bd56484bcdf0f6a9a515faa0538fff85779167b5bb2332d4fd2416f499c7a8dd

Sharing

Copy URL Twitter E-mail

General

Target

bd56484bcdf0f6a9a515faa0538fff85779167b5bb2332d4fd2416f499c7a8dd
Size

229KB
MD5

13b163403529d3b19c5ca6d069fa4569
SHA1

8ea2dd1b3289873197b510672735ace31ed4123c
SHA256

bd56484bcdf0f6a9a515faa0538fff85779167b5bb2332d4fd2416f499c7a8dd
SHA512

f84b4c59616c9a8ac08212e79542e3f567349af7159dd8f6573e75177b9475770cfdb256a675e7e06dd69334b5616be57b1c4288c6d5e89faeedda050b77bab4
SSDEEP

3072:PfE66jkG3GmD62CXOx2MucO/Hjt1gbptnakhlpE1FiOqikkSKit:PfPCGmG2CX6qjt1gbT3lpDdikkSKit

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd56484bcdf0f6a9a515faa0538fff85779167b5bb2332d4fd2416f499c7a8dd

Files

bd56484bcdf0f6a9a515faa0538fff85779167b5bb2332d4fd2416f499c7a8dd
.dll windows:6 windows x64 arch:x64

185a6acf03cab92d806bce5acc84e233

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memcmp
memcpy
memmove
memset
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initterm_e
_seh_filter_dll
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-convert-l1-1-0

strtol
wcstol

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

iswupper
iswxdigit
towlower
wcscpy_s
wcsxfrm
iswpunct
iswprint
iswlower
iswdigit
iswcntrl
iswalpha
tolower
iscntrl
isprint
ispunct
isspace
isxdigit
isdigit
islower
isupper
isalpha
strxfrm
strcpy_s
iswspace

Exports

Exports

regcompA
regcompW
regerrorA
regerrorW
regexecA
regexecW
regfreeA
regfreeW

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

185a6acf03cab92d806bce5acc84e233

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB