c83c18b341fda25b229349b26204d947d6dbff4c6cf1e57ece021afa4db89388

Sharing

Copy URL Twitter E-mail

General

Target

c83c18b341fda25b229349b26204d947d6dbff4c6cf1e57ece021afa4db89388
Size

1.7MB
MD5

53e506297cbc1cd2a6ee25f2e6af823b
SHA1

06a094c07d6ab0e30eee884b24e14b11f2636a4f
SHA256

c83c18b341fda25b229349b26204d947d6dbff4c6cf1e57ece021afa4db89388
SHA512

9a49bee0bedadb62ec9bb84c9d8ceb41fc5b866adf4a600ffbc877072559954b170bd6d84a2685d72859671609198c83dd42ffea95175adee0c490d56398cd13
SSDEEP

49152:WfzlEo3lH+4zaHvYt2KMKQdVYKdDs08vFO+x:WfWoVH+Qt2AmRQ0o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c83c18b341fda25b229349b26204d947d6dbff4c6cf1e57ece021afa4db89388

Files

c83c18b341fda25b229349b26204d947d6dbff4c6cf1e57ece021afa4db89388
.dll windows:5 windows x86 arch:x86

de2add4cb0f630a81a201a587a8e6429

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FileEncryptionStatusW
StartServiceA
ImpersonateNamedPipeClient
IsValidAcl

version

GetFileVersionInfoSizeA
GetFileVersionInfoW

user32

CreateIconFromResourceEx
CreateWindowExA
TranslateAcceleratorA
ShowWindowAsync
EndDeferWindowPos
GetUpdateRgn
CallNextHookEx
RegisterWindowMessageA
PostQuitMessage

clusapi

ClusterCloseEnum

imm32

ImmGetProperty
ImmSetCompositionStringW

kernel32

OutputDebugStringA
GetModuleHandleA
LoadLibraryA
SetThreadPriorityBoost
Sleep
GetLargestConsoleWindowSize
IsValidLocale
UnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetModuleHandleW
ExitProcess
SetFilePointer
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetLastError
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
RtlUnwind
HeapAlloc
HeapReAlloc
GetProcAddress
VirtualFree
VirtualAlloc
GetModuleFileNameA
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CloseHandle
LoadLibraryW
GetLocaleInfoA
CreateFileA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
Process32FirstW
DeleteCriticalSection

lz32

LZCopy

shell32

SHOpenFolderAndSelectItems
SHGetFolderPathAndSubDirW
SHGetFileInfoA
SHGetSpecialFolderLocation
DoEnvironmentSubstW
SHBrowseForFolderA

wintrust

CryptCATAdminCalcHashFromFileHandle

iphlpapi

CreateIpForwardEntry

ws2_32

select

winspool.drv

AddPrintProvidorW
GetPrinterDataExW
SetJobW

oleaut32

SafeArrayAllocDescriptorEx

winmm

mixerGetLineControlsA
mmioCreateChunk
mixerGetControlDetailsA
timeEndPeriod

mscms

OpenColorProfileA

ole32

CoQueryClientBlanket
CreateStreamOnHGlobal
CoCancelCall

secur32

QueryContextAttributesW

shlwapi

StrChrIA

wininet

InternetOpenW
InternetReadFile
FtpOpenFileA

setupapi

SetupDiEnumDeviceInfo

gdi32

GetCharacterPlacementA
CombineRgn
GetPixelFormat
GetWinMetaFileBits
EndDoc
GetTextAlign

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de2add4cb0f630a81a201a587a8e6429

Headers

File Characteristics

Imports

advapi32

version

user32

clusapi

imm32

kernel32

lz32

shell32

wintrust

iphlpapi

ws2_32

winspool.drv

oleaut32

winmm

mscms

ole32

secur32

shlwapi

wininet

setupapi

gdi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB