defdf1c6f0431aa0e653c906cb145742

Sharing

Copy URL Twitter E-mail

General

Target

defdf1c6f0431aa0e653c906cb145742
Size

84KB
MD5

defdf1c6f0431aa0e653c906cb145742
SHA1

e7abad46f36d0f937e8fc4b5f60c159685a978a8
SHA256

28a4b50cbeb08dd0e9fc1986eb2f7f2ecaf953f7aa1f378a36513540718c8f8d
SHA512

4e717bb48c38a42f835686f7b80d411c8595a381e762b091834426881882bba9375c3ea655f31dc61b71ce90665294c2d393eb8448fed4f9230cffe8aa3e46a2
SSDEEP

1536:TesGOAT4UBABKrTtIdM15WTKaK2PJWrg0Zql2L2GS9k/GWPB4UF:aswBABKvtI4g+z2PJMg0cbC/GgB4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
defdf1c6f0431aa0e653c906cb145742

Files

defdf1c6f0431aa0e653c906cb145742
.dll windows:4 windows x86 arch:x86

4b603b62f7f808afd25327ab2f38055f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
SizeofResource
GetLocaleInfoA
MoveFileW
GetNumberFormatW
GetEnvironmentVariableW
SetSystemTime
CreateMailslotW
CreateFileA
GetTimeFormatW
GetDiskFreeSpaceA
GetTempFileNameA
GlobalFlags
DeleteCriticalSection
OpenProcess
IsBadStringPtrA
DeleteFileW
WideCharToMultiByte
lstrcpyA
SetVolumeMountPointW
ProcessIdToSessionId
GetHandleInformation
CompareFileTime
FindFirstVolumeMountPointW
FindNextVolumeW
GetCompressedFileSizeW
FindNextFileA
BindIoCompletionCallback
FindAtomA
CreateToolhelp32Snapshot
GetProcessAffinityMask
AddAtomW
LocalFileTimeToFileTime
FindResourceW
CreateNamedPipeW
IsBadCodePtr
CreateEventA
RemoveDirectoryW
CreateDirectoryW
DeviceIoControl
LocalFlags
GetConsoleCP
GetExitCodeProcess
UnregisterWaitEx
SetLocalTime
GetShortPathNameA
CreateTimerQueue
GetTempPathW
MoveFileExW
ReadConsoleInputW
LocalSize
GetAtomNameA
FindResourceA
GetDefaultCommConfigW
GetCurrentThread
GetDiskFreeSpaceExW
LCMapStringW
GetSystemWow64DirectoryW
CompareStringW
GetDiskFreeSpaceW
SetProcessShutdownParameters
RtlUnwind
GetTimeZoneInformation
WinExec
WaitForMultipleObjectsEx
WriteProfileStringA
GetFullPathNameW
GetLargestConsoleWindowSize
GetDateFormatW
PeekConsoleInputW
GetThreadContext
GetQueuedCompletionStatus
GetFullPathNameA
PeekConsoleInputA
GetDateFormatA
FillConsoleOutputAttribute
TryEnterCriticalSection
AllocConsole
OpenSemaphoreW
SetEnvironmentVariableA
SetTimeZoneInformation
GetFileAttributesExA
ResetEvent
SetFilePointer
GetVolumePathNamesForVolumeNameW
SetHandleCount
VirtualQueryEx
CopyFileExW
ConvertDefaultLocale
GetComputerNameExW
SetCurrentDirectoryW
CancelWaitableTimer
TerminateProcess
GetStartupInfoW
GetDriveTypeW
DisconnectNamedPipe
GetEnvironmentStringsW
GetUserDefaultLCID
ReadConsoleW
Sleep
GetVolumeInformationA
FindNextFileW
SetFileAttributesA
GetStringTypeW
LocalHandle
GetCurrentProcessId
IsBadStringPtrW
GetCommandLineA
GetProcessVersion
SetEnvironmentVariableW
PulseEvent
LoadResource
GlobalFree
MoveFileExA
TerminateThread
OpenFileMappingA
HeapWalk
WriteConsoleInputA
ReadProcessMemory
EscapeCommFunction
HeapReAlloc
GetProfileStringW
GetModuleFileNameW
WriteFile
SetCurrentDirectoryA
FormatMessageW
IsBadWritePtr
VerLanguageNameW
VirtualAlloc
VerSetConditionMask
lstrcpyW
EnterCriticalSection
GetProcessHeap
LoadLibraryA
CreateDirectoryA
CloseHandle
CreateMutexA
WaitForSingleObject
lstrcatW
VirtualQuery
InterlockedExchange
GetComputerNameA
GetModuleHandleA
CreateFileMappingA
lstrlenW
CopyFileA
CreateThread
HeapAlloc
GetLastError
HeapValidate
GetProcAddress
GetModuleFileNameA
GetStdHandle

