996b6d6cf7d6924d2b32bc50c474a910

Sharing

Copy URL Twitter E-mail

General

Target

996b6d6cf7d6924d2b32bc50c474a910
Size

1.8MB
MD5

996b6d6cf7d6924d2b32bc50c474a910
SHA1

e144810c3c8e9636a1f880c68039938ab9f52bbf
SHA256

aed91177ceff3ce15ad2439120b7665748b5c8b33bfdc20ec76ce7bbb4660a08
SHA512

91a252e965cd4d87221c3920f102c6d762c2e9385ecc6b3eb4264ff9caefebb673bea41346bd1dbf44db1bda01e0974fa2899957676d42a6854980cf6b9272d9
SSDEEP

49152:PtKI64QTbqhfVHulDxdCuxWKazHk0kDtpBsjQ1Q:2vtL9WuQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
996b6d6cf7d6924d2b32bc50c474a910

Files

996b6d6cf7d6924d2b32bc50c474a910
.dll regsvr32 windows:6 windows x64 arch:x64

3327b9973d4d14bc3f1be9635921a945

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

bind
freeaddrinfo
closesocket
ioctlsocket
accept
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
socket
shutdown
send
select
recv
ntohs
listen
getsockname

kernel32

SetStdHandle
GetCurrentDirectoryW
CloseHandle
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
Sleep
ExitProcess
CreateThread
TerminateThread
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
lstrcmpiA
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
OpenProcess
GetComputerNameW
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateFileW
GetFileSize
WriteFile
DuplicateHandle
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
GetProcAddress
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetModuleFileNameW
lstrlenW
CopyFileW
GetExitCodeProcess
GetCurrentThread
CreateProcessW
GetStartupInfoW
GetThreadId
WideCharToMultiByte
CreateDirectoryA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
GetConsoleCP
GetFileAttributesExA
GetFileSizeEx
LockFile
ReadFile
RemoveDirectoryA
SetFilePointerEx
UnlockFile
GetTempPathA
GetSystemTimeAsFileTime
GetLocalTime
LocalFree
FormatMessageA
CreateFileMappingA
MoveFileA
ReplaceFileA
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
GetSystemTime
FreeLibrary
SystemTimeToFileTime
LockFileEx
HeapDestroy
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileW
WaitForSingleObjectEx
LoadLibraryA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
FormatMessageW
HeapSize
HeapValidate
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
RtlUnwind
GetCurrentThreadId
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetConsoleMode
GetStdHandle
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetFileAttributesA
TryEnterCriticalSection
GetStringTypeW
RtlPcToFileHeader
RaiseException
QueryPerformanceFrequency
SwitchToThread
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx

user32

CreateDesktopW
EnumWindows
OpenInputDesktop
GetWindowThreadProcessId
SendMessageTimeoutA
GetUserObjectInformationW
GetThreadDesktop
CloseDesktop
SetThreadDesktop

shell32

SHFileOperationW

ole32

CoInitialize
CoCreateInstance

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
SetSecurityInfo
GetSecurityInfo
GetUserNameW
GetTokenInformation
FreeSid
EqualSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken

Exports

Exports

Control
DllRegisterServer
DllUnregisterServer
FreeBuffer
Release
SetStatus
Start
StartW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3327b9973d4d14bc3f1be9635921a945

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

shell32

ole32

advapi32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 299KB - Virtual size: 298KB

.data Size: 24KB - Virtual size: 39KB

.pdata Size: 65KB - Virtual size: 64KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 299KB - Virtual size: 298KB

.data
Size: 24KB - Virtual size: 39KB

.pdata
Size: 65KB - Virtual size: 64KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB