0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87

Resubmissions

03-12-2024 16:44

241203-t88qaayrhl 3

09-03-2024 17:26

240309-vzvmqsdc93 3

Sharing

Copy URL

Twitter E-mail

General

Target

0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87
Size

148KB
MD5

570547fa75c15e6eb9e651f2a2ee0749
SHA1

f20d9c3d2e3fb891fe5ae4b656bdc50a87f2707f
SHA256

0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87
SHA512

8043ca9d566c0c03c9a2779710cad7d542e16dabf9a13d2e61c22ac288d2a204561f1ddb1ad80b6b31c0af1e68b681a58f7fb3d8aa0015876537a91d58c670e9
SSDEEP

3072:HnJvHI9R9qmjHh/yAyKnLjhadSIVs8RQq8qkHIBnREDKLWB8tB5blZp:d4R9qmjVylKfhadSgxp+7B8tB5bXp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87

Files

0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87
.dll windows:4 windows x86 arch:x86

9ca6a21ca0ff0ea3c1dc40e354deefba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateNamedPipeA
GetCurrentThreadId
GetCurrentProcess
Module32Next
GetLocalTime
GetFileSizeEx
VirtualFree
CreateDirectoryA
GetCommandLineA
GetProcAddress
CreateEventA
WaitForSingleObject
SetEvent
ConnectNamedPipe
SetFilePointer
GetTickCount
GetLastError
SetLastError
GetModuleHandleA
GetModuleFileNameA
VirtualProtect
IsBadReadPtr
CreateFileA
SetNamedPipeHandleState
WriteFile
WideCharToMultiByte
FlushFileBuffers
CloseHandle
lstrlenA
ReadFile
DisconnectNamedPipe
GetComputerNameA
GlobalAlloc
GlobalFree
WaitForMultipleObjects
TerminateThread
CopyFileA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
DeleteFileA
ResetEvent
GetEnvironmentVariableA
MoveFileExA
TerminateProcess
HeapAlloc
GetProcessHeap
HeapFree
FindResourceA
SizeofResource
LoadResource
OpenProcess
GetThreadContext
SetThreadContext
VirtualFreeEx
CreateToolhelp32Snapshot
Thread32First
Thread32Next
LoadLibraryA
VirtualAlloc
CreateThread
MultiByteToWideChar
Sleep
lstrcmpA
ReleaseMutex
CreateMutexA
GetVersionExA
HeapDestroy
HeapCreate
GetVolumeNameForVolumeMountPointW
TlsGetValue
TlsSetValue
TlsFree
UnmapViewOfFile
TlsAlloc
CreateEventW
CreateMutexW
CreateFileMappingW
MapViewOfFile
lstrcpyA
LocalFree
FindFirstFileA
FindNextFileA
OpenEventA
MoveFileA
GetSystemTime
FreeLibrary
GetFileSize
OpenThread
ResumeThread
SuspendThread
VirtualAllocEx
WriteProcessMemory
Module32First
ReadProcessMemory
FindClose

advapi32

FreeSid
EqualSid
OpenProcessToken
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegDeleteValueA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
LookupAccountSidA

ws2_32

closesocket
WSAGetLastError
send
socket
WSAIoctl
inet_ntoa
WSAStartup
WSACleanup
ntohs
gethostbyname
inet_addr
select
__WSAFDIsSet
recv
setsockopt
listen
bind
htons
ioctlsocket
connect
gethostbyaddr
htonl

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCRLContext
CertGetCRLContextProperty
CertEnumCertificatesInStore
CertOpenStore
CryptEnumOIDInfo
CertFreeCRLContext
PFXExportCertStore
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFreeCertificateContext
CertSetCertificateContextProperty
CertGetNameStringW
CertGetEnhancedKeyUsage
CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertEnumSystemStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertAddCTLContextToStore
CertAddCRLContextToStore

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
DeleteDC
DeleteObject
RestoreDC
SetViewportOrgEx
SaveDC
GdiFlush
SetRectRgn
CreateDIBSection
GetDIBits

shell32

SHGetFolderPathW
SHGetFolderPathA

shlwapi

PathMatchSpecA
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW
PathCombineA

user32

IntersectRect
EqualRect
IsWindow
GetWindowInfo
PostMessageW
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefMDIChildProcA
GetMenu
GetMenuItemCount
GetMenuState
HiliteMenuItem
MenuItemFromPoint
EndMenu
GetSubMenu
GetMenuItemRect
TrackPopupMenuEx
GetMenuItemID
SendMessageW
SetKeyboardState
PostThreadMessageW
RegisterWindowMessageW
GetDC
ReleaseDC
GetThreadDesktop
GetUserObjectInformationW
GetWindowThreadProcessId
GetClassNameW
IsCharAlphaNumericA
MessageBoxW
MessageBoxA
DialogBoxParamA
DialogBoxParamW
GetWindowTextA
GetWindowTextW
GetWindowLongA
FindWindowA
PostMessageA
OpenDesktopW

ole32

CLSIDFromString
CoInitialize
CoCreateInstance
StringFromGUID2

msvcrt

??3@YAXPAX@Z
_CxxThrowException
_stricmp
_adjust_fdiv
_initterm
abs
wcschr
_EH_prolog
??1type_info@@UAE@XZ
__CxxFrameHandler
fseek
ftell
fread
fwrite
freopen
_wcsdup
wcscpy
wcslen
_ftol
__mb_cur_max
_isctype
_pctype
gmtime
strftime
sscanf
mktime
_ltoa
qsort
strtoul
fopen
fgets
fclose
rename
strlen
memset
time
strncpy
_except_handler3
_local_unwind2
_snprintf
free
strcat
strcpy
calloc
memcpy
malloc
memmove
strcmp
strstr
strncmp
realloc
_strnicmp
sprintf
memcmp
atoi
atol
strchr
strtok

oleaut32

GetErrorInfo

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

9ca6a21ca0ff0ea3c1dc40e354deefba

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

crypt32

gdi32

shell32

shlwapi

user32

ole32

msvcrt

oleaut32

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 20KB - Virtual size: 146KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 20KB - Virtual size: 146KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 12KB - Virtual size: 8KB