ac63f53e5b6278d2bf415e1a7383fcb3

Sharing

Copy URL

Twitter E-mail

General

Target

ac63f53e5b6278d2bf415e1a7383fcb3
Size

418KB
MD5

ac63f53e5b6278d2bf415e1a7383fcb3
SHA1

238aa6b6393ebe2bb5984f76ee0ce5a0257fa068
SHA256

a7a1030761673ff04d47e8de045d82e1cfda743383450b96af7c3c2cf457bf24
SHA512

e711e24ddba6f1cdebbfc19cdba9848e55f2e501261014c9cd3ef7aac3b996164ff0af22a86b57e5ddcb7a3ed0923539b48c29bfdcd498b71683de28858ad80d
SSDEEP

12288:Zoo5J+b361SrBKqcUpdXih8t1BflrJdPHX6:Okl1SUqcUqCJdX6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac63f53e5b6278d2bf415e1a7383fcb3

Files

ac63f53e5b6278d2bf415e1a7383fcb3
.dll windows:4 windows x86 arch:x86

1148724a24df68689154f7fccb715ce4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtQuerySystemTime
RtlAllocateAndInitializeSid
RtlSystemTimeToLocalTime
RtlOemStringToUnicodeString
RtlPrefixUnicodeString
RtlAddAccessAllowedAce
RtlDeleteElementGenericTable
NtOpenThreadToken
RtlVerifyVersionInfo
RtlRegisterWait
RtlDeleteTimerQueue
RtlEraseUnicodeString
RtlCreateSecurityDescriptor
NtQuerySystemInformation
RtlInitializeGenericTableAvl
RtlUpcaseUnicodeString
DbgPrint
RtlCompareUnicodeString
RtlCopyLuid
RtlEqualSid
RtlNtStatusToDosError
RtlCopySid
RtlGetElementGenericTable
NtAllocateLocallyUniqueId
RtlCreateTimerQueue
RtlInsertElementGenericTableAvl
RtlFreeUnicodeString
RtlLengthSid
RtlInitializeCriticalSection
RtlUniform
RtlRunDecodeUnicodeString
RtlIntegerToUnicodeString
NtAllocateVirtualMemory
RtlLookupElementGenericTableAvl
NtWaitForSingleObject
RtlDeleteCriticalSection
RtlCreateAcl
NtOpenEvent
RtlInitializeResource
NtSetSecurityObject
NtDuplicateObject
RtlTimeToTimeFields
RtlInitializeGenericTable
RtlDeleteResource
RtlSubAuthoritySid
RtlLookupElementGenericTable
RtlDeregisterWait
NtOpenProcessToken
NtClose
RtlValidSid
RtlConvertSidToUnicodeString
RtlSubAuthorityCountSid
RtlAppendUnicodeStringToString
RtlAcquireResourceShared
RtlInitUnicodeString
RtlFreeSid
RtlTimeFieldsToTime
RtlConvertSharedToExclusive
RtlReleaseResource
RtlSetDaclSecurityDescriptor
RtlInitAnsiString
NtCreateEvent
RtlAcquireResourceExclusive
RtlEqualUnicodeString
RtlInsertElementGenericTable
RtlAnsiStringToUnicodeString
RtlDowncaseUnicodeString
RtlCompareMemory
VerSetConditionMask
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlCreateTimer
RtlCopyUnicodeString
RtlFreeAnsiString
RtlInitializeSid
RtlUnicodeStringToAnsiString
RtlEqualDomainName
RtlLengthRequiredSid

kernel32

GetLastError
WideCharToMultiByte
MapViewOfFileEx
RegisterWaitForSingleObjectEx
InterlockedExchangeAdd
GetCurrentProcessId
LocalAlloc
InterlockedCompareExchange
lstrlenW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetModuleFileNameW
LoadLibraryA
lstrcmpiA
ExpandEnvironmentStringsW
lstrcmpW
DeleteCriticalSection
GetCurrentThreadId
MultiByteToWideChar
GetProcAddress
RaiseException
EnterCriticalSection
TerminateProcess
GetEnvironmentVariableW
Sleep
GetComputerNameW
CreateFileW
QueryPerformanceCounter
LoadLibraryW
InterlockedIncrement
GetComputerNameExW
UnmapViewOfFile
GetProfileStringA
DebugBreak
SetEvent
GetCurrentProcess
CreateFileA
DisableThreadLibraryCalls
CreateEventW
FreeLibrary
GetTickCount
OpenFileMappingW
LeaveCriticalSection
OutputDebugStringA
lstrcpyW
UnhandledExceptionFilter
LocalFree
CreateFileMappingW
lstrlenA
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
GetModuleFileNameA
UnregisterWait
OpenEventW
FormatMessageW
GetCurrentThread
GetLocalTime
FileTimeToSystemTime
CloseHandle
WriteFile
VirtualAlloc
GetModuleHandleW
GetSystemInfo
GetACP

