c5795f80323fa2b0bec53d5c850fbe1d

Sharing

Copy URL Twitter E-mail

General

Target

c5795f80323fa2b0bec53d5c850fbe1d
Size

272KB
MD5

c5795f80323fa2b0bec53d5c850fbe1d
SHA1

41e997cd91b2b94e5a32ac1d506819f7589a08b1
SHA256

020d91f54a7a7095954470b36066351cbc45bcd19e6754dec10d7fe9715abc3f
SHA512

f7bec00aba39c10aa55f123a00c3f36c73b831f99fa43c0473b32e02586844ee639734f4692aa5130d0d0f0723a19465888893f1f4730c5ea432b68703650b3f
SSDEEP

6144:ejjqX/iqBd0zTLeTyKSrrwBQuxSfcxBV+UdvrEFp7hKB/:ejj0L0zTLeTyKSrrwaCBjvrEH7E/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5795f80323fa2b0bec53d5c850fbe1d

Files

c5795f80323fa2b0bec53d5c850fbe1d
.dll windows:6 windows x86 arch:x86

92c41024898fbf51016cb09ba2c20fe3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ieshims.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
fclose
_wfopen
fputws
calloc
wcsncmp
_vscwprintf
_wcslwr
free
_except_handler4_common
memmove
_CxxThrowException
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
wcsspn
memcpy
memset
realloc
__CxxFrameHandler3
malloc
_wcsnicmp
iswspace
??1type_info@@UAE@XZ
wcstok
wcsstr
wcsrchr
wcspbrk
wcschr
_vsnwprintf
_wcsicmp
iswctype
towlower

ntdll

RtlNtStatusToDosError
NtQueryObject

kernel32

CreateMutexW
LoadLibraryW
InitializeCriticalSection
SetFileAttributesW
EnterCriticalSection
EncodePointer
ReleaseMutex
IsWow64Process
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
WaitForSingleObject
GetFileSizeEx
FindFirstFileW
FindNextFileW
FindClose
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
OutputDebugStringW
OutputDebugStringA
GetModuleHandleA
VirtualProtect
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
lstrlenW
lstrcmpiW
CopyFileW
CreateDirectoryW
GetFileInformationByHandle
GetCurrentThreadId
GetFileAttributesW
SearchPathW
SetLastError
LocalAlloc
GetModuleFileNameW
VirtualQuery
LocalFree
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
FreeLibrary
GetProcAddress
GetLastError
GetProcessId
GetCurrentProcessId
HeapFree
GetProcessHeap
InterlockedDecrement
HeapAlloc
InterlockedIncrement
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
CloseHandle
WaitForSingleObjectEx
OpenEventW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
TerminateProcess
DecodePointer
CreateFileW
DeviceIoControl

shlwapi

PathFindFileNameW
ord154
ord152
PathIsUNCW
PathSkipRootW
ord437
ord158
ord156
ord157
PathGetArgsW
StrDupW
SHRegGetValueW

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

advapi32

RegCloseKey
RegOpenKeyExW
DecryptFileW
EncryptFileW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW

iertutil

ord50
ord170
ord58
ord305
ord45

shell32

ShellExecuteExW
SHGetFolderPathW

user32

GetForegroundWindow
GetWindowThreadProcessId
GetPropW
GetClassNameW
AllowSetForegroundWindow
GetGUIThreadInfo

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92c41024898fbf51016cb09ba2c20fe3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

shlwapi

ole32

oleaut32

advapi32

iertutil

shell32

user32

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 175KB

.data Size: 1024B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB