b99a21c8d93449080854fbbefe422898

Sharing

Copy URL Twitter E-mail

General

Target

b99a21c8d93449080854fbbefe422898
Size

179KB
MD5

b99a21c8d93449080854fbbefe422898
SHA1

ced7bc6e0f1a15465e61cfec87aaef98bd999e15
SHA256

819500f6d820bffd4290b172eb84721eee9f4d3a5814d58a65d5a321ce3e51ab
SHA512

b0f94bc8b0775f099b410b212b1266101d633cad066a0de15ca25a83e2a9128d14520aa53e7720800c9b03f25bcade665c622a932b3838829fd2a6cc3899f46c
SSDEEP

3072:7/pEYN1p3lghdLyxqNyqE3Mm6GqyafS7ElA7q8MoEHevNuyLAJ6JZC9mNos3MiCo:vXi8xk4N6GqjSiSqBHsn4YOPiCr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b99a21c8d93449080854fbbefe422898

Files

b99a21c8d93449080854fbbefe422898
.dll windows:6 windows x86 arch:x86

ac0d43d17d05c8e5cdc2fd93d1e33ee9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

RemoveDirectoryW
GetDriveTypeA
SetFileTime
CreatePipe
PeekNamedPipe
FindClose
WaitForSingleObject
CreateFileW
GetComputerNameExW
MultiByteToWideChar
GetFileInformationByHandle
FormatMessageW
GetLastError
DeleteFileW
CloseHandle
LocalFree
MoveFileExW
CreateProcessW
WideCharToMultiByte
WriteFile
OutputDebugStringA
DebugBreak
HeapFree
GetCurrentProcess
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
CreateEventW
Process32NextW
GetCurrentThread
Process32FirstW
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
FindNextFileW
FindFirstFileExW
GetFileSizeEx
GetLogicalDrives
ReadFile
CreateDirectoryW
DecodePointer
CopyFileExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapReAlloc
GetStdHandle
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode

advapi32

OpenProcessToken
OpenThreadToken
LookupAccountSidW
GetTokenInformation
RevertToSelf
CreateProcessWithTokenW
ImpersonateLoggedOnUser
LogonUserW
CreateProcessAsUserW

Exports

Exports

RegisterModule

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac0d43d17d05c8e5cdc2fd93d1e33ee9

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

advapi32

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 6KB - Virtual size: 5KB

.l2 Size: 1024B - Virtual size: 1024B

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 6KB - Virtual size: 5KB

.l2
Size: 1024B - Virtual size: 1024B