msasn1

ASN1octetstring_free
ASN1BERDecEndOfContents
ASN1BERDecOctetString
ASN1BEREncBitString
ASN1intx_free
ASN1_FreeEncoded
ASN1BERDecBool
ASN1BERDecU32Val
ASN1BERDecSXVal
ASN1CEREncGeneralizedTime
ASN1BEREncOctetString
ASN1BERDecPeekTag
ASN1intx2uint32
ASN1ztcharstring_free
ASN1BEREncExplicitTag
ASN1charstring_free
ASN1BERDecZeroCharString
ASN1BERDecSkip
ASN1BERDecBitString
ASN1_Encode
ASN1BERDecOpenType2
ASN1_FreeDecoded
ASN1DecSetError
ASN1_CloseDecoder
ASN1_CreateDecoder
ASN1BEREncSX
ASN1BERDecCharString
ASN1BEREncEndOfContents
ASN1_CreateModule
ASN1DecAlloc
ASN1BEREncObjectIdentifier
ASN1intx2int32
ASN1_CloseEncoder
ASN1EncSetError
ASN1BERDecS32Val
ASN1_CreateEncoder
ASN1BEREncS32
ASN1BERDecObjectIdentifier
ASN1BERDecExplicitTag
ASN1BEREncOpenType
ASN1BERDecGeneralizedTime
ASN1bitstring_free
ASN1BEREncBool
ASN1BERDecNotEndOfContents
ASN1_Decode
ASN1BEREncCharString
ASN1BEREncU32
ASN1intxisuint32
ASN1intx_setuint32
ASN1objectidentifier_free
ASN1Free

user32

wsprintfW
CharLowerBuffW

cryptdll

CDFindCommonCSystemWithKey
CDBuildIntegrityVect
MD5Init
MD5Final
CDLocateCSystem
MD5Update
CDGenerateRandomBits
CDLocateCheckSum

msvcrt

free
_strcmpi
_vsnprintf
sscanf
wcscat
_except_handler3
wcstoul
strchr
_adjust_fdiv
_wcsnicmp
strrchr
_wcsicmp
wcsrchr
qsort
wcslen
_ultoa
wcsspn
_stricmp
wcscmp
malloc
wcscpy
_strnicmp
sprintf
_initterm
swprintf

advapi32

CryptHashData
RegCreateKeyExW
FreeSid
RegNotifyChangeKeyValue
ReportEventW
RegisterEventSourceW
CryptGetProvParam
RegCloseKey
QueryServiceStatus
CryptAcquireContextW
RegSetValueExW
SetThreadToken
RegConnectRegistryW
RegQueryValueExW
OpenServiceW
GetTokenInformation
RegQueryInfoKeyW
QueryServiceConfigW
CryptGetHashParam
OpenThreadToken
CredFree
CryptSetProvParam
AllocateAndInitializeSid
CryptCreateHash
CredUnmarshalCredentialW
RegOpenKeyW
SystemFunction006
RegDeleteValueW
TraceEvent
CryptReleaseContext
LookupAccountSidW
CloseServiceHandle
OpenSCManagerW
OpenProcessToken
RegOpenKeyExW
RegisterTraceGuidsW
RegEnumKeyExW
RevertToSelf
GetTraceLoggerHandle
CryptDestroyHash
DeregisterEventSource
SystemFunction007

secur32

LsaGetLogonSessionData
CredUnmarshalTargetInfo
LsaFreeReturnBuffer
FreeContextBuffer
CredMarshalTargetInfo

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1148724a24df68689154f7fccb715ce4

Headers

File Characteristics

Imports

ntdll

kernel32

msasn1

user32

cryptdll

msvcrt

advapi32

secur32

Sections

.text Size: 242KB - Virtual size: 241KB

.reloc Size: 512B - Virtual size: 24B

.data Size: 52KB - Virtual size: 928KB

.rsrc Size: 25KB - Virtual size: 25KB

.rdata Size: 96KB - Virtual size: 96KB

.text
Size: 242KB - Virtual size: 241KB

.reloc
Size: 512B - Virtual size: 24B

.data
Size: 52KB - Virtual size: 928KB

.rsrc
Size: 25KB - Virtual size: 25KB

.rdata
Size: 96KB - Virtual size: 96KB