f787ea96bf326964661a763dcdec635323931a5800628973b50c7bb5e29bccaf

Sharing

Copy URL Twitter E-mail

General

Target

f787ea96bf326964661a763dcdec635323931a5800628973b50c7bb5e29bccaf
Size

2.0MB
MD5

1f7b3875074bb94037fb17e4f8f75c79
SHA1

43d97d81cbef5047f8497178ba682817abd14ea7
SHA256

f787ea96bf326964661a763dcdec635323931a5800628973b50c7bb5e29bccaf
SHA512

304e2d5066da4dcde95cbe83dc02e2d7d4aa9dd4d3c42cde4677acc203ed205058e01a951bb0db7a3c310039f7b3f1fe72f29c944eae8ed763fa78005edce10e
SSDEEP

24576:5iT7m9XYfqZLARlXPcBQvLoyteA6iieBJYuf/fQSP4SEiXK6Ftx9XoOsopW0A/p7:UUXYfqRAD9T1fDsy9XP/AxtZZx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f787ea96bf326964661a763dcdec635323931a5800628973b50c7bb5e29bccaf

Files

f787ea96bf326964661a763dcdec635323931a5800628973b50c7bb5e29bccaf
.dll windows:5 windows x86 arch:x86

2e2dd59fecf91b093c5ba28336003a1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
ExitProcess
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
SetStdHandle
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
GetModuleHandleW
GlobalFlags
SetErrorMode
TlsFree
MoveFileExA
RemoveDirectoryA
GetLongPathNameA
GetTempFileNameA
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
WaitForSingleObject
ResumeThread
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileAttributesA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
GlobalAlloc
FormatMessageA
LocalFree
lstrlenW
MulDiv
lstrlenA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
LoadLibraryA
LoadLibraryExA
GetProcAddress
FreeLibrary
CopyFileA
GetTempPathA
GetCurrentProcessId
CreateDirectoryA
GetModuleHandleA
GetModuleFileNameA
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
GetFileAttributesExA
DeleteFileA
GetSystemDirectoryA
GetCurrentDirectoryA
CreateProcessA
OutputDebugStringA
InterlockedDecrement
GetLastError
SetLastError
Sleep
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
HeapDestroy
SizeofResource

user32

GetSysColorBrush
UnregisterClassA
GetMessageA
GetCursorPos
ValidateRect
PostQuitMessage
CharUpperA
DestroyMenu
GetWindowThreadProcessId
EndPaint
BeginPaint
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
RegisterWindowMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetMenuState
GetMenuItemID
GetMenuItemCount
EnableWindow
PtInRect
FillRect
GetSubMenu
GetWindowTextLengthA
GetWindowTextA
GetFocus
SetFocus
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
SetDlgItemTextA
SetMenu
GetClientRect
InvalidateRect
SetCapture
GetParent
EnableMenuItem
LoadIconA
ReleaseCapture
CopyRect
CharNextA
InvertRect
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
SendDlgItemMessageA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
DestroyWindow
MoveWindow
SetParent
ShowWindow
ScreenToClient
GetCapture
SetCursor
LoadCursorA
ShowScrollBar
GetScrollRange
SetScrollPos
GetScrollPos
ClientToScreen
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
LoadBitmapA
IsWindow
SetWindowPos
GetSystemMetrics
GetWindow
KillTimer
SetTimer
GetWindowRect
IsIconic
GetSystemMenu
SendMessageA
SetRect
DrawIcon
AppendMenuA

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateSolidBrush
MoveToEx
LineTo
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreatePalette
SelectPalette
RealizePalette
GetPixel
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectObject
SetWinMetaFileBits
DeleteEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
GetDIBits
PlayEnhMetaFile
GetEnhMetaFilePaletteEntries
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

shlwapi

PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA
PathFileExistsA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemFree
CLSIDFromString
CoCreateGuid

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocString
SysFreeString

gdiplus

GdipDrawImageRect
GdipDrawImageI
GdipDrawImageRectI
GdipCloneImage
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImageGraphicsContext
GdipSetImagePalette
GdipCreateBitmapFromGdiDib
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDeletePen
GdipDisposeImage
GdipCloneBrush
GdipFillRectangleI
GdipDrawLineI
GdipCreateFromHDC
GdipCreateLineBrush
GdipCreatePen1
GdipAlloc
GdipFree
GdipDeleteBrush
GdipDeleteGraphics
GdipGetImagePalette

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

ntohl
htonl
ntohs
htons

Exports

Exports

TGetPlugin

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e2dd59fecf91b093c5ba28336003a1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

gdiplus

version

ws2_32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 307KB - Virtual size: 307KB

.data Size: 28KB - Virtual size: 100KB

.rsrc Size: 181KB - Virtual size: 181KB

.reloc Size: 70KB - Virtual size: 69KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 307KB - Virtual size: 307KB

.data
Size: 28KB - Virtual size: 100KB

.rsrc
Size: 181KB - Virtual size: 181KB

.reloc
Size: 70KB - Virtual size: 69KB