastError

rpcrt4

RpcCancelThread
NdrSimpleStructBufferSize
RpcStringFreeA

shell32

SHGetDesktopFolder

shlwapi

StrCmpLogicalW
StrChrIW
StrRChrA

oleaut32

GetErrorInfo
GetRecordInfoFromGuids

iphlpapi

DeleteIpForwardEntry

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_First_Log_Conf_Ex
SetupDiGetINFClassW
SetupDiEnumDeviceInfo

urlmon

CoInternetIsFeatureEnabled
CoInternetCreateSecurityManager
FindMimeFromData

winmm

GetDriverModuleHandle
waveOutOpen
waveOutClose

kernel32

CloseHandle
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
FreeEnvironmentStringsA
HeapReAlloc
CreateFileA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetDateFormatA
GetTimeFormatA
ReadFile
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
WideCharToMultiByte
GetLocaleInfoA
GetLocaleInfoW
HeapAlloc
CompareStringA
RtlUnwind
HeapSize
VirtualFree
HeapDestroy
HeapCreate
SetEnvironmentVariableA
GetEnvironmentStrings
GetCommandLineA
HeapFree
IsValidCodePage
GetOEMCP
HeapLock
SetEvent
GetUserDefaultLCID
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
GetSystemTimeAsFileTime
VirtualAlloc
SetProcessAffinityMask
GetModuleFileNameA
GetBinaryTypeA
OutputDebugStringA
GetModuleHandleW
LoadLibraryExW
SetThreadPriorityBoost
ActivateActCtx
GetTapeStatus
TlsAlloc
SetThreadExecutionState
Sleep
GetProcAddress
ExitProcess
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
GetCurrentThread
WriteFile
GetStdHandle
FatalAppExitA
EnterCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP

gdi32

SetTextAlign
CloseFigure
RemoveFontResourceW
StretchBlt
SetViewportOrgEx
CreateHatchBrush
FrameRgn
GetCharWidth32W
GetNearestPaletteIndex
CreateCompatibleDC

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hvwba
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca6d98932bbabd9491d5ee70d1739f29

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

winspool.drv

advapi32

comdlg32

user32

ole32

rasapi32

wintrust

ws2_32

rpcrt4

shell32

shlwapi

oleaut32

iphlpapi

setupapi

urlmon

winmm

kernel32

gdi32

Sections

.text Size: 104KB - Virtual size: 101KB

hvwba Size: 88KB - Virtual size: 85KB

.data Size: 36KB - Virtual size: 42KB

PACK Size: 1.9MB - Virtual size: 1.9MB

.crt1 Size: 28KB - Virtual size: 27KB

.qdata Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 104KB - Virtual size: 101KB

hvwba
Size: 88KB - Virtual size: 85KB

.data
Size: 36KB - Virtual size: 42KB

PACK
Size: 1.9MB - Virtual size: 1.9MB

.crt1
Size: 28KB - Virtual size: 27KB

.qdata
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB