a7e2be7859d2fc50c1b83df1fdba385618da6c127d44e083861b706a4f6bdb97

Sharing

Copy URL Twitter E-mail

General

Target

a7e2be7859d2fc50c1b83df1fdba385618da6c127d44e083861b706a4f6bdb97
Size

630KB
MD5

6879e5108e482784130b9d8527892dc1
SHA1

d1f2f2f310f857da0d3d33d5f8ecac23eed491a7
SHA256

a7e2be7859d2fc50c1b83df1fdba385618da6c127d44e083861b706a4f6bdb97
SHA512

8d7ba091e5d808cbff8ccd91a2cbed4f6389173ea8a3f64560f4968b655acca2d43ec4879af0422c7b26b04cf3f3e98f207abaacfd8cfe0977d9630689de19f9
SSDEEP

12288:Kt+uyuzlgKty5Ua5hsulFkeUA1/Fqwl3E490MHXWPIpmWormJ9FH8k47FRHo8UE:K+39XkmJ958k47FZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7e2be7859d2fc50c1b83df1fdba385618da6c127d44e083861b706a4f6bdb97

Files

a7e2be7859d2fc50c1b83df1fdba385618da6c127d44e083861b706a4f6bdb97
.dll windows:6 windows x64 arch:x64

84ec1073366d637e7400f0ce88a1dfea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetModuleFileNameW
FindClose
OpenProcess
CreateToolhelp32Snapshot
GetTimeZoneInformation
CloseHandle
Module32FirstW
Module32NextW
GetSystemTime
HeapSize
GetProcessHeap
SetEnvironmentVariableW
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
DeleteCriticalSection
DecodePointer
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetFilePointerEx
GetLastError
InitializeCriticalSectionEx
lstrlenW
LocalFree
lstrcmpA
LocalAlloc
lstrcpynW
SetStdHandle
CreateFileW
WriteConsoleW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
MultiByteToWideChar
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
RtlUnwind
GetModuleHandleW
GetProcAddress
EncodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapReAlloc
HeapAlloc
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx

advapi32

LookupAccountSidW
ConvertSidToStringSidW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantInit
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear

crypt32

CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptMsgOpenToDecode
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertOpenStore
CryptMsgUpdate

Exports

Exports

getData
getDescription
getSignature
init
notify
start
stop

Sections

.text
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84ec1073366d637e7400f0ce88a1dfea

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

advapi32

ole32

oleaut32

crypt32

Exports

Exports

Sections

.text Size: 480KB - Virtual size: 479KB

.rdata Size: 117KB - Virtual size: 116KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 18KB - Virtual size: 17KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 480KB - Virtual size: 479KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 18KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 3KB