bb5d7f81559645f757b43cf5ae8157dd

Sharing

Copy URL Twitter E-mail

General

Target

bb5d7f81559645f757b43cf5ae8157dd
Size

1.3MB
MD5

bb5d7f81559645f757b43cf5ae8157dd
SHA1

a3ff14b8e357714b692385b867957d3337e4d1fe
SHA256

1a48326e62b3d87f4a53f0a8b0196a0871758a156761503008faacd19dc7aa52
SHA512

087d4837e961d6e595493085c2cc274e1c2db1f0425aa8bd61d01a959fdc73721a6b3c23698dc7a6c9e84bb46cc4ba3b07b607879219d2de066a019e625b4040
SSDEEP

24576:/nxQKOjabAHNLTvMF2qlzPqfWOUyTlR5PsMJ8LtLI1gxPQx4TwbdaGfXHvP3T5:/ngfNLjFqxPqfbUW9MdtPQx0ovP3T5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb5d7f81559645f757b43cf5ae8157dd

Files

bb5d7f81559645f757b43cf5ae8157dd
.dll windows:5 windows x86 arch:x86

66f01767d589e6baf374e21d9e71d2a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
FreeLibrary
GetProcAddress
LoadLibraryExW
MultiByteToWideChar
WriteFile
FormatMessageA
GetTickCount
IsDebuggerPresent
Sleep
RaiseException
CreateThread
ReadFile
GetFileAttributesExW
GetCurrentDirectoryW
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
FlushFileBuffers
FindClose
SetLastError
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
LoadLibraryW
WaitForMultipleObjects
HeapAlloc
LoadLibraryA
IsBadReadPtr
ExpandEnvironmentStringsA
GetModuleFileNameA
SleepEx
VerSetConditionMask
GetSystemDirectoryW
VerifyVersionInfoW
WaitForSingleObjectEx
GetStdHandle
GetFileType
PeekNamedPipe
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedFlushSList
GetConsoleCP
GetConsoleMode
ExitProcess
GetFullPathNameW
SetStdHandle
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
ReadConsoleW
HeapReAlloc
GetACP
GetTimeZoneInformation
WriteConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
HeapSize
GetLastError
GetProcessHeap
HeapFree
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
CloseHandle
CreateFileW
WideCharToMultiByte

advapi32

CryptDestroyKey
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash

ws2_32

send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
gethostname
htonl
ntohl
recv
select
__WSAFDIsSet
WSAGetLastError
ioctlsocket
WSASetLastError

crypt32

CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertAddCertificateContextToStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

Exports

Exports

Install_7z

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 749KB - Virtual size: 766KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66f01767d589e6baf374e21d9e71d2a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 423KB - Virtual size: 422KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 749KB - Virtual size: 766KB

.gfids Size: 512B - Virtual size: 324B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 423KB - Virtual size: 422KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 749KB - Virtual size: 766KB

.gfids
Size: 512B - Virtual size: 324B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 19KB - Virtual size: 18KB