8b5ddb783f9403228f4a0819bb9c08a43f1eb9345e188e69e5e0193972f3afac

Sharing

Copy URL Twitter E-mail

General

Target

8b5ddb783f9403228f4a0819bb9c08a43f1eb9345e188e69e5e0193972f3afac
Size

705KB
MD5

ab7535a3d35a9eab0ff8d369240a49fd
SHA1

83545a9f5e23149b3e025a91f2459922ffa61961
SHA256

8b5ddb783f9403228f4a0819bb9c08a43f1eb9345e188e69e5e0193972f3afac
SHA512

d8abb46eb9033113b8d9e08c41f133de15de4075d2ad8f7ba26425ef3c88be816609ca8e6296c1f42a5fb12cb548c61fb293b0bf5a0aaa9db18d848cfd24cfa5
SSDEEP

12288:1Vpv9wBAg1S1TKNBxg5W+PiGHW7TV5qrK3QB/FFO5qLLDphN/yib:bpFabSqMNPO7bw44dIMLPRP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b5ddb783f9403228f4a0819bb9c08a43f1eb9345e188e69e5e0193972f3afac

Files

8b5ddb783f9403228f4a0819bb9c08a43f1eb9345e188e69e5e0193972f3afac
.dll windows:5 windows x86 arch:x86

da838ef11a6f892f2ec52c528d07a2c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetEnvironmentVariableW
GetFileAttributesA
GetCurrentProcess
CloseHandle
CreateToolhelp32Snapshot
Module32FirstW
Process32FirstW
OpenProcess
Process32NextW
Module32NextW
GetCurrentProcessId
GetModuleFileNameW
GetLogicalDriveStringsW
QueryDosDeviceW
TerminateProcess
WaitForSingleObject
GetLocalTime
MultiByteToWideChar
CreateProcessW
ReadFile
SetEnvironmentVariableA
SetEndOfFile
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileW
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
GetVersionExW
GetSystemInfo
DeleteCriticalSection
Sleep
FileTimeToLocalFileTime
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
LocalFree
lstrcmpA
lstrcpyW
CreatePipe
LocalAlloc
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
FlushFileBuffers
GetConsoleCP
WriteFile
ReadConsoleW
GetConsoleMode
SetFilePointerEx
CreateDirectoryW
GetFileAttributesExW
GetFileType
GetStdHandle
GetDriveTypeW
FindFirstFileExW
GetOEMCP
GetACP
IsValidCodePage
HeapSize
DuplicateHandle
GetCurrentThread
GetCurrentThreadId
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetStringTypeW
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
GetCommandLineA
HeapAlloc
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetModuleHandleW
GetProcAddress
CreateSemaphoreW
CreateThread
ExitThread
LoadLibraryExW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI

user32

DispatchMessageW
GetMessageW
CreateWindowExW
MessageBoxW
DestroyWindow
TranslateMessage
LoadCursorW
DefWindowProcW
GetSystemMetrics
SendMessageW
RegisterClassExW

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

ole32

CoCreateGuid

crypt32

CryptMsgClose
CertGetNameStringW
CryptDecodeObject
CryptMsgGetParam
CertFindCertificateInStore
CryptQueryObject
CertCloseStore
CertFreeCertificateContext

ws2_32

recvfrom
send
WSACleanup
recv
closesocket
connect
gethostbyname
htons
setsockopt
WSAGetLastError
socket
htonl
sendto
inet_ntoa
WSAIoctl
ntohl
WSAAsyncSelect
bind
listen
accept
inet_addr
shutdown
WSAStartup

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

Exports

Exports

clinkStart
clinkStop
dunGetClientIP
dunGetClientIP32
dunGetCurrentTCPPort
dunGetCurrentUDPPort
dunGetRunState
dunSetAutoChangePort
getListenState
setIPWriteLocalFile
setPortConflictAlert
setSourceCode

Sections

.text
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da838ef11a6f892f2ec52c528d07a2c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

crypt32

ws2_32

version

psapi

Exports

Exports

Sections

.text Size: 555KB - Virtual size: 554KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 30KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 555KB - Virtual size: 554KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 30KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 24KB - Virtual size: 24KB