bde59384f1c6f45101765f38f29604ac

Sharing

Copy URL

Twitter E-mail

General

Target

bde59384f1c6f45101765f38f29604ac
Size

140KB
MD5

bde59384f1c6f45101765f38f29604ac
SHA1

03d0f807363274b35fe8aa0d79c6f08fb5aada64
SHA256

6e89d3675b055c9f26b4b88b53af23104b39a587a108921d06f8b5b5a8ba0db4
SHA512

eb25c76180bb7e480a9d1817f988c009061daef0490b10735dea7e3e04488d5fa9512ad1832feedaa72b7eac9357840f4eb5c3ff003abd4345acec803d769532
SSDEEP

3072:f1+VvJLfTjdh7Z5jR2lALDnRa5cQXYYHO3HYSZeHNa9lq:9cBLbjB5t2lAXnREwEO3HdZ+J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bde59384f1c6f45101765f38f29604ac

Files

bde59384f1c6f45101765f38f29604ac
.dll windows:4 windows x86 arch:x86

1a1f826865cb4a502bfc86c86e76597c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AccessCheckByTypeResultListAndAuditAlarmW
ConvertStringSDToSDRootDomainA
CryptSignHashA
CreatePrivateObjectSecurity
EncryptFileA
EnumServicesStatusExA
FreeEncryptionCertificateHashList
LookupPrivilegeDisplayNameA
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegisterTraceGuidsW
UnregisterTraceGuids

gdi32

ExcludeClipRect

kernel32

VirtualAlloc
LoadResource
FindResourceA
FlushConsoleInputBuffer
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetVolumeNameForVolumeMountPointA
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
QueryPerformanceCounter
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
lstrlenA
GetCommandLineA
FindResourceW
GetLastError
LocalAlloc
LocalFree
RtlUnwind
CloseHandle
CreateEventW
CreateFileMappingW
CreateProcessW
CreateThread
DebugBreak
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
GetDefaultCommConfigA
GetModuleFileNameW
GlobalAlloc
GlobalCompact
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
RaiseException
SetEvent
WaitForSingleObject
WriteConsoleOutputCharacterW
_lcreat
lstrcmpiW
lstrlenW
CancelIo
CreateEventA
DeviceIoControl
ExitThread
FreeLibrary
GetModuleHandleA
GetOverlappedResult
GetProcAddress
LoadLibraryA
ResumeThread
SetThreadPriority
VirtualFree
WideCharToMultiByte
CompareStringW
CompareStringA
GetLocaleInfoW
SetEnvironmentVariableA
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
HeapSize
VirtualQuery
IsBadWritePtr
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
FatalAppExitA
WriteFile
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
GetVersionExA
ExitProcess
TlsAlloc
SetLastError
GetCurrentThread

ole32

CoInitialize
OleCreateFromData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoRegisterSurrogateEx
CoInitializeEx
CLSIDFromString
CoUninitialize

oleaut32

VarFormatNumber
VarR4FromUI4
VarUI1FromDisp
VarUI1FromUI4
SystemTimeToVariantTime

rpcrt4

I_RpcIfInqTransferSyntaxes
NdrRpcSsEnableAllocate
NdrServerInitializeUnmarshall
RpcBindingCopy
RpcStringBindingParseA
RpcServerRegisterIf2

user32

CharNextW
AllowSetForegroundWindow
TrackPopupMenuEx
CharPrevW
InflateRect
CreateCursor
CloseWindowStation
DialogBoxIndirectParamW
GetInputState
LoadMenuW
MessageBeep
MonitorFromPoint
MsgWaitForMultipleObjects
SetCaretPos
SetUserObjectSecurity
UnregisterHotKey
LoadStringA
TileWindows

Exports

Exports

lwcvdskpf

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a1f826865cb4a502bfc86c86e76597c

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 5KB