d4af58ed217effbddf7fcbb02b6c6636

Sharing

Copy URL Twitter E-mail

General

Target

d4af58ed217effbddf7fcbb02b6c6636
Size

415KB
MD5

d4af58ed217effbddf7fcbb02b6c6636
SHA1

6a316a1b0b1d22d334737df964a1481275f2abb2
SHA256

0099ee87b7b52ce7e7af4a6e63fb992e07b70100c7fc946e573faf3d11af8b6c
SHA512

e44dba6135b9aa4cfcf9c454a0aadecab42ebc04153d5ec5966ddb9311a45976fc1ce1ecba1fdf0d50e3b8ba396ec1cd658dde1236480e2bcb6c1a6918b99526
SSDEEP

6144:mY446nXhyjXSCTyk0gW96yyOkSlTXFZpIiKjw/fz3pv36Wo0Vm11cef2p9AiyI:9446QuozmtHlLFZpIdUrUGiif

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4af58ed217effbddf7fcbb02b6c6636

Files

d4af58ed217effbddf7fcbb02b6c6636
.dll windows:4 windows x86 arch:x86

68a1264bd799aec6c448153072eec91c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
_CIatan
tolower
qsort
memset
memmove
malloc
iswspace
iswpunct
iswdigit
free
floor
_wexecle
_vsnwprintf
_unlock
_stricmp
_purecall
_CIacos
_lock
_isnan
_initterm
_finite
_controlfp
_chgsign
_amsg_exit
__p___mb_cur_max
__dllonexit
__CxxFrameHandler
_XcptFilter
_CxxThrowException
_CIsqrt
_CIsin
_CIcos
_CIatan2

advapi32

LsaLookupNames
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

gdi32

SetMapMode
SetBkMode
MoveToEx
GetTextMetricsW
GetObjectW
GetObjectA
GetGlyphOutlineA
GetFontLanguageInfo
GetClipBox
GetCharacterPlacementW
SetTextAlign
GdiGetPageCount
GdiGetBatchLimit
ExtTextOutW
ExtTextOutA
DeleteObject
DeleteDC
CreateFontIndirectW
CreateFontIndirectA
CreateDIBSection
CreateCompatibleDC
SetTextColor
StretchBlt
TranslateCharsetInfo
GetCharacterPlacementA
SetBkColor

kernel32

GetModuleHandleA
GetModuleFileNameA
GetProcAddress
GetProcessPriorityBoost
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalHandle
GetFileSizeEx
GetFileSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsProcessorFeaturePresent
IsSystemResumeAutomatic
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
ReadFile
ReleaseMutex
RtlUnwind
SetUnhandledExceptionFilter
SizeofResource
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
GetLastError
CloseHandle
CreateFileA
CreateMutexA
CreateThread
DebugBreak
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
FindResourceA
FindResourceW
FreeLibrary
GetACP
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

Exports

Exports

ComputeBoundingSphere
CrackUserDNtoNTLMUser2
CreateVolumeTextureFromFileExW
TypeFreeLdapModObject

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68a1264bd799aec6c448153072eec91c

Headers

File Characteristics

Imports

msvcrt

advapi32

ole32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 70KB - Virtual size: 71KB

.rsrc Size: 63KB - Virtual size: 63KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 70KB - Virtual size: 71KB

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 4KB - Virtual size: 4KB