57b3624685ae3c08e3bb8fd9f3565846c14e18e869762161d7a26514717be373

Sharing

Copy URL Twitter E-mail

General

Target

57b3624685ae3c08e3bb8fd9f3565846c14e18e869762161d7a26514717be373
Size

1.2MB
MD5

8c6673d6902594da791a5924a8ec1666
SHA1

6c13840835884d76a1b70e59f14e72cc8b53df86
SHA256

57b3624685ae3c08e3bb8fd9f3565846c14e18e869762161d7a26514717be373
SHA512

930ce104a650d75fbe6f43f2637d22ec36c54a62678227dd25bdb8728148a100023557fcba915a6da6ff85f82c33aed2fd21b111c0b0d31c9d289fecf07d96d3
SSDEEP

24576:qGtlqfe0gOBq9LPM/BeMKzT5g4RKTETbbUn27KMRjNyjJTAH3VG3:qGtlqfeEBq0K5g4cTETbb02NyjJTSg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57b3624685ae3c08e3bb8fd9f3565846c14e18e869762161d7a26514717be373

Files

57b3624685ae3c08e3bb8fd9f3565846c14e18e869762161d7a26514717be373
.dll windows:5 windows x64 arch:x64

d13c657a4dbd412a927d1687846959dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetUserDefaultLCID
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
GetCurrentProcessId
GetSystemWindowsDirectoryW
GetVersionExW
LockResource
FreeResource
SetFilePointerEx
GetFileSizeEx
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
HeapDestroy
HeapSize
GetProcessHeap
FindResourceExW
lstrcmpA
LocalFree
GetFileSize
WriteFile
SetFilePointer
GetLocalTime
GetCurrentThreadId
FlushFileBuffers
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
MoveFileExW
QueryPerformanceCounter
LockFileEx
UnlockFileEx
MapViewOfFile
GetFileType
lstrlenW
ReleaseMutex
GetACP
lstrlenA
LocalFileTimeToFileTime
lstrcmpiA
GetCurrentProcess
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
Sleep
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
OpenThread
HeapWalk
HeapUnlock
HeapLock
CreateFileA
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
lstrcatW
GlobalMemoryStatus
RtlVirtualUnwind
GetStdHandle
GetCPInfo
GetStringTypeW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
GetFileAttributesW
CreateFileW

user32

CharNextW
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr

shlwapi

SHGetValueA
PathFileExistsW
StrTrimA
StrRChrW
PathAppendW
PathCombineW
StrCmpNIW
StrStrIW
StrCmpIW
StrStrIA
SHSetValueA
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptMsgControl
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptDecodeObjectEx
CertFreeCertificateChain
CryptDecodeObject
CertAddStoreToCollection
CertOpenStore
CertCloseStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CertOpenSystemStoreW
CryptMsgGetParam
CertGetCertificateChain

iphlpapi

GetAdaptersInfo

Exports

Exports

CreateObject
InitLibs

Sections

.text
Size: 851KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d13c657a4dbd412a927d1687846959dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

crypt32

iphlpapi

Exports

Exports

Sections

.text Size: 851KB - Virtual size: 850KB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 68KB - Virtual size: 84KB

.pdata Size: 34KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 851KB - Virtual size: 850KB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 68KB - Virtual size: 84KB

.pdata
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB