6588536f62a630a4bd94b35e3d7d1d43

Sharing

Copy URL

Twitter E-mail

General

Target

6588536f62a630a4bd94b35e3d7d1d43
Size

2.0MB
MD5

6588536f62a630a4bd94b35e3d7d1d43
SHA1

a02c9312d3f8f21fc3b27d29f3396a8b5ea75256
SHA256

c480ee2d38dd47dcb6e2de05f0f098f3a8b3da87a7bdecdee5b4383a67f321fa
SHA512

1c4f1386f0581dc050e747cb92496edef9b808c7299128534255a3db3a74365f403c0f9ff6ecd106ddf7b3f4565a8e31e0e4d29aa767b6c048588164cdbfe057
SSDEEP

49152:V5ArZwJOEmThfFw81mcecPh22aRfrlHv8Up2:V5IVhd287pNaRfr9kUp2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6588536f62a630a4bd94b35e3d7d1d43

Files

6588536f62a630a4bd94b35e3d7d1d43
.dll windows:5 windows

4a4c99411d7c0bd75e2ce68732ae2f47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
CloseHandle
Sleep
GetLastError
ExitProcess
GlobalFree
GlobalAlloc
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetProcAddress
LoadLibraryW
HeapFree
GetProcessHeap
HeapAlloc
WaitForSingleObject
LeaveCriticalSection
ReleaseSemaphore
WriteFile
DeleteCriticalSection
GetCurrentProcess
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
GetModuleHandleW
SetEvent
GetTickCount
ResetEvent
CreateThread
SetFilePointer
GetSystemTimeAsFileTime
CreateDirectoryA
EnterCriticalSection

user32

MapVirtualKeyExW
IsCharAlphaA
BeginPaint
GetActiveWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
RemovePropA
EnumDisplayDevicesW
CreateWindowExA
DestroyWindow
DrawIconEx
BringWindowToTop
ToAscii
SetWindowTextA
GetWindowTextA
CharUpperW
CloseDesktop
CreateDesktopA
ChangeDisplaySettingsW
DefWindowProcW
GetDC
SetWindowLongW
ReleaseDC
PostMessageW
SetCursorPos
GetCursorPos
EnumDisplaySettingsW
ShowWindow
GetWindowLongW
GetRawInputDeviceInfoA
LoadStringW
SetWindowsHookExW
UnhookWindowsHookEx

Exports

Exports

ServiceMain
SmartDeviceChecking

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a4c99411d7c0bd75e2ce68732ae2f47

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 11KB - Virtual size: 10KB