b7a38aa413bcc655916af9579790af4f742878a4ea3d524511f3db5d31d1b486

Sharing

Copy URL Twitter E-mail

General

Target

b7a38aa413bcc655916af9579790af4f742878a4ea3d524511f3db5d31d1b486
Size

126KB
MD5

6df221f61663c60225df70322685ab79
SHA1

2f9ea86a29db4f019cf4a912468762a57c00238e
SHA256

b7a38aa413bcc655916af9579790af4f742878a4ea3d524511f3db5d31d1b486
SHA512

6d8282b533efc95a9412b1dd7bc45bb9ac01f5e6c880474a4480f0ab2ae7cca9247a2ce952fd7651b98db278f0e9069c2889ea68e9e10cf9cfa76dac9b1fd5b4
SSDEEP

3072:Zquqct7FiA8M8p4V8dELapTsHctKXngL8Hkc24Vu+/yxKYOAs:Zq3c5Ff8DEupTectK3UV6DA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7a38aa413bcc655916af9579790af4f742878a4ea3d524511f3db5d31d1b486

Files

b7a38aa413bcc655916af9579790af4f742878a4ea3d524511f3db5d31d1b486
.dll windows:6 windows x64 arch:x64

fecf300c562024d95f71178f889a0838

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
CreateFileW
HeapSize
FormatMessageA
LocalFree
SetLastError
FileTimeToSystemTime
CreateFileMappingA
GlobalAlloc
UnmapViewOfFile
MapViewOfFile
GetLocalTime
CloseHandle
GetFileSize
CreateFileA
GetComputerNameA
GetModuleHandleA
GetModuleFileNameA
GetLastError
HeapReAlloc
LoadLibraryExW
LCMapStringW
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
HeapAlloc
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
ReadFile
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
WriteFile
WideCharToMultiByte
GetConsoleCP
RtlLookupFunctionEntry
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetFileType
SetFilePointerEx
GetStdHandle
DeleteCriticalSection
GetStartupInfoW
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
FlushFileBuffers
WriteConsoleW
GetStringTypeW
SetEndOfFile

user32

MessageBoxA
PostQuitMessage

advapi32

CryptReleaseContext
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
CryptVerifySignatureA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptImportKey
CryptGetUserKey
GetUserNameA
CryptAcquireContextA
CryptGenKey
CryptDestroyKey
CryptSetHashParam
CryptGetHashParam

shell32

ShellExecuteExA

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

crc
init

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fecf300c562024d95f71178f889a0838

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

rpcrt4

version

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB