d46c02c989541925439b8a09a4f17e133c7828d6fb08567539e850669e749046

Sharing

Copy URL Twitter E-mail

General

Target

d46c02c989541925439b8a09a4f17e133c7828d6fb08567539e850669e749046
Size

2.6MB
MD5

3f66b9ff83b4b83951f45d6d094cd6bc
SHA1

c68777d0acb4a62df981d3d79c0992a8a34ad1cb
SHA256

d46c02c989541925439b8a09a4f17e133c7828d6fb08567539e850669e749046
SHA512

f43fc4711b18ee3e22aa6628a761b64abdce5d8e0993445fe5fb9cccfdf17a17714f1cae38bb75bc9255b6ab8fdfab6ee5cdaee2b068ee87309e7f9d93159df8
SSDEEP

49152:xbwXgv5gulhSN6+sV+XTztB/xaJc7KJurv5zB+Qbpx9LABm+BlDohmIZGC0lCM:ddjw2VKztpxac7L4YXAzSZP0lP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d46c02c989541925439b8a09a4f17e133c7828d6fb08567539e850669e749046

Files

d46c02c989541925439b8a09a4f17e133c7828d6fb08567539e850669e749046
.dll windows:5 windows x86 arch:x86

a72e0cf80ce959e2ce478715ac1ff937

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindAtomA
LoadLibraryA
GetModuleFileNameA
GetBinaryTypeA
GetUserDefaultLCID
GetStringTypeW
PrepareTape
GetCurrentConsoleFont
GetStringTypeA
GetTimeZoneInformation
GetConsoleFontSize
GetModuleHandleW
LCMapStringA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
HeapFree
Sleep
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLocaleInfoA
HeapAlloc
InitializeCriticalSectionAndSpinCount
WriteFile
GetStdHandle
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind

urlmon

CopyStgMedium

user32

GetScrollPos
GetInputState
UnregisterHotKey
ClientToScreen
GetClipCursor
GetCursorInfo
SendInput
ReuseDDElParam
IsZoomed
TrackMouseEvent

advapi32

RegNotifyChangeKeyValue
FreeEncryptionCertificateHashList
NotifyChangeEventLog

shlwapi

SHCreateShellPalette

gdi32

SetDCBrushColor
PatBlt
SetColorSpace

Exports

Exports

YzthtbdwbigooHitoeem

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a72e0cf80ce959e2ce478715ac1ff937

Headers

File Characteristics

Imports

kernel32

urlmon

user32

advapi32

shlwapi

gdi32

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 88KB - Virtual size: 89KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 88KB - Virtual size: 89KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 47KB