c9e00c9d94d1a790d5923b050b0bd741

Sharing

Copy URL Twitter E-mail

General

Target

c9e00c9d94d1a790d5923b050b0bd741
Size

808KB
MD5

c9e00c9d94d1a790d5923b050b0bd741
SHA1

7105b17d07fd5b30d5386862a3b9cc1ff53a2398
SHA256

7d5ad688d1cdb34f8ee694e60b9d47e894c879f23218c5c29a19a514030e706d
SHA512

4a8fe1e97f6f98ee0648d85731aa8ca7ee7f3cc8bad4848b7d5d4e4f6374a8599a238f17fc8e623f6c8785f40caf0fe5190ea8773523587be85f7e0de18b6818
SSDEEP

12288:CzOQeyh78IrXbXHQr/fBdYinxl9DuHTUPp/1J:iOQe47BLniJDuHTUR9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9e00c9d94d1a790d5923b050b0bd741

Files

c9e00c9d94d1a790d5923b050b0bd741
.dll windows:4 windows x86 arch:x86

8b332e545a344e97cc5a907628ad4565

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
TerminateThread
SuspendThread
ResumeThread
OpenThread
GetExitCodeThread
InterlockedIncrement
GetCurrentThreadId
SetErrorMode
SetFilePointer
FindClose
CloseHandle
SetEndOfFile
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFileAttributesW
GetFileTime
LocalFileTimeToFileTime
SetFileTime
WriteFile
ReadFile
GetFullPathNameW
CreateFileW
FlushFileBuffers
GetFileSize
GetLastError
FindFirstFileW
SetEnvironmentVariableW
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
SetEvent
ResetEvent
CreateEventW
OpenEventW
LocalFree
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetVersionExA
SetLastError
OpenMutexW
CreateMutexA
CreateMutexW
ReleaseMutex
ExitThread
GetVersion
ProcessIdToSessionId
CreateFileMappingW
lstrcatW
lstrcpynA
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
GetSystemDirectoryW
lstrcpynW
GetModuleFileNameW
SystemTimeToFileTime
GetSystemTime
SetThreadContext
QueueUserAPC
GetThreadContext
RemoveDirectoryW
GetExitCodeProcess
MoveFileExW
GetShortPathNameW
GetFileAttributesW
LoadLibraryW
GetVolumeInformationW
TerminateProcess
DeleteFileW
CreateProcessW
CopyFileW
GetLongPathNameW
OpenProcess
VirtualAllocEx
SearchPathW
lstrlenA
IsBadStringPtrA
lstrcmpiA
GetModuleHandleA
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
VirtualFreeEx
ReadProcessMemory
VirtualProtectEx
VirtualQueryEx
UnmapViewOfFile
FreeLibrary
DuplicateHandle
WaitForMultipleObjectsEx
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
MapViewOfFile
OpenFileMappingW
FindNextFileW
Thread32First
Thread32Next
CreateToolhelp32Snapshot
CreateEventA
WaitForMultipleObjects
lstrlenW
LocalAlloc
InterlockedExchange
LoadLibraryA
RaiseException
GetCommandLineA
CreateThread
RtlUnwind
GetCurrentThread
HeapSize
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsDebuggerPresent
LCMapStringA
LCMapStringW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetConsoleCtrlHandler
InitializeCriticalSection
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

CreateABHList
CreatePGHDict
DisableDLV
DisableOFR
DisableSHR
EnableDLV
EnableOFR
EnableSHR
FreeABHData
GetSML
GetWPF
ReadVBInfo
RestoreSMLData
WriteVBInfo

Sections

.text
Size: 548KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b332e545a344e97cc5a907628ad4565

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 546KB

.rdata Size: 172KB - Virtual size: 168KB

.data Size: 32KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 48KB - Virtual size: 45KB

.text
Size: 548KB - Virtual size: 546KB

.rdata
Size: 172KB - Virtual size: 168KB

.data
Size: 32KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 48KB - Virtual size: 45KB