994fcf3176fce76bc8f54fa997113303

Sharing

Copy URL Twitter E-mail

General

Target

994fcf3176fce76bc8f54fa997113303
Size

84KB
MD5

994fcf3176fce76bc8f54fa997113303
SHA1

1062e33de8743f18a210cbc098a4a8a4ddb31f3c
SHA256

54959d003d96a8ded7c674e5a910529905b38e794526fedbeec183d5e1bc47ba
SHA512

3292c36dc67a52b5716c764af565b7e8b1a3a08997e2a7854eefe196ba612b515090f2f38baf8fc2077ce7b23fec41ca202c2db3e1efa04ef0c2420f82b504ed
SSDEEP

1536:til+6AjpoodLBh2RZlIg92PsJV3Ugaou8WHC:tCpAjOodL6LINIVnaZi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
994fcf3176fce76bc8f54fa997113303

Files

994fcf3176fce76bc8f54fa997113303
.dll windows:4 windows x86 arch:x86

afe40612b3661825043829015dfa0615

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
Sleep
CreateFileA
GetModuleHandleA
GetProcAddress
HeapAlloc
VirtualProtect
LocalFree
CreateDirectoryA
GetCurrentProcessId
LeaveCriticalSection
CreateFileMappingA
ReleaseMutex
LoadLibraryA
SetLastError
GetCommandLineA
CreateProcessA
TerminateJobObject
HeapUnlock
FindFirstChangeNotificationW
DeleteTimerQueueTimer
SetCommMask
GetCommConfig
GetProcessVersion
GetSystemTimeAdjustment
IsBadCodePtr
TerminateThread
FillConsoleOutputAttribute
SetHandleCount
QueueUserAPC
WaitForMultipleObjects
GetCommModemStatus
GetStartupInfoA
CreatePipe
FlushConsoleInputBuffer
IsValidLocale
GetUserDefaultLangID
SetVolumeMountPointW
RegisterWaitForSingleObject
GetShortPathNameA
AddAtomW
OpenSemaphoreA
FormatMessageW
OpenJobObjectW
TerminateProcess
ExpandEnvironmentStringsW
ReadFile
SetHandleInformation
ReadDirectoryChangesW
OpenEventA
HeapDestroy
lstrcmpW
SetDefaultCommConfigW
EnumResourceNamesW
SetCurrentDirectoryA
ExpandEnvironmentStringsA
SetFileAttributesA
GetFileType
GetCommTimeouts
GetOverlappedResult
CreateProcessW
WinExec
FlushFileBuffers
GetQueuedCompletionStatus
GetAtomNameA
SearchPathW
BackupWrite

ole32

CreatePointerMoniker
CoTaskMemRealloc
CoInitializeEx
CreateFileMoniker
CoFreeUnusedLibrariesEx
GetHGlobalFromILockBytes
CoGetMarshalSizeMax
GetHGlobalFromStream
CoFileTimeNow
OleLockRunning

shlwapi

SHRegSetPathW
StrStrIW
StrFormatKBSizeW
StrStrW
PathUndecorateW
PathAddBackslashA
StrRChrW
PathIsDirectoryW
StrToIntExW
PathCreateFromUrlW
StrFormatByteSizeW
PathParseIconLocationW
PathRemoveBackslashW
PathRemoveFileSpecA
StrCmpIW
StrDupW
PathFindFileNameW
SHStrDupW
StrTrimW

shell32

SHGetFolderPathW
ExtractIconExW
SHSetLocalizedName
SHGetMalloc
ShellExecuteW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetInstanceExplorer

Exports

Exports

CvtMapLite

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afe40612b3661825043829015dfa0615

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB