8d6176fcf82636079e8549a3a8031d42

Sharing

Copy URL

Twitter E-mail

General

Target

8d6176fcf82636079e8549a3a8031d42
Size

248KB
MD5

8d6176fcf82636079e8549a3a8031d42
SHA1

63555ebdd633b787d7840b4ed7a6e99bb042a123
SHA256

44047c38c2ff4c384d37ad4a413cae1aa432562c8c4edc21a5a92dcab8dfc47a
SHA512

017a072af6bb0262f713594fca0e7ee10922f12b62547373acd157987f4e27e7eda6e902a54589ac84a1d7c314fa87cd530b652d2d4ffd2707890968fd33a509
SSDEEP

6144:GzAGZT/pvktMy9CyzGho11UUfqOhXklaHx1:oAGZLpvcMyUapHft

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d6176fcf82636079e8549a3a8031d42

Files

8d6176fcf82636079e8549a3a8031d42
.dll windows:6 windows x64 arch:x64

4fc7a546fc55c10f3fee06f607453905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
LocalFree
LocalAlloc
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetTickCount
GetSystemTime
CreateThread
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetLastError
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

advapi32

RevertToSelf
BuildTrusteeWithSidA
GetExplicitEntriesFromAclA
CredFree
CredDeleteW
CredEnumerateW
ConvertSidToStringSidW
SaferGetLevelInformation
SaferCloseLevel
SaferCreateLevel
OpenTraceA
CloseTrace
LsaStorePrivateData
LsaSetForestTrustInformation
LsaLookupNames
LsaOpenPolicy
LsaClose
LsaFreeMemory
QueryServiceLockStatusW
OpenProcessToken
GetLengthSid
GetPrivateObjectSecurity
ImpersonateLoggedOnUser
InitializeAcl
OpenSCManagerW
DeregisterEventSource
RegisterEventSourceA
CloseServiceHandle
OpenServiceW

shlwapi

UrlIsA
StrCmpNIW
PathSearchAndQualifyA
PathMakePrettyA
PathIsLFNFileSpecW
PathCanonicalizeW
StrNCatA
PathUnExpandEnvStringsA
PathFindExtensionA
SHRegGetValueA
SHDeleteEmptyKeyW

dbghelp

FindDebugInfoFileEx
FindDebugInfoFile
SearchTreeForFile
StackWalk64
SymCleanup
SymGetLineFromAddr64
SymGetLinePrev64
SymGetFileLineOffsets64
SymMatchFileName
SymFindFileInPath
SymInitialize
SymFromName
SymGetSymPrev64
SymGetTypeInfo
SymFromAddr

winmm

mmioClose
mixerGetID
mixerGetLineControlsA
mixerGetControlDetailsA
mixerOpen
joyGetDevCapsA
mmioOpenW
mmioOpenA
mciGetYieldProc
mciGetCreatorTask
mixerGetNumDevs
midiInGetID
midiInAddBuffer
midiInGetErrorTextA
midiInGetNumDevs
midiOutGetID
midiOutClose
midiOutOpen
midiOutGetErrorTextA
midiDisconnect
midiConnect
midiOutGetNumDevs
mmioAscend
mmioDescend
timeGetTime
mciSetYieldProc
mciGetErrorStringA
mciGetDeviceIDW
mciGetDeviceIDA
mciSendStringA
mmioRead
mixerClose

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_exception_destroy
__std_type_info_destroy_list
__C_specific_handler
memset
memmove
memcpy
memcmp
memchr
_CxxThrowException
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

_wcsnicmp
wcsncpy
strncpy
wcsncat
isdigit
isxdigit
isspace
strncat

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-convert-l1-1-0

_ultoa
_itoa
strtoul
_ultow
strtol
strtod

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vfprintf

api-ms-win-crt-math-l1-1-0

tan
sqrt
modf
_isnan
acos
asin
atan
atan2
ceil
cos
sin

Exports

Exports

CMP2_Init

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ted_data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fc7a546fc55c10f3fee06f607453905

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

dbghelp

winmm

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

ted_data Size: 512B - Virtual size: 512B

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 512B - Virtual size: 84B

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

ted_data
Size: 512B - Virtual size: 512B

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 512B - Virtual size: 84B