bb02974bde1cf9ddd26e3af52f478552

Sharing

Copy URL Twitter E-mail

General

Target

bb02974bde1cf9ddd26e3af52f478552
Size

1.1MB
MD5

bb02974bde1cf9ddd26e3af52f478552
SHA1

62a9b9f4885c5b19e1aeccdfa7fb43ac59bb9cda
SHA256

72d3571bebad83199f7c2adeb5c02eb759620d72015ef0d1f1b54bd338576cbb
SHA512

360bf108d7e151e01ea862626cb949c9c79beccf4951c8339f891da823a433cd4d5098f28ccafc1d5c4160dc9a214dd7e104415821605e31acacfa6bd0c2268e
SSDEEP

24576:+LZI/fKAIDkQnxaMnrXandu7WozGfIuZlt5mobhCS3:G6/fKAIDkQxaMOn07rzGfIWddbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb02974bde1cf9ddd26e3af52f478552

Files

bb02974bde1cf9ddd26e3af52f478552
.dll windows:6 windows x64 arch:x64

b361909ce1a0d6e386fb6a66288b5f5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetEndOfFile
EnumSystemLanguageGroupsA
GetACP
LoadLibraryW
CreateFileMappingA
LocalFree
LocalAlloc
LoadLibraryExW
MapViewOfFile
CreateFileMappingW
GetTickCount
TlsFree
GetProcAddress
TlsGetValue
TlsAlloc
CreateThread
ExitProcess
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetLastError
CloseHandle
UnlockFileEx
SetFilePointer
HeapSize
GetFileAttributesExW
WriteConsoleW
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
TlsSetValue
UnmapViewOfFile
CreateProcessA
GetExitCodeProcess
SetFilePointerEx
DeleteFileW
ReadConsoleW
FlushFileBuffers
GetCurrentDirectoryW
GetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
EnumSystemLocalesW
RtlUnwind
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapFree
HeapAlloc
ReadFile
LockFileEx
GetFullPathNameW
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DuplicateHandle
SetConsoleCtrlHandler
GetModuleFileNameA

gdi32

DeleteEnhMetaFile
CreateRectRgn
GetBitmapDimensionEx
CreateRectRgnIndirect
DeleteObject
CombineTransform
SetBitmapDimensionEx
GetEnhMetaFileA

comdlg32

GetFileTitleA
FindTextA

advapi32

LsaOpenPolicy
DeleteAce
EqualSid
FreeSid
GetPrivateObjectSecurity
InitializeAcl
SetUserFileEncryptionKey
CloseServiceHandle
OpenSCManagerA
CredGetSessionTypes
CredWriteDomainCredentialsA
LsaNtStatusToWinError
AllocateAndInitializeSid
LsaClose
QueryServiceObjectSecurity
OpenServiceA

shlwapi

SHCreateShellPalette
UrlEscapeW

dbghelp

FindDebugInfoFile
SymFindFileInPath
FindExecutableImage
ImageDirectoryEntryToDataEx
SearchTreeForFile
SymInitialize
SymGetFileLineOffsets64
SymCleanup
UnDecorateSymbolName

imm32

ImmGetOpenStatus
ImmGetCandidateWindow
ImmSetCandidateWindow
ImmGetImeMenuItemsW

urlmon

IsValidURL
UrlMkSetSessionOption
CompatFlagsFromClsid
CoInternetParseUrl
MkParseDisplayNameEx
FindMimeFromData
UrlMkGetSessionOption
CoInternetCreateZoneManager

winmm

waveOutGetNumDevs
mmioGetInfo
mmioClose
mmioRenameA
waveOutGetErrorTextA
mciGetCreatorTask
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
waveOutGetID
mixerGetLineControlsW
mmioOpenW
mixerGetNumDevs

rpcrt4

MesHandleFree
MesBufferHandleReset
MesDecodeBufferHandleCreate
MesEncodeFixedBufferHandleCreate
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
I_RpcMapWin32Status

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
ImageList_Create
ImageList_Destroy
ImageList_Replace
ImageList_DrawEx
ImageList_DragShowNolock

Sections

.text
Size: 899KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b361909ce1a0d6e386fb6a66288b5f5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

shlwapi

dbghelp

imm32

urlmon

winmm

rpcrt4

comctl32

Sections

.text Size: 899KB - Virtual size: 899KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 12KB - Virtual size: 6.4MB

.pdata Size: 21KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 899KB - Virtual size: 899KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 12KB - Virtual size: 6.4MB

.pdata
Size: 21KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB