abe0177861d45481328a6ccef7f56ae1

Sharing

Copy URL Twitter E-mail

General

Target

abe0177861d45481328a6ccef7f56ae1
Size

740KB
MD5

abe0177861d45481328a6ccef7f56ae1
SHA1

79677234f44a99b7671dd3a6e5eb4e5a808438da
SHA256

b3abf14219be8a8614c91cb57faae1a3661478e46b1486e23e0863a40610e33c
SHA512

951f0444441fa09d79a974050d2ae89a4f9f77fbba877f654bbc1c23210fb4c7dff9ebeabb618d1aed9316914fe244ed357ccdd65465877820321dbe9a0521d2
SSDEEP

6144:EJqT6TfcyRDkoCEgPzsuPfJYLd9/V8OJJkq1yX:Ezk9PzsunJWV8YJSX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abe0177861d45481328a6ccef7f56ae1

Files

abe0177861d45481328a6ccef7f56ae1
.dll windows:6 windows x64 arch:x64

353c12b7b9cf498ed657d1029fc098ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
OpenThread
Process32Next
CreateToolhelp32Snapshot
GetProcAddress
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
Thread32Next
Sleep
Thread32First
Process32First
CloseHandle
FreeLibrary
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetLastError
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapSize
GetStdHandle
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WideCharToMultiByte
HeapAlloc
SetLastError
GetProcessHeap
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
LoadLibraryW
CompareStringW
LCMapStringW
SetEnvironmentVariableA
GetStringTypeW
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

advapi32

RegDeleteValueA
RegGetValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

Exports

Exports

MyProc
Run
SetGlobalHookHandle

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED_D
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

353c12b7b9cf498ed657d1029fc098ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 3KB

SHARED_D Size: 512B - Virtual size: 8B

.rsrc Size: 162KB - Virtual size: 162KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 3KB

SHARED_D
Size: 512B - Virtual size: 8B

.rsrc
Size: 162KB - Virtual size: 162KB

.reloc
Size: 5KB - Virtual size: 4KB