d6ce4b66242e7c071c9234b7ccbd0165

Sharing

Copy URL

Twitter E-mail

General

Target

d6ce4b66242e7c071c9234b7ccbd0165
Size

653KB
MD5

d6ce4b66242e7c071c9234b7ccbd0165
SHA1

1bc95114648a5b4e241ca4d0f35771cc7f2e7d47
SHA256

bd2ccab198c7f0241582ba6ad887d709e8e0dda92037892af8b42e280b25b43e
SHA512

31f0b7fbe310959324ccf56d56a006b2e8c014c5976566c82840fe2549d76e0e27d9e5e23d1b4cf68901d92b834c86b6e52b63e2ea6ce6b042a34cfa6acaaa97
SSDEEP

12288:CRGpiUeMnSGZgPi0h33yRnetkWeAnNTCRxxbRqwMF6:CRAeESlPiM3yRneqWTCRR78

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6ce4b66242e7c071c9234b7ccbd0165

Files

d6ce4b66242e7c071c9234b7ccbd0165
.dll windows:5 windows x86 arch:x86

ec2bbab294ed5e5ec148965996df88af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wininet.pdb

Imports

msvcrt

memchr
isdigit
strpbrk
isspace
isalnum
time
strtoul
_vsnprintf
_ftol
ispunct
iscntrl
isalpha
_purecall
_CxxThrowException
wcsncpy
wcscat
wcsstr
srand
rand
wcslen
_wtoi
wcscpy
_wcsnicmp
wcstok
_wcsicmp
wcscmp
malloc
free
realloc
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
sprintf
isxdigit
_except_handler3

shlwapi

PathRemoveFileSpecW
PathRemoveBackslashA
PathRemoveFileSpecA
StrNCatA
ord419
PathRenameExtensionA
ord215
SHDeleteKeyA
StrCmpNIW
ord342
wvnsprintfA
ord52
ord57
ord308
ord260
StrCmpNIA
StrStrA
ord151
StrChrW
StrChrA
ord154
ord217
UrlCombineW
UrlCanonicalizeW
ord340
UrlCombineA
UrlCanonicalizeA
ord153
PathCreateFromUrlA
UrlUnescapeA
StrNCatW
StrToIntW
StrCpyW
ord68
ord95
ord136
StrStrIA
StrCmpW
SHRegGetUSValueA
StrCmpNA
StrToIntA
StrCatBuffA
StrRChrA
StrCmpIW
ord59
ord107
SHSetValueW
ord563
ord437
ord309
StrStrIW
SHGetValueW
SHSetValueA
SHGetValueA
wnsprintfA
wnsprintfW
StrCpyNW
PathFindFileNameW
ord158
ord125
SHRegGetValueW
ord80
ord97
ord83
ord138
StrCatBuffW
ord310
ord311
ord143
StrDupW

crypt32

CertGetNameStringW
CryptDecodeObject
CertFindRDNAttr
CertRDNValueToStrA
CertControlStore
CertNameToStrA
CertCreateCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertSetCertificateContextProperty
CertOpenSystemStoreA
CertCloseStore
CertFindExtension
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptUnprotectData

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
CryptGetProvParam
CryptSetProvParam
CryptAcquireContextA
CryptReleaseContext
RegDeleteValueA
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
RegCreateKeyExW

kernel32

ExpandEnvironmentStringsA
SuspendThread
TerminateThread
GetACP
RtlMoveMemory
ResetEvent
CreateThread
Sleep
SetErrorMode
FormatMessageA
lstrcatA
SystemTimeToFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
GetDateFormatA
ExitThread
lstrcpyA
InterlockedCompareExchange
GetCurrentThread
GetCurrentProcess
IsDBCSLeadByte
IsBadReadPtr
GlobalAlloc
GlobalFree
IsBadStringPtrW
DeleteFileA
IsBadCodePtr
IsBadWritePtr
SleepEx
GetModuleFileNameA
GetSystemTime
WritePrivateProfileStringA
WriteFile
SetFilePointer
ReadFile
FileTimeToSystemTime
LocalReAlloc
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
IsBadStringPtrA
WaitForMultipleObjects
GetFileTime
ReleaseSemaphore
CreateSemaphoreA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
GetVersion
CompareStringA
GetFileAttributesA
GetEnvironmentVariableA
GetWindowsDirectoryA
RemoveDirectoryA
GetShortPathNameA
FileTimeToDosDateTime
SetFileAttributesA
CreateDirectoryA
GetPrivateProfileStringA
SetFileTime
CopyFileA
DeviceIoControl
GetDiskFreeSpaceA
FindClose
FindNextFileA
FindFirstFileA
DosDateTimeToFileTime
FlushViewOfFile
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
SetEndOfFile
LoadLibraryExA
GetUserDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameA
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalSize
lstrcpynW
GetTimeFormatA
WaitForSingleObject
GetProcAddress
LoadLibraryA
lstrcmpiA
GetLastError
FreeLibrary
lstrcpynA
lstrlenA
WideCharToMultiByte
InterlockedExchange
CloseHandle
OpenEventA
LeaveCriticalSection
EnterCriticalSection
SetLastError
LocalFree
GetVersionExA
GetFileSize
CreateFileA
GetSystemDirectoryA
lstrlenW
MultiByteToWideChar
GetModuleHandleA
OpenMutexA
CreateMutexA
ReleaseMutex
RaiseException
lstrcmpA
SetEvent
CreateEventA

user32

IsCharAlphaNumericA
IntersectRect
EqualRect
wsprintfW
LoadIconA
LoadImageA
DestroyIcon
SetForegroundWindow
EnumChildWindows
SetWindowTextA
GetParent
GetWindowRect
ScreenToClient
SetWindowPos
SendMessageA
PostMessageA
FindWindowA
LoadStringA
ShowWindow
GetDesktopWindow
wsprintfA
CharLowerA
DestroyWindow
IsDlgButtonChecked
EnableWindow
SetFocus
GetDlgItem
EndDialog
CheckDlgButton
CreateWindowExA
RegisterWindowMessageA
KillTimer
SetTimer
DefWindowProcA
SetWindowLongA
GetWindowLongA
RegisterClassA
CharNextA
CharToOemA
CharUpperA
CharLowerW
SendDlgItemMessageA
IsWindow
CharNextExA
WinHelpA

oleaut32

SysStringByteLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DetectAutoProxyUrl
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach
_GetFileExtensionFromUrl

Sections

.text
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec2bbab294ed5e5ec148965996df88af

Headers

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

crypt32

advapi32

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 541KB - Virtual size: 540KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 541KB - Virtual size: 540KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 32KB - Virtual size: 31KB