ole32

OleGetAutoConvert
CreateFileMoniker
CoMarshalInterThreadInterfaceInStream
CoGetMarshalSizeMax
CoDisableCallCancellation
OleIsRunning
CoGetInterfaceAndReleaseStream
GetHGlobalFromILockBytes
RevokeDragDrop
OleLoadFromStream
CoRegisterMessageFilter
ReadFmtUserTypeStg
CoDisconnectObject
OleDestroyMenuDescriptor
BindMoniker
GetRunningObjectTable
StringFromIID
OleLoad
StgCreateDocfileOnILockBytes
OleLockRunning
OleQueryLinkFromData
CoWaitForMultipleHandles
CoFreeUnusedLibrariesEx
CoInitialize
CoTaskMemAlloc
CoUninitialize

user32

SetClassLongA
GetUserObjectInformationW
ReplyMessage
ChangeDisplaySettingsExW
SetFocus
EnumThreadWindows
RegisterHotKey
SetWindowLongW
IsCharAlphaA
FlashWindow
GetWindowTextLengthA
AllowSetForegroundWindow
CreateWindowExW
GetScrollInfo
CharNextA
GetClassLongW
GetMenuItemID
GetShellWindow
LoadStringA
SetRectEmpty
CreateIconIndirect
GetWindowTextLengthW
ScrollWindowEx
GetWindow
InvalidateRect
GetMenuCheckMarkDimensions
GetParent
CreateIconFromResourceEx
SetDlgItemInt
LoadImageA
EndDialog
GetMessagePos
FindWindowA
PostThreadMessageA
MapWindowPoints
GetCursor
IsWindowVisible
InsertMenuA
GetForegroundWindow
DefFrameProcW
GetMenuState
GetIconInfo
CallWindowProcA
EndDeferWindowPos
ShowWindowAsync
CreateDialogParamW
IntersectRect
SetScrollPos
GetLastActivePopup
GetDesktopWindow
GetClassNameW
DestroyIcon
ScreenToClient
IsDialogMessageW
GetMessageExtraInfo
RemovePropW
SendMessageTimeoutW
ClientToScreen
MapVirtualKeyExW
CreateIcon
SetWindowWord
FindWindowExW
GetMonitorInfoA
DeferWindowPos
GetWindowWord
SetMenu
SetWindowTextA
CharLowerBuffW
GetQueueStatus
SetWindowPlacement
ExitWindowsEx
SystemParametersInfoA
GetClassInfoW
DispatchMessageW
GetClassLongA
DrawMenuBar
MonitorFromWindow
SetMenuDefaultItem
LoadCursorA
EndTask
SystemParametersInfoW
SetProcessDefaultLayout
UnhookWindowsHook
DestroyAcceleratorTable
CharNextW
ChangeMenuA
DefFrameProcA
ChangeDisplaySettingsW
OpenWindowStationA
EnableMenuItem
WindowFromDC
FindWindowExA
TranslateMDISysAccel
LoadCursