20b0ffe36b89f72f4f205e296ceb1f1b3473d43e2d4059ec3baa4628405a0ca5

Sharing

Copy URL Twitter E-mail

General

Target

20b0ffe36b89f72f4f205e296ceb1f1b3473d43e2d4059ec3baa4628405a0ca5
Size

1.6MB
MD5

b1017486d797a282b6e77df331f98787
SHA1

9409f8804a77b963d217fb8443b7b66f2a50fa21
SHA256

20b0ffe36b89f72f4f205e296ceb1f1b3473d43e2d4059ec3baa4628405a0ca5
SHA512

dc18c0a77d2208d0a6ab56f86ce5eb47a938927b8cc6fa2e52d0a117909b29c7d38025f4e0811e177f4d2e6b71b332e705ad195533279627bc0cde882285742b
SSDEEP

49152:imB+wgQoJz5cYCA5lIbaRXWUD0/VL16ZsHU:bmRXWJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20b0ffe36b89f72f4f205e296ceb1f1b3473d43e2d4059ec3baa4628405a0ca5

Files

20b0ffe36b89f72f4f205e296ceb1f1b3473d43e2d4059ec3baa4628405a0ca5
.dll windows:6 windows x86 arch:x86

714c1646e3a223c2ddced93621034acc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetModuleHandleExA
FreeLibrary
GetModuleFileNameA
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetProcAddress
LoadLibraryA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
SetEndOfFile
CreateFileW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InitializeCriticalSectionEx
Sleep
GetLocaleInfoEx
GetStringTypeW
HeapAlloc
GetLastError
HeapFree
HeapReAlloc
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
ExitProcess
AreFileApisANSI
HeapSize
WriteFile
GetProcessHeap
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
IsValidCodePage
GetACP
GetOEMCP
SetLastError
InitOnceExecuteOnce
GetStartupInfoW
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CloseHandle
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
SetFilePointer
GetUserDefaultLocaleName
LCMapStringEx
IsValidLocaleName
EnumSystemLocalesEx
ReadConsoleW
SetStdHandle

ws2_32

inet_addr

Exports

Exports

CreateDLMessageParser
FreeDLMessageParser
RegisterWriteLogCallBack
SetFilterXmlConfigFilePathInterface
SetFilterXmlConfigVersionInterface

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

714c1646e3a223c2ddced93621034acc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 104KB - Virtual size: 112KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 67KB - Virtual size: 66KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 104KB - Virtual size: 112KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 67KB - Virtual size: 66KB