ac82391042ba9e57fbabc3c7ad7c9f31

Sharing

Copy URL Twitter E-mail

General

Target

ac82391042ba9e57fbabc3c7ad7c9f31
Size

182KB
MD5

ac82391042ba9e57fbabc3c7ad7c9f31
SHA1

4ac44273c32c9c925d2164f5a2498d0b57f54cda
SHA256

03ebf00ba1110ab21312e47a962eae945cad72fab2d84efa0a0d98c126f557f1
SHA512

2f08dd688abef5eaf16e84f2e16f12d065be6615ea676dcf1d77ee85f9f5184ba076b1f4cfb7863b45d03d839fe5cb43ae777f86c725f46832c28648a4095e87
SSDEEP

3072:2h/kJx/OC18wW3MiJRU3RHg8oOd3nd9+nc2KB0wUDm/LYPjkxRjV9A36DPKLMLTN:518B3qhHg8dd9+c2KBhum/LYP+RjVekD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac82391042ba9e57fbabc3c7ad7c9f31

Files

ac82391042ba9e57fbabc3c7ad7c9f31
.dll windows:6 windows x64 arch:x64

a47bcb72292b56cb1702747a8389075a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExW
SetThreadIdealProcessor
GetCommMask
GetCommProperties
SetCommMask
CreateFileMappingA
GetSystemTimeAsFileTime
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTickCount
GetProcessPriorityBoost
CreateThread
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetProcAddress
GetCurrentProcess
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
QueryPerformanceCounter
GetLastError
CloseHandle
ReadFile
GetFileSize
CreateFileW

advapi32

OpenServiceW
CloseServiceHandle
OpenSCManagerW
QueryServiceLockStatusW
CredGetTargetInfoA
CredFree
DuplicateTokenEx

shell32

SHGetSettings
DragFinish
SHGetDiskFreeSpaceExA
SHGetInstanceExplorer
ord231
SHGetFolderPathA
SHSetUnreadMailCountW
SHGetUnreadMailCountW
DragQueryFileA

shlwapi

AssocQueryStringA
SHRegGetPathA
ord1
PathRemoveExtensionW
PathRemoveExtensionA
PathMatchSpecA
PathIsRelativeA
PathAppendA
StrIsIntlEqualW
SHRegCloseUSKey
SHRegOpenUSKeyW
PathIsPrefixW
AssocGetPerceivedType

dbghelp

FindExecutableImage
SearchTreeForFile
SymGetSymFromAddr64
SymFromName
SymRegisterCallback64
SymInitialize
SymGetFileLineOffsets64
SymGetModuleInfo64
SymCleanup
SymGetOptions
SymSetOptions
StackWalk64
MakeSureDirectoryPathExists
ImageNtHeader

imm32

ImmSetStatusWindowPos
ImmEnumRegisterWordW
ImmSetCandidateWindow
ImmGetCandidateWindow
ImmGetStatusWindowPos
ImmNotifyIME
ImmSetOpenStatus
ImmGetCandidateListCountA
ImmGetOpenStatus
ImmGetGuideLineW
ImmGetRegisterWordStyleA

winmm

midiInGetErrorTextW
timeGetDevCaps
mmioSendMessage
mmioOpenW
mmioOpenA
mmioGetInfo
midiInGetID
mmioClose

rpcrt4

MesEncodeIncrementalHandleCreate
MesHandleFree
MesEncodeDynBufferHandleCreate
MesDecodeIncrementalHandleCreate

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

memchr
_CxxThrowException
memcpy
memmove
__std_type_info_destroy_list
__C_specific_handler
memcmp
memset
__std_exception_copy
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

exit
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strncat
_wcsnicmp
wcsncpy
wcsncat
isxdigit
strncpy
isspace

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

_ltow
_ultoa
_ltoa
_itow
strtoul
_itoa
_ultow

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-stdio-l1-1-0

_write
_read
__acrt_iob_func
_wsopen_dispatch
_open
_lseek
_close
__stdio_common_vfprintf

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32

Exports

Exports

tile_find_bounds
umockalloc_free
umocktypes_stringify_int8_t

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a47bcb72292b56cb1702747a8389075a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

dbghelp

imm32

winmm

rpcrt4

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 80B

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 80B