3aa571e2c37f857fa2d44c74246861540d275ce58fd5a5cb2bce38a2f5b5872f

Sharing

Copy URL Twitter E-mail

General

Target

3aa571e2c37f857fa2d44c74246861540d275ce58fd5a5cb2bce38a2f5b5872f
Size

240KB
MD5

ef6d0e7d16d72f1b927613148561e4d9
SHA1

e16d0e0d0d62d93bf7b0465f91f862acb81c12c5
SHA256

3aa571e2c37f857fa2d44c74246861540d275ce58fd5a5cb2bce38a2f5b5872f
SHA512

b3f33ff13b5e696d692ad3a1f7a9eef37fb8b2ad43a038a0c7f6e8c96db6b32dfa30845a5be7a054a41dc5b0d81d457ace4b01d6a898d6cf4d6e9fdee5e1d757
SSDEEP

3072:NmybuLkbiPXYu+MY3XpLd8VnQtyCCxEvRWCWa+NTPdJu6lhA0kSSs:NmpLkifY/MWXYQ3ntAm6x6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aa571e2c37f857fa2d44c74246861540d275ce58fd5a5cb2bce38a2f5b5872f

Files

3aa571e2c37f857fa2d44c74246861540d275ce58fd5a5cb2bce38a2f5b5872f
.dll windows:6 windows x86 arch:x86

82accfed58fe4bf25f4d5bb69df8e978

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetTimeZoneInformation
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
SystemTimeToFileTime
GetLocalTime
WaitForSingleObject
GetTickCount
TerminateThread
GetModuleFileNameA
CreateEventA
SetCommMask
WaitCommEvent
CloseHandle
ResumeThread
CreateFileA
SetupComm
ClearCommError
GetCommState
WriteFile
SetCommState
SetCommTimeouts
ReadFile
GetOverlappedResult
GetCommTimeouts
PurgeComm
Sleep
GetLastError
SetEndOfFile
CreateFileW
SetStdHandle
ReadConsoleW
EnumSystemLocalesEx
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InitializeCriticalSectionEx
GetLocaleInfoEx
GetStringTypeW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapFree
HeapAlloc
HeapReAlloc
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
ExitProcess
AreFileApisANSI
HeapSize
OutputDebugStringW
LoadLibraryW
IsValidCodePage
GetACP
GetOEMCP
SetLastError
InitOnceExecuteOnce
GetStartupInfoW
GetProcessHeap
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
CompareStringEx
GetUserDefaultLocaleName
LCMapStringEx
IsValidLocaleName
SetEnvironmentVariableA

Exports

Exports

ConnectDevice
CreateDeviceHandle
DeviceLost
DisconnectDevice
FreeDeviceHandle
GainVersion
GetDeviceState
PauseLog
ReadBuffer
ReadBufferType
ReadedData
RestoreLog
ResumeLog
SetDeviceConfigs
SetReadIOInterval
StartLog
StopLog

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82accfed58fe4bf25f4d5bb69df8e978

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 34KB