b61cdd21c0303613a4222ba6261a91ce

Sharing

Copy URL Twitter E-mail

General

Target

b61cdd21c0303613a4222ba6261a91ce
Size

240KB
MD5

b61cdd21c0303613a4222ba6261a91ce
SHA1

020c59327bd180628578af4b73613848dfd3ea07
SHA256

c8372083b8e844caab2cce5202d63d439cb0ae83158dbef8aa814566a82637fe
SHA512

13f2ee89aa39000ad96fa216e3b54cd2ecb107a8e5223f91282ca0135acf3d3e3a503076e092afab261b1a1cc004e3c2c45f7f2a9e03221ed0dabecd0760c8b4
SSDEEP

6144:kQJ0aOTU1tsqOJzEY1EGH9RCZD1yXH/Yw3UCgz7EPq:LfsfdRAD1cH/Y6yq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b61cdd21c0303613a4222ba6261a91ce

Files

b61cdd21c0303613a4222ba6261a91ce
.dll windows:5 windows x64 arch:x64

31fe3daef9c613370ee7ccd2e5f028b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetNativeSystemInfo
IsBadReadPtr
GetProcessHeap
HeapFree
FreeConsole
GetModuleFileNameA
VirtualProtect
HeapAlloc
SetLastError
GetLastError
HeapReAlloc
MultiByteToWideChar
WideCharToMultiByte
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RaiseException
HeapSize
RtlUnwindEx
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus

Exports

Exports

ServiceMain
WmpUpdate

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31fe3daef9c613370ee7ccd2e5f028b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 134KB - Virtual size: 143KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 134KB - Virtual size: 143KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB