994a3a010b036f5468a5ae8658ddabce

General

Target

994a3a010b036f5468a5ae8658ddabce
Size

80KB
MD5

994a3a010b036f5468a5ae8658ddabce
SHA1

4c0468fcf563183289458a5bb3b6730682259ef9
SHA256

3959508c9422984a44b9ed34b8f18d7d3a3f1902e2df03868da43c2daa122bb2
SHA512

2dba90278d5646a60a8b3904ace2166cb7f303078a1b835ea794d645453f59365930d58937df2d7efe2c55feb525e5406f5e0fcc678f7b47c7b5a2623ab66fd5
SSDEEP

1536:8AcRx2z7zKa1O9LBT8sRzDxNb+VXb/E1zaCiBojkgmnO:ZvT1OPThRpNb+VoLiajkzn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
994a3a010b036f5468a5ae8658ddabce

Files

994a3a010b036f5468a5ae8658ddabce
.dll windows:4 windows x86 arch:x86

cae6bebb53cc1a4a4a2d96d906a47596

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
LoadLibraryA
HeapFree
GetProcessHeap
GetProcAddress
GetCurrentProcessId
WaitForSingleObject
GetComputerNameA
GetModuleHandleA
Sleep
CreateFileA
CloseHandle
lstrlenW
UnmapViewOfFile
GetStringTypeExA
FindFirstChangeNotificationA
SetConsoleTextAttribute
OpenProcess
SystemTimeToFileTime
GetTempPathA
FindFirstChangeNotificationW
ExitProcess
GetNumberFormatW
PeekConsoleInputW
DnsHostnameToComputerNameW
GlobalAddAtomW
QueueUserAPC
FindFirstFileExW
EnumResourceNamesW
SetSystemTime
WriteProfileStringW
GetTapeParameters
SleepEx
FindFirstVolumeMountPointW
FreeConsole
ConnectNamedPipe
CreateJobObjectW
LocalUnlock
TerminateThread
GetNumberFormatA
CancelWaitableTimer
HeapReAlloc
LoadResource
IsBadReadPtr
IsValidLanguageGroup
lstrcpyW
GlobalReAlloc
GetQueuedCompletionStatus
RaiseException
lstrcatA
CreateThread

ole32

CoImpersonateClient
CoGetObjectContext
CoFreeUnusedLibraries
CreateGenericComposite
CreateItemMoniker
CoDisableCallCancellation
StgIsStorageILockBytes
OleLockRunning
CoGetCallContext
CoReleaseMarshalData
CoFreeUnusedLibrariesEx
IIDFromString
CoTaskMemAlloc

shlwapi

PathIsUNCServerShareW
PathBuildRootW
PathFileExistsA
StrRetToStrW
UrlGetPartW
StrRChrW
PathStripToRootW
StrCmpIW
UrlCanonicalizeW
PathMatchSpecW
StrStrIA
PathFindNextComponentW

Exports

Exports

ieAuthenticationdrm

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cae6bebb53cc1a4a4a2d96d906a47596

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB