78082b0209436e5893c96b4703b0884b

Sharing

Copy URL Twitter E-mail

General

Target

78082b0209436e5893c96b4703b0884b
Size

445KB
MD5

78082b0209436e5893c96b4703b0884b
SHA1

98f7b6f7e79bdb897ec50d8ec655a722cbb88f8e
SHA256

23e1d47299005eda55a05feee68b2c829ac8dedca361b0b6f2f0aae7fea587bd
SHA512

cc1b2145d088fd2ec6e9b22b2a185ace567890d75c0e45fe4d3c6d8d33711bb3c630b0ddc8d2470bff3803b2083ee222c350a93ddd6b3730c3af1b6b773486ac
SSDEEP

12288:oRXSxM+rToa4i/35Uonwesj5SqoH6rlRESZ:oRiLXo0/hnjsjL+6LEQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78082b0209436e5893c96b4703b0884b

Files

78082b0209436e5893c96b4703b0884b
.dll windows:5 windows x86 arch:x86

2b3555dd6388c5a90d2c8810ad35d770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
CharLowerA
CharPrevA
CopyRect
CreateDialogParamA
CreateIcon
CreateIconFromResource
CreatePopupMenu
DestroyMenu
DestroyWindow
DispatchMessageA
DrawStateA
EnableMenuItem
UpdateWindow
SendMessageA
BeginPaint
GetWindowTextA
GetDlgItem
GetCursor

userenv

DestroyEnvironmentBlock
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetProfilesDirectoryW
LeaveCriticalPolicySection
RegisterGPNotification
UnregisterGPNotification

ntdll

RtlpNtCreateKey
ZwFlushInstructionCache
ZwFreeUserPhysicalPages
ZwPrivilegedServiceAuditAlarm
RtlVerifyVersionInfo
RtlUnwind
RtlTraceDatabaseCreate
RtlQueryEnvironmentVariable_U
RtlNtStatusToDosError
RtlLookupElementGenericTable
RtlGetProcessHeaps
RtlEmptyAtomTable
NtSetIoCompletion
NtQuerySymbolicLinkObject
NtQueryDefaultUILanguage
NtCreateSymbolicLinkObject
NtCallbackReturn
DbgUiConnectToDbg
RtlCustomCPToUnicodeN

version

VerInstallFileA
VerQueryValueA
GetFileVersionInfoA

kernel32

_hwrite
WritePrivateProfileStructW
WritePrivateProfileStringW
WritePrivateProfileSectionA
VerLanguageNameW
VerLanguageNameA
SleepEx
Sleep
SetLastError
SetInformationJobObject
SetCommMask
Process32First
MapViewOfFile
LocalSize
LocalFree
IsDebuggerPresent
HeapWalk
HeapReAlloc
HeapAlloc
GlobalReAlloc
GetVolumePathNameA
GetVolumeNameForVolumeMountPointA
GetTickCount
GetThreadPriority
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemDirectoryA
GetSystemDefaultLCID
GetPrivateProfileIntW
GetLogicalDriveStringsW
GetLocaleInfoA
GetFileSize
GetEnvironmentStringsA
GetCommandLineA
FindNextFileW
GetProcAddress
ExpandEnvironmentStringsA
ExitProcess
EnumDateFormatsW
DeleteFileA
DefineDosDeviceA
BeginUpdateResourceA
BackupRead
GetProcessIoCounters
GetProcessTimes
GetProfileIntA
GetQueuedCompletionStatus

Exports

Exports

AslbmbmhQDrYnkTcMg
CvdVdvizmbilz
CvvZwqiqpqilwsJmNup
RczevmuTzo
UpkIPpjqlr
YhujHaryub
cPQ
dfT
doJiqduTouYnitgkf
ghfronm
nagwjaamtudgojb
njqoucNmb
oQoDihDyfiNvkztNc
shxlvFeotguk
usaH
wDufiriYjjthmMXoxz
xbprAhjkqjgvHKjhmk
zsygxgkhhspmulOzga

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b3555dd6388c5a90d2c8810ad35d770

Headers

DLL Characteristics

File Characteristics

Imports

user32

userenv

ntdll

version

kernel32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.data Size: 362KB - Virtual size: 671KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 55KB - Virtual size: 55KB

.data
Size: 362KB - Virtual size: 671KB

.rsrc
Size: 26KB - Virtual size: 26KB