b74c62735416aafb8a5391ff907b3991

General

Target

b74c62735416aafb8a5391ff907b3991
Size

36KB
MD5

b74c62735416aafb8a5391ff907b3991
SHA1

b4cc2cc20bc58dbc899ff20fe011ba1b9527c131
SHA256

e1c9f625d1e90cf571d1991c7ce475de9fbf18b39ad2c2722f7e9a494232a5ce
SHA512

c8103cc0641535017ac4548e0f25374d5e4ce3a62494fe9fc4bf9c03d01ee41b8022c94be57e3cb36760e92a90efc29119a75c9a7e8f3b7ed53746ffc9e41d8a
SSDEEP

384:DiCdSo5CjLJdNGoYsGGtg6H2yAf7Mxm6t8eNu1q7/PsULF/7W757W:DNZ5CnJPGl6gA2yU7MxT8Sj0cte5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b74c62735416aafb8a5391ff907b3991

Files

b74c62735416aafb8a5391ff907b3991
.dll windows:5 windows x86 arch:x86

80928bb6540886d3c4651e0fe252cae9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtQueryVirtualMemory
RtlUnwind

kernel32

GlobalHandle
IsBadReadPtr
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
DeleteCriticalSection
InitializeCriticalSection
HeapFree
CreateEventW
HeapAlloc
GetProcessHeap
CloseHandle
SetEvent
InterlockedDecrement
ReleaseMutex
InterlockedIncrement
WaitForSingleObject
WaitForMultipleObjects
GetLastError
SetThreadPriority
GlobalUnlock
CreateThread
OpenEventW
PulseEvent
GlobalFree
FreeLibrary
GetProcAddress
LoadLibraryW
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetCurrentProcess
CreateFileW
UnmapViewOfFile
DeviceIoControl
DisableThreadLibraryCalls
GetOverlappedResult
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
GlobalAlloc
GlobalLock
lstrcpyW
ResumeThread
CreateMutexW

advapi32

GetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
AllocateAndInitializeSid
GetLengthSid

winmm

DriverCallback
DefDriverProc

Exports

Exports

DriverProc
auxMessage
midMessage
modMessage
mxdMessage
widMessage
wodMessage

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80928bb6540886d3c4651e0fe252cae9

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

winmm

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB