c9bd1830ec233707370f641980cde4b7

Sharing

Copy URL Twitter E-mail

General

Target

c9bd1830ec233707370f641980cde4b7
Size

745KB
MD5

c9bd1830ec233707370f641980cde4b7
SHA1

9d328a0f652588ac478f9c3cd7796502a3da936c
SHA256

06b8022a94c593a87c72ae9c2c0f69e2f985d548c7230ee2357f28700b94fdce
SHA512

e597c15a3ed68dcb2a4d596373d1215721f4bfaa3d27dc17f7ecdca481ba5e1ce42d225667b5c9a9adde7e72bfb308ca7e3339a02eb56301cc7b9a58e60867c6
SSDEEP

12288:czxLcIycP5op3gW8VSNhw1mOrOnBKM1DxPPwMBFHAD2:cz1lopwW8oemOrO7DVPwM7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9bd1830ec233707370f641980cde4b7

Files

c9bd1830ec233707370f641980cde4b7
.dll windows:6 windows x64 arch:x64

230f2575487cf336e035f2ef62894eda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
SetStdHandle
CreateFileW
GetFileInformationByHandle
GetFileSize
GetFileType
LockFileEx
QueryDosDeviceW
ReadFile
SetFilePointer
UnlockFileEx
CloseHandle
GetLastError
CreatePipe
SetNamedPipeHandleState
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetCurrentProcess
CreateThread
GetStartupInfoW
GetSystemTimeAsFileTime
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryExW
CreateFileMappingA
GetLogicalDriveStringsA
QueryDosDeviceA
CopyFileA
GetNamedPipeHandleStateW
SetFileApisToANSI
IsBadWritePtr
IsBadStringPtrA
FileTimeToSystemTime
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
EnumSystemCodePagesA
WriteConsoleInputA
FlushConsoleInputBuffer
PeekConsoleInputA
VerLanguageNameA
HeapSize
WriteConsoleW
SetEndOfFile
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetConsoleCP
WriteFile
FlushFileBuffers
LCMapStringW
GetStringTypeW
HeapReAlloc
HeapFree
HeapAlloc
GetACP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
WideCharToMultiByte
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameA

shlwapi

StrCSpnW
StrStrA
StrToIntExA
StrCpyW
wvnsprintfW
wnsprintfW
ord156
PathIsLFNFileSpecW
PathGetDriveNumberW
PathIsFileSpecW
PathIsRelativeA
PathMakeSystemFolderA
UrlGetLocationA
HashData
SHDeleteEmptyKeyA
SHDeleteEmptyKeyW
SHDeleteValueA
SHRegCreateUSKeyA
SHRegOpenUSKeyW
SHRegDeleteEmptyUSKeyA
SHOpenRegStream2W
SHRegCloseUSKey

dbghelp

ImageNtHeader
MakeSureDirectoryPathExists
ImagehlpApiVersion
ImagehlpApiVersionEx
GetTimestampForLoadedLibrary
SymCleanup
SymEnumerateModules64
SymGetModuleInfo64
SymGetModuleBase64
SymGetFileLineOffsets64
SymMatchFileName
SymInitialize
SymGetSearchPath
SymUnloadModule64
SymRegisterCallback64
SymRegisterFunctionEntryCallback64
SymFromName
SymGetTypeInfo
MiniDumpReadDumpStream
SymSetSearchPath

Sections

.text
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

230f2575487cf336e035f2ef62894eda

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

dbghelp

Sections

.text Size: 625KB - Virtual size: 624KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 6KB - Virtual size: 283KB

.pdata Size: 14KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 625KB - Virtual size: 624KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 6KB - Virtual size: 283KB

.pdata
Size: 14KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB