d383b03fde6bd5d3b2d390cbcacfcead

Sharing

Copy URL Twitter E-mail

General

Target

d383b03fde6bd5d3b2d390cbcacfcead
Size

1.1MB
MD5

d383b03fde6bd5d3b2d390cbcacfcead
SHA1

6992b02f4c3df336a5212dfa67b41d39be9e7c0e
SHA256

a7efcdfd849380a4ebccac15f9d82827cf0f4208f06ea4d4f0d150377ffc6c68
SHA512

8d29e7ac700af677d056a30cef481694a7b07db5809849bde9cdc2d309cf5680f70b7a4d4e518d5af510ae0dc8ab5ad80987a526d41da6f752441817cc6b22f9
SSDEEP

24576:yqh9wQzzo+ZQfI5R5PyrHHssJX7MA0c9vxkH3tKNbra1:yqnrLZQfI5R5qrHHsafD9a9K1ra

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d383b03fde6bd5d3b2d390cbcacfcead

Files

d383b03fde6bd5d3b2d390cbcacfcead
.dll windows:5 windows

c6f6be68dfa55fd9915baf3e31e5b114

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateMutexA
CreateFileMappingW
GetModuleHandleA
GetCommandLineA
CreateDirectoryW
CreateFileW
GetVersionExW
CreateThread
TerminateProcess
GetShortPathNameA
GetShortPathNameW
GetLongPathNameA
GetLongPathNameW
WriteFile
ReadFile
SetFilePointer
FindClose
SetFileTime
DuplicateHandle
SystemTimeToFileTime
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
RemoveDirectoryW
GetFullPathNameA
GetFullPathNameW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetVolumeInformationA
LocalAlloc
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetCurrentProcessId
GetLocalTime
GetCurrentProcess
GetWindowsDirectoryW
GetSystemWow64DirectoryW
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32FirstW
VirtualProtect
RtlUnwind
InitializeSListHead
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapSize
GetTimeZoneInformation
GetFileType
GetStdHandle
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExW
GetExitCodeProcess
CreateEventA
WaitForSingleObject
InterlockedExchange
Sleep
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedDecrement
GetEnvironmentVariableW
CreateProcessW
GetModuleFileNameW
GetSystemInfo
CloseHandle
GetTickCount
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
FileTimeToSystemTime
RaiseException
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExW
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
InterlockedFlushSList

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoInitializeEx

ws2_32

socket
shutdown
send
ntohs
listen
htons
sendto
getpeername
connect
closesocket
bind
accept
ntohl
inet_addr
select
recv
recvfrom
htonl

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

user32

DispatchMessageW
PeekMessageW
GetDesktopWindow
GetWindowRect

advapi32

GetCurrentHwProfileA
OpenProcessToken
InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
GetSidSubAuthority
FreeSid
DuplicateTokenEx
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
CreateProcessAsUserW
RegDeleteValueA

oleaut32

VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnlock
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SysFreeString
SafeArrayLock
VariantChangeType

Exports

Exports

DllInstall

Sections

.text
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 557KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6f6be68dfa55fd9915baf3e31e5b114

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

ws2_32

userenv

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 479KB - Virtual size: 478KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 557KB - Virtual size: 561KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 479KB - Virtual size: 478KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 557KB - Virtual size: 561KB

.reloc
Size: 20KB - Virtual size: 19KB