92bdcf4ce59d81e3ce4a3149e6f71af179a753f58b1d77f9946a81e2f97b92fd

Sharing

Copy URL Twitter E-mail

General

Target

92bdcf4ce59d81e3ce4a3149e6f71af179a753f58b1d77f9946a81e2f97b92fd
Size

666KB
MD5

8d90e3c68030fbb91ad5b920d5e17b32
SHA1

e01ca649a40e9884596b9e26483342f29a84b55f
SHA256

92bdcf4ce59d81e3ce4a3149e6f71af179a753f58b1d77f9946a81e2f97b92fd
SHA512

feafed84a8ef35da28160023e623604c309d72ca91924b419174b9f27e4865a5002c725dbb537f553d37e367d374d388b53a1b1d05dc703cf03ef7ebc88a5d40
SSDEEP

12288:D5HM9fEgLq5UzlBRETU0Loks7kJ1Pg3PKrlP32KD41N707Y7fStHis:dHMxEgLqWlBRETU0Lob7kJ1PQKhP32K3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92bdcf4ce59d81e3ce4a3149e6f71af179a753f58b1d77f9946a81e2f97b92fd

Files

92bdcf4ce59d81e3ce4a3149e6f71af179a753f58b1d77f9946a81e2f97b92fd
.dll windows:4 windows x64 arch:x64

55f6f617fbdb50b526c1cf28f6d2c1e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

ws2_32

closesocket
recvfrom
sendto
WSAStartup
socket
setsockopt
gethostbyname
inet_ntoa
bind
inet_addr
WSACleanup
htons
select

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

iphlpapi

GetAdaptersInfo
GetIpNetTable

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetServerEnum

shlwapi

StrStrW
StrStrIW

kernel32

GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
GetStringTypeW
GetStringTypeA
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
LCMapStringW
LCMapStringA
GetConsoleOutputCP
lstrcatW
GetComputerNameW
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
GetDriveTypeW
GetLogicalDrives
MultiByteToWideChar
OutputDebugStringA
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
CloseHandle
CreateFileA
Sleep
CreateEventW
WaitForSingleObject
CreateMutexW
SetErrorMode
FreeLibraryAndExitThread
LoadLibraryW
MoveFileExW
CopyFileW
GetEnvironmentVariableW
CreateThread
GetModuleFileNameW
WideCharToMultiByte
lstrcpynW
CreateMutexA
GetProcAddress
InitializeCriticalSection
GetCurrentProcessId
VirtualProtect
OpenProcess
WriteFile
ReadFile
SetFilePointer
CreateFileW
FlushFileBuffers
__C_specific_handler
GetFileSize
GetSystemTime
GetVersionExA
WriteConsoleA
SetStdHandle
RtlVirtualUnwind
HeapReAlloc
LoadLibraryA
FatalAppExitA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReleaseMutex
GetCPInfo
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetLastError
LockResource
LoadResource
SizeofResource
FindResourceW
VirtualQuery
GetTempPathW
FreeLibrary
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RaiseException
RtlPcToFileHeader
GetModuleHandleA
FlsGetValue
TlsAlloc
TlsFree
FlsFree
SetLastError
TlsSetValue
GetCurrentThread
FlsAlloc
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection

user32

EnumChildWindows
GetWindowThreadProcessId
IsWindowVisible
ShowWindow
PostMessageW
wsprintfW
MessageBoxA
EnumWindows
GetClassNameW

advapi32

CryptEncrypt
CryptGenRandom
CryptCreateHash
CryptHashData
CryptAcquireContextA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptDeriveKey
CryptDecrypt
CryptDestroyKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.exsdat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exrdat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exdat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55f6f617fbdb50b526c1cf28f6d2c1e0

Headers

File Characteristics

Imports

psapi

ws2_32

wininet

iphlpapi

netapi32

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 269KB - Virtual size: 269KB

.exsdat Size: 3KB - Virtual size: 2KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 6KB - Virtual size: 16KB

.pdata Size: 14KB - Virtual size: 14KB

.exrdat Size: 512B - Virtual size: 288B

.exdat Size: 512B - Virtual size: 24B

.rsrc Size: 319KB - Virtual size: 319KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 269KB - Virtual size: 269KB

.exsdat
Size: 3KB - Virtual size: 2KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 6KB - Virtual size: 16KB

.pdata
Size: 14KB - Virtual size: 14KB

.exrdat
Size: 512B - Virtual size: 288B

.exdat
Size: 512B - Virtual size: 24B

.rsrc
Size: 319KB - Virtual size: 319KB

.reloc
Size: 2KB - Virtual size: 1KB