7f6137fabf500d612de2f03b36ae1890

Sharing

Copy URL Twitter E-mail

General

Target

7f6137fabf500d612de2f03b36ae1890
Size

282KB
MD5

7f6137fabf500d612de2f03b36ae1890
SHA1

50545e45dbee53ceaea5c3a7a23c6a61411fa465
SHA256

cb7af994f66aa2e10dfe4ab7521bfc750cd0b17f33404449df9150231691db7e
SHA512

b2868045b427cfeda301afd6b9d9c1571123c9e01fec0e2f8daf40f3f8bdad183a05667e269268fb480a0d0b6b38c3e1257970b22c193329504faa7bb94176a1
SSDEEP

6144:BfgMTSV3chL1l20Hta4jEy5stXcLOakz3lnAj728RyI0aDmB/k:tfSRchL1E0EQEWstXAOakzlnA3yI7Dc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f6137fabf500d612de2f03b36ae1890

Files

7f6137fabf500d612de2f03b36ae1890
.dll windows:4 windows x64 arch:x64

fe8cdb2af5504fb44b5423046ea1aeca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

RtlEqualUnicodeString
memcmp
_strupr
ZwQueryInformationProcess
ZwQueryKey
NtGetContextThread
NtSuspendProcess
NtSetContextThread
RtlNtStatusToDosError
NtResumeProcess
NtSetInformationProcess
_wcsnicmp
ZwClose
NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
NtQueryInformationProcess
NtQueryDirectoryFile
memmove
NtQueryObject
NtQuerySystemInformation
RtlInitUnicodeString
NtQueryInformationFile
ZwOpenProcess
ZwQueryInformationToken
ZwOpenProcessToken
_strnicmp
LdrFindEntryForAddress
strcpy
memset
memcpy
__chkstk
__C_specific_handler
WriteProcessMemory
SystemTimeToFileTime
RaiseException
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetSystemInfo
LocalAlloc
HeapReAlloc
SwitchToThread
RemoveVectoredExceptionHandler
CreateEventA
HeapAlloc
HeapDestroy
HeapCreate
AddVectoredExceptionHandler
HeapFree
SetEvent
GetCurrentThreadId
GetVersion
GetLastError
SetLastError
WideCharToMultiByte
lstrlenA
lstrcmpiW
lstrcatW
lstrcatA
MultiByteToWideChar
lstrlenW
LocalFree
lstrcpyW
lstrcpyA
DeleteCriticalSection
WaitForSingleObject
CloseHandle
CreateThread
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
LeaveCriticalSection
CreateMutexA
GetCurrentProcessId
GetComputerNameW
lstrcpynA
lstrcpynW
lstrcmpiA
SetEnvironmentVariableW
SetUnhandledExceptionFilter
GetProcAddress
OpenProcess
Sleep
WaitForMultipleObjects
SetErrorMode
TerminateProcess
LoadLibraryA
ReleaseMutex
CreateDirectoryW
IsBadReadPtr
GlobalDeleteAtom
GlobalAddAtomA
IsBadStringPtrA
VirtualProtect
lstrcmpA
VirtualQuery
GetCurrentProcess
FreeLibrary
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetVersionExW
CreateFileA
GetFileSize
ReadFile
CreateFileW
SetFilePointer
SetEndOfFile
GetTempPathW
GetLongPathNameW
WriteFile
ReadProcessMemory
GetModuleFileNameA
SetWaitableTimer
VirtualAlloc
VirtualAllocEx
VirtualFree
GetThreadContext
SuspendThread
ResumeThread
VirtualProtectEx
FindClose
FindNextFileW
FindFirstFileW
lstrcmpW
GetFileAttributesExW
CopyFileW
GetEnvironmentVariableW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
OpenEventA
GetSystemWindowsDirectoryA
RemoveDirectoryW
DuplicateHandle
SetFilePointerEx
DeleteFileW
GetFileInformationByHandleEx
SetFileInformationByHandle
GetProcessId
MulDiv
GetTickCount
GetSystemTimeAsFileTime
GetProcessTimes
VerLanguageNameW
GetLocaleInfoW
CancelWaitableTimer
CreateWaitableTimerA
WaitForSingleObjectEx
ResetEvent
OpenThread
GetSystemTime
AcceptEx
GetAcceptExSockaddrs

Exports

Exports

PluginRegisterCallbacks
VncStartServer
VncStopServer

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe8cdb2af5504fb44b5423046ea1aeca

Headers

File Characteristics

Imports

Exports

Exports

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 26KB - Virtual size: 30KB

.pdata Size: 7KB - Virtual size: 6KB

.bss Size: 18KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 26KB - Virtual size: 30KB

.pdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 18KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB