c6254416374416c4b6dbcd1fa28e57cb

Sharing

Copy URL Twitter E-mail

General

Target

c6254416374416c4b6dbcd1fa28e57cb
Size

468KB
MD5

c6254416374416c4b6dbcd1fa28e57cb
SHA1

2ff98aedf48184556e2bb48f7db706f706ecf6bd
SHA256

bf44c0e282d5465027ec92e7bf52ed430d40a3cbcab5fc9dcb36a82a88886a83
SHA512

3bc5882071fa4151d61f8d20c6fe3049eeae36c3486c378b9f76b4f5e915300fea02de988f6035c41a6b25c3ded29df8f234710193dbf595d07aeb69009f37e7
SSDEEP

12288:VnGAFj1BdXECCKzeYG0ZVyInvIsr2MIgCB0q+4F+B:ZVFVuMD3jHIf2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6254416374416c4b6dbcd1fa28e57cb

Files

c6254416374416c4b6dbcd1fa28e57cb
.dll windows:5 windows x64 arch:x64

f564105a94cf1b2a122bf61c4250d04e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

CryptEncrypt

kernel32

ExitProcess
GetModuleHandleW
GetModuleFileNameA
GetBinaryTypeA
GetCurrentThreadId
SetEnvironmentVariableW
WriteConsoleOutputA
GetCommandLineA
SetWaitableTimer

oleaut32

VarI4FromR8
VariantCopyInd

lz32

LZOpenFileW

user32

IsCharAlphaW
GetMenuDefaultItem
TranslateAcceleratorW
GetFocus
GetThreadDesktop
GetCapture
SetUserObjectSecurity

mprapi

MprAdminInterfaceDelete
MprAdminPortEnum

ole32

IIDFromString
StgCreateDocfileOnILockBytes

crypt32

CertGetIssuerCertificateFromStore

setupapi

SetupOpenMasterInf
SetupGetFieldCount

pdh

PdhParseCounterPathW

rpcrt4

RpcStringBindingComposeW

gdi32

GdiFlush
FlattenPath

urlmon

RevokeBindStatusCallback

Exports

Exports

ConfigStartMenu
DllCanUnloadNow
DllGetClassObject
DllGetVersion
GetProgramsOnline
NewLinkHereW
RunOCMW
RunSPADW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

dfasd
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

*.EGRAC
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

q
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.jqr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f564105a94cf1b2a122bf61c4250d04e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

oleaut32

lz32

user32

mprapi

ole32

crypt32

setupapi

pdh

rpcrt4

gdi32

urlmon

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 4KB

.code Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 12KB

.pdata Size: 4KB - Virtual size: 1KB

dfasd Size: 244KB - Virtual size: 240KB

*.EGRAC Size: 96KB - Virtual size: 95KB

q Size: 68KB - Virtual size: 66KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.jqr Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 4KB

.code
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 12KB

.pdata
Size: 4KB - Virtual size: 1KB

dfasd
Size: 244KB - Virtual size: 240KB

*.EGRAC
Size: 96KB - Virtual size: 95KB

q
Size: 68KB - Virtual size: 66KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.jqr
Size: 4KB - Virtual size: 3KB