70f2370fcb4013fff9d0bf76a09dd025

Sharing

Copy URL

Twitter E-mail

General

Target

70f2370fcb4013fff9d0bf76a09dd025
Size

834KB
MD5

70f2370fcb4013fff9d0bf76a09dd025
SHA1

2f2271470ee0ceec34e9ffacf4192d4f27512b16
SHA256

b69ceae63da81684fc35af5fd247adbebac09e4129feb1ec3786e55cfbc8324a
SHA512

086b68ffde29d35f6460d9e19f506fb02c1e0913749ae951246bf1d822550ca635c792073d92fb4220b17b4b60fcda5b0bec0440e92fb5b39927014450aa84ea
SSDEEP

12288:941Y6silSAjKEhmERg2As41AE+6DS0fkOJ4AV0pVPfDCCQEO5L/Eb/11kKI:KsilJUwAsKrf33q3P7CLEq/w1w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70f2370fcb4013fff9d0bf76a09dd025

Files

70f2370fcb4013fff9d0bf76a09dd025
.dll windows:6 windows x64 arch:x64

9c6b9a7c067251c13e0630866a232123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CompareStringW
CopyFileA
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindFirstFileExW
FindNextFileA
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTempPathW
GetTickCount
GetTimeZoneInformation
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
K32GetModuleFileNameExA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFile
OpenProcess
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetPriorityClass
SetStdHandle
SetThreadIdealProcessor
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpiA

user32

AppendMenuA
BringWindowToTop
CallNextHookEx
ChangeClipboardChain
CheckMenuItem
ChildWindowFromPointEx
CloseClipboard
CloseDesktop
CloseWindow
CreateDesktopA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
EnumChildWindows
EnumDesktopWindows
FindWindowExA
GetAncestor
GetClassNameA
GetClientRect
GetClipboardData
GetDesktopWindow
GetIconInfo
GetMessageA
GetParent
GetSystemMetrics
GetThreadDesktop
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InsertMenuA
InvalidateRect
IsIconic
IsWindow
IsWindowVisible
IsZoomed
LoadCursorA
MoveWindow
NotifyWinEvent
OpenClipboard
OpenDesktopA
OpenWindowStationA
PostMessageA
PostMessageW
PostQuitMessage
PrintWindow
RedrawWindow
RegisterClassA
ReleaseDC
ScreenToClient
SendMessageA
SetClipboardData
SetClipboardViewer
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetProcessWindowStation
SetThreadDesktop
SetWinEventHook
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowWindow
TrackPopupMenu
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UpdateWindow
WindowFromPoint

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shell32

ExtractAssociatedIconA
ExtractIconExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA

advapi32

AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
GetTokenInformation
InitializeSecurityDescriptor
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RegCloseKey
RegEnumKeyA
RegEnumValueA
RegGetValueA
RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl

gdi32

BitBlt
CreateBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
GetPixel
SelectObject
SetTextColor
StretchBlt
TextOutA

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantClear

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

gdiplus

GdipAlloc
GdipCloneBitmapAreaI
GdipCloneImage
GdipCreateBitmapFromGdiDib
GdipDisposeImage
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdiplusShutdown
GdiplusStartup

ws2_32

WSACleanup
WSACreateEvent
WSAGetLastError
WSAGetOverlappedResult
WSARecv
WSAResetEvent
WSAStartup
WSAWaitForMultipleEvents
closesocket
connect
htons
inet_addr
inet_ntoa
ntohs
recv
send
setsockopt
socket

crypt32

CryptUnprotectData

Exports

Exports

CloseInfo
Control
FreeBuffer
NetServerStart
NetServerStop
Release
SetupInfo
Start
Stop
UpdateData

Sections

.text
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SHARDAT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 36B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 42B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c6b9a7c067251c13e0630866a232123

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

shell32

advapi32

gdi32

oleaut32

comctl32

rpcrt4

gdiplus

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 686KB - Virtual size: 686KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 20KB - Virtual size: 19KB

.00cfg Size: 512B - Virtual size: 40B

.SHARDAT Size: 512B - Virtual size: 16B

.gehcont Size: 512B - Virtual size: 20B

.retplne Size: 512B - Virtual size: 36B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 512B - Virtual size: 42B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 686KB - Virtual size: 686KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 20KB - Virtual size: 19KB

.00cfg
Size: 512B - Virtual size: 40B

.SHARDAT
Size: 512B - Virtual size: 16B

.gehcont
Size: 512B - Virtual size: 20B

.retplne
Size: 512B - Virtual size: 36B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 42B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 4KB - Virtual size: 4KB