d52f5da10e84853f15706133e967ab6b

Sharing

Copy URL

Twitter E-mail

General

Target

d52f5da10e84853f15706133e967ab6b
Size

1.3MB
MD5

d52f5da10e84853f15706133e967ab6b
SHA1

e89558c040cc24b38a79e29f5b3fb8fe1e6300b9
SHA256

9d91621ca1c2a3bca8c74836bde3fbb8afbbc7c657f6630fd338fce8d8250965
SHA512

aa8a3500b4417271117a6acb3fa09485cb01a6eef1ebc9d5107a87155cfddf404139714e8ef9254c3a0076c6ca4a8a94ccd6a0c12434059b941d7b3de6569d99
SSDEEP

24576:bhCbYfOMaeAgeLut7oFGaDxcA7vw/9EYabCo:bcbYfGFBVxcA8V5aZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

d52f5da10e84853f15706133e967ab6b

resource
d52f5da10e84853f15706133e967ab6b

Files

d52f5da10e84853f15706133e967ab6b
.dll regsvr32 windows:6 windows x64 arch:x64

9b324a4c8c6da1933eec68fedf1e50cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObjectEx
WriteConsoleW
GetTickCount
Sleep
GetProcessHeap
HeapAlloc
HeapFree
CreateMutexA
GetLastError
GetCommandLineA
ExitProcess
CreateProcessA
GetModuleHandleA
GetProcAddress
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetThreadContext
SetThreadContext
ResumeThread
CloseHandle
VirtualFreeEx
TerminateProcess
OutputDebugStringA
Process32First
GetCommandLineW
WriteFile
VirtualAlloc
OpenProcess
CreateToolhelp32Snapshot
CreateFileA
Process32Next
K32GetModuleBaseNameA
GetCurrentProcessId
K32EnumProcessModules
VirtualProtect
SetLastError
VirtualFree
LoadLibraryA
GetNativeSystemInfo
FreeLibrary
IsBadReadPtr
SetConsoleCtrlHandler
FindFirstFileW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCurrentProcess
GetStdHandle
SetFileTime
GetEnvironmentVariableA
FindClose
CreateFileW
LoadLibraryW
SetCurrentDirectoryW
SystemTimeToFileTime
GetSystemTime
DebugBreak
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
RtlUnwind
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetStringTypeW
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DuplicateHandle
CreateProcessW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
CompareStringW
LCMapStringW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileSizeEx
GetConsoleCP
GetExitCodeProcess
CreatePipe
SetStdHandle
GetCurrentDirectoryW
SetFileAttributesW
CreateDirectoryW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

Exports

Exports

DllRegisterServer
DllUnregisterServer
PauseW
ResumeW
StartW
pStartW

Sections

.flat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 962KB - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b324a4c8c6da1933eec68fedf1e50cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.flat Size: 4KB - Virtual size: 3KB

.text Size: 962KB - Virtual size: 962KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 57KB - Virtual size: 103KB

.pdata Size: 42KB - Virtual size: 42KB

.rdata Size: 42KB - Virtual size: 42KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 5KB - Virtual size: 4KB

.flat
Size: 4KB - Virtual size: 3KB

.text
Size: 962KB - Virtual size: 962KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 57KB - Virtual size: 103KB

.pdata
Size: 42KB - Virtual size: 42KB

.rdata
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 5KB - Virtual size: 4KB