675cc0976eda2eeaf641d0f867f4c86e

Sharing

Copy URL

Twitter E-mail

General

Target

675cc0976eda2eeaf641d0f867f4c86e
Size

251KB
MD5

675cc0976eda2eeaf641d0f867f4c86e
SHA1

a3f224e0de34bd4d7599de2ec38d06b6c1d083f5
SHA256

f5b7c20056dea69217812f4b61fad8702133e0dabf8a7858c1a4f672014d7672
SHA512

96c8dc47e8fbacb77003f24c6191862534ab897e3edd53992c464a461104b15a7a109958a51a5856b3e0411c88636c36464eae9807cb608edcf661aa0d95a610
SSDEEP

3072:7KvBQj5IX9ps+iaPfTEcaWc1Ce+0Pyvvj3PeaQsCbnJyFXcwLL68mqgtGA:7P+LsWPftoC90qvrVCrUNLL68m0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
675cc0976eda2eeaf641d0f867f4c86e

Files

675cc0976eda2eeaf641d0f867f4c86e
.dll windows:6 windows x64 arch:x64

e190d1d85059849282eaf9f6aa604cdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetOverlappedResult
DeviceIoControl
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
CreateEventW
Sleep
GetCurrentProcess
CreateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateFileMappingW
IsWow64Process
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
WaitNamedPipeW
LoadLibraryExW
GlobalAlloc
GlobalFlags
GlobalFree
GlobalDeleteAtom
CreateTapePartition
GetTapeParameters
FormatMessageW
BackupRead
OpenSemaphoreA
CreateWaitableTimerW
CreateFileMappingA
LoadLibraryW
GlobalAddAtomA
CreateNamedPipeA
GetComputerNameA
GetTimeFormatW
GetCPInfo
IsDBCSLeadByteEx
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
SetLastError
GetLastError
CloseHandle
WriteFile
RemoveDirectoryW
ReadFile
GetFileSize
CreateFileW
GetProcAddress
SearchPathA
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

gdi32

DeleteObject

advapi32

StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle

shell32

ord75
ord176
SHGetSettings
SHChangeNotify
SHGetFolderPathAndSubDirA
ord232
SHGetFolderPathW
SHGetInstanceExplorer
SHGetUnreadMailCountW
Shell_NotifyIconA
DoEnvironmentSubstW
DragFinish
DragQueryPoint
DragQueryFileW
DragQueryFileA
ord47
ord645
ord245
ord644
ord2
ord4

shlwapi

StrSpnA
StrTrimA
StrCatBuffA
ord152
PathBuildRootA
PathCanonicalizeW
PathCombineA
PathIsUNCA
SHEnumValueW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegCloseUSKey
ord15
ord217
SHCreateShellPalette

winmm

midiOutGetNumDevs
waveInGetErrorTextW
midiOutGetErrorTextA
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
mixerSetControlDetails
midiOutGetErrorTextW
mixerGetControlDetailsW
mixerGetControlDetailsA
mixerGetID
mixerGetDevCapsA
mixerGetNumDevs
auxGetVolume
midiInGetID
midiInGetDevCapsW
midiOutGetID
waveInGetID
mmioRead
waveInGetNumDevs
mmioSeek
mciSendStringW
mmioClose
mmioOpenW
mmioOpenA
mciGetYieldProc
mciGetCreatorTask
mciSetYieldProc
mciGetErrorStringW
mciGetDeviceIDW
mciGetDeviceIDA
auxGetNumDevs

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_type_info_destroy_list
__std_exception_copy
memchr
__C_specific_handler
memset
memmove
memcpy
memcmp
__std_exception_destroy
_CxxThrowException
strchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
exit
_crt_atexit
signal
_cexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

isdigit
toupper
_strdup
strncmp
tolower
isxdigit
strncpy
isspace
strncat
strcspn
_wcsnicmp
wcsncpy
wcsncat

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

api-ms-win-crt-convert-l1-1-0

_ltow
_ultow
_ltoa
_itoa
atoi
strtoul
_ultoa

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
puts
__acrt_iob_func
fclose
fopen
fgetc
putc
__stdio_common_vsprintf
feof

api-ms-win-crt-time-l1-1-0

_difftime64
_time64

Exports

Exports

mp_neg
mp_signed_bin_size
pthread_setschedparam

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e190d1d85059849282eaf9f6aa604cdf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

shell32

shlwapi

winmm

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 8KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 12KB - Virtual size: 12KB

DATA Size: 12KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 132B

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 8KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 12KB - Virtual size: 12KB

DATA
Size: 12KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 132B