97adc5a62c41708933bb0835535c405e

Sharing

Copy URL Twitter E-mail

General

Target

97adc5a62c41708933bb0835535c405e
Size

5.8MB
MD5

97adc5a62c41708933bb0835535c405e
SHA1

ecdbace2d9e72e2b80fd1540fe29f6042c4aa306
SHA256

3dff771c2cb0d3be27fa170f6414cca9c98bc12d5e95a906c36c75023d562095
SHA512

ac935cd6b36ca5b955736d35997eccecd6335e049c5ff6fecce229affa198fa8c264e926d5c84a7efa5604ed5df879f3bb105882de322acff4b1e2ed93d54c39
SSDEEP

98304:jehnbuEQfL4YY4hOXs236pD/MUr0YtpcvCHGlr1R4STpML4N+VG5jsne4:ibuEQfUGhOc23qI/mgCHGRvFQG5N4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97adc5a62c41708933bb0835535c405e

Files

97adc5a62c41708933bb0835535c405e
.dll windows:5 windows x86 arch:x86

eac588c68a744e9c0dc4b7b2ea66ac5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

PlaySoundW

wininet

FindFirstUrlCacheEntryW

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

shell32

SHGetSpecialFolderLocation

user32

DdeSetUserHandle
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

version

GetFileVersionInfoSizeW

oleaut32

GetErrorInfo

advapi32

RegSetValueExW

netapi32

NetWkstaGetInfo

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser

kernel32

GetVersion
GetVersionExW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shfolder

SHGetFolderPathW

wsock32

gethostbyaddr

ole32

OleRegEnumVerbs

gdi32

Pie

ntdll

RtlCompressBuffer

wtsapi32

WTSSendMessageW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
g4RSDWgdWrGv2L568

Sections

[^c+^<Ro
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

s1`UuT&N
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

G6`$s:t
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

il5OTv J
Size: - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1K_:v
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IAhO4-hZ
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cis[pXK+
Size: - Virtual size: 187B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Tt_e?iS
Size: - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Ha-,`V&$
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

!UFMZ91<
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

a6d4#[i
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

8O%i8%w:
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eac588c68a744e9c0dc4b7b2ea66ac5a

Headers

File Characteristics

Imports

winmm

wininet

winspool.drv

comctl32

shell32

user32

version

oleaut32

advapi32

netapi32

msvcrt

winhttp

kernel32

shfolder

wsock32

ole32

gdi32

ntdll

wtsapi32

Exports

Exports

Sections

[^c+^<Ro Size: - Virtual size: 4.5MB

s1`UuT&N Size: - Virtual size: 10KB

G6`$s:t Size: - Virtual size: 78KB

il5OTv J Size: - Virtual size: 36KB

1K_:v Size: - Virtual size: 17KB

IAhO4-hZ Size: - Virtual size: 3KB

cis[pXK+ Size: - Virtual size: 187B

Tt_e?iS Size: - Virtual size: 69B

Ha-,`V&$ Size: - Virtual size: 2.6MB

!UFMZ91< Size: 5.8MB - Virtual size: 5.8MB

a6d4#[i Size: 1KB - Virtual size: 1KB

8O%i8%w: Size: 1024B - Virtual size: 624B

[^c+^<Ro
Size: - Virtual size: 4.5MB

s1`UuT&N
Size: - Virtual size: 10KB

G6`$s:t
Size: - Virtual size: 78KB

il5OTv J
Size: - Virtual size: 36KB

1K_:v
Size: - Virtual size: 17KB

IAhO4-hZ
Size: - Virtual size: 3KB

cis[pXK+
Size: - Virtual size: 187B

Tt_e?iS
Size: - Virtual size: 69B

Ha-,`V&$
Size: - Virtual size: 2.6MB

!UFMZ91<
Size: 5.8MB - Virtual size: 5.8MB

a6d4#[i
Size: 1KB - Virtual size: 1KB

8O%i8%w:
Size: 1024B - Virtual size: 624B