9923d5fa3d6b257b919d0251346cde70874de875b5ba129168534825fc886bd8

Sharing

Copy URL Twitter E-mail

General

Target

9923d5fa3d6b257b919d0251346cde70874de875b5ba129168534825fc886bd8
Size

1.7MB
MD5

012bad30fa58a591f6bc2d94d1ba00b1
SHA1

4d1c4f9abfaf69d1bdd78eca3b6b4ca5c7207b8a
SHA256

9923d5fa3d6b257b919d0251346cde70874de875b5ba129168534825fc886bd8
SHA512

2e1347e14c8429349547adc19996576cf4137094ba011911cd4450f81ff51a52c02916edeeafd6d503851741cd4bcf440d6db752eeddd50c2276fc2fb3982380
SSDEEP

49152:lp7QXO/6atoWSGuBqvmjjyI5DC/rZOof3Th:nVtoWYBqvgjBlC0W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9923d5fa3d6b257b919d0251346cde70874de875b5ba129168534825fc886bd8

Files

9923d5fa3d6b257b919d0251346cde70874de875b5ba129168534825fc886bd8
.dll windows:6 windows x86 arch:x86

70217aa62329fa86173c2de16b5b707a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegSetValueExA

user32

SetClipboardData
GetClipboardData
CallWindowProcA
FindWindowA
SetWindowLongA
GetKeyState
LoadCursorA
GetDC
MonitorFromWindow
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
ReleaseCapture
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard

kernel32

GetDateFormatW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetFileType
GetStdHandle
GetFileSizeEx
GetModuleHandleA
VirtualProtect
VirtualFree
VirtualAlloc
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceCounter
Sleep
CreateThread
VirtualQuery
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
DisableThreadLibraryCalls
MulDiv
FindFirstFileA
FindNextFileA
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLastError
GetCurrentThread
VirtualProtectEx
ReadConsoleW
SetLastError
GetTimeFormatW
LoadLibraryExA
LoadLibraryExW
FormatMessageA
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TerminateProcess
SetConsoleCtrlHandler
IsValidLocale
GetUserDefaultLCID
FreeLibrary
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
VirtualQueryEx
GetModuleFileNameW
GetModuleHandleExW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
ReadFile
ExitProcess
OutputDebugStringW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

gdi32

ExtTextOutA
CreateFontA
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
DeleteDC
SetTextColor
SetBkColor
DeleteObject
SetMapMode
SetTextAlign
GetDeviceCaps

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70217aa62329fa86173c2de16b5b707a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

imm32

gdi32

d3dx9_43

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 15KB - Virtual size: 45KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 15KB - Virtual size: 45KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.reloc
Size: 44KB - Virtual size: 43KB