349690e5c869f853e15f37bc06b9f6408f7ce737cf4bb8380bf25611960fff61

Sharing

Copy URL

Twitter E-mail

General

Target

349690e5c869f853e15f37bc06b9f6408f7ce737cf4bb8380bf25611960fff61
Size

272KB
MD5

005f9e9fe1052aabfd96e297ab7c0e00
SHA1

811580b2d29e35f1e384f4eab0d49be8ff1a2796
SHA256

349690e5c869f853e15f37bc06b9f6408f7ce737cf4bb8380bf25611960fff61
SHA512

53caa2cf97fbaf8d208edd2ac02db92ce2393283a0f7cf47c46c4ab6ce781c1e4e98157b9d7e101f54179ec3f77af008f53da49757aaddb32d55cb304ea7d04d
SSDEEP

6144:JzxfKkc6+2scTbqoDGdtMuko9LtIqzTAORhiZjkc3:JzxrcR2scTGoDiCuko9LiCTYb3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
349690e5c869f853e15f37bc06b9f6408f7ce737cf4bb8380bf25611960fff61

Files

349690e5c869f853e15f37bc06b9f6408f7ce737cf4bb8380bf25611960fff61
.dll windows:5 windows x86 arch:x86

b27672a2cbef2ab8babf37403314bcc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

shlwapi

UrlCompareA

shell32

SHGetFolderPathW

dbghelp

SymCleanup
SymGetSymNext64
SymInitialize

kernel32

Thread32Next
Thread32First
WaitForSingleObject
SuspendThread
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
CloseHandle
GetNativeSystemInfo
HeapAlloc
GetProcAddress
ReadProcessMemory
GetProcessHeap
GetSystemTimeAsFileTime
GetProcessTimes
OpenThread
FindFirstFileW
TerminateProcess
WriteFile
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetExitCodeThread
Sleep
GetCurrentThread
DeleteFileW
CreateThread
CreateProcessW
GetTickCount
GetExitCodeProcess
FindFirstFileExA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCurrentProcess
HeapFree
GetTempPathW
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
FindNextFileW
GetCommandLineA
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapReAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FindNextFileA

user32

MessageBoxA

winspool.drv

AddPrinterW
DeletePrinter

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey
GetCurrentHwProfileA
CloseServiceHandle
OpenSCManagerW
ControlService
RegSetValueExA
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidW
GetTokenInformation

ole32

CoSetProxyBlanket
CoTaskMemFree
CoQueryProxyBlanket

Exports

Exports

CheckDLLStatus
GetPluginData
InitializePlugin
IsReleased
ReleaseDLL

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b27672a2cbef2ab8babf37403314bcc1

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

shell32

dbghelp

kernel32

user32

winspool.drv

advapi32

ole32

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 175KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 175KB - Virtual size: 175KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 10KB - Virtual size: 9KB