5bdd825cf4d8711b4778869b4127afdb49cad09676573e08d0c880cc5f5ddef4

Sharing

Copy URL Twitter E-mail

General

Target

5bdd825cf4d8711b4778869b4127afdb49cad09676573e08d0c880cc5f5ddef4
Size

696KB
MD5

f2eff07ee60e3370f3f4cf1ec6cc1658
SHA1

3f4276a74bf5b2244228d27b7e85c7f5f5d22866
SHA256

5bdd825cf4d8711b4778869b4127afdb49cad09676573e08d0c880cc5f5ddef4
SHA512

af7735bda9572173dbec8a004a97abcb6566a044ac6cf01a214e4cdce19abf5532a67aa1325c819780113e26afd6a8dc2bc4ea0cc7b90975d3e655dd483fef86
SSDEEP

12288:77Gtzp4LU1a0IpoAzW7/5CNFlSWrNvf093kxrr6m9baBf1vIORovGEmk6QJHARpW:74+LaqfzSwHll09mIzvI8MGNzQdARpfD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bdd825cf4d8711b4778869b4127afdb49cad09676573e08d0c880cc5f5ddef4

Files

5bdd825cf4d8711b4778869b4127afdb49cad09676573e08d0c880cc5f5ddef4
.dll windows:5 windows x64 arch:x64

847ab62fae234d61d2b644399f167569

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcr100

_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
__C_specific_handler
??_V@YAXPEAX@Z
_mbscmp
fclose
fopen_s
??_U@YAPEAX_K@Z
printf
system
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
_ctime64
_time64
_mkdir
_cexit
__FrameUnwindFilter
??3@YAXPEAX@Z
__CxxFrameHandler3
_onexit

msvcp100

?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Decref@facet@locale@std@@QEAAPEAV123@XZ

kernel32

DecodePointer
Sleep
DisableThreadLibraryCalls
QueryPerformanceCounter
CloseHandle
OpenProcess
_lopen
WideCharToMultiByte
EncodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount

ocvif

NFunction_IFCreate
ImgOCV_IFRelease
NFunction_IFRelease
ImgOCV_IFCreate

vcomp100

_vcomp_fork
_vcomp_for_static_simple_init
_vcomp_for_static_end

psapi

GetModuleBaseNameA
EnumProcesses
GetProcessMemoryInfo

mscoree

_CorDllMain

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.wibu
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

847ab62fae234d61d2b644399f167569

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

msvcp100

kernel32

ocvif

vcomp100

psapi

mscoree

Sections

.text Size: 264KB - Virtual size: 263KB

.nep Size: 512B - Virtual size: 144B

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 288B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 288B

.wibu Size: 316KB - Virtual size: 315KB

.text
Size: 264KB - Virtual size: 263KB

.nep
Size: 512B - Virtual size: 144B

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 288B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 288B

.wibu
Size: 316KB - Virtual size: 315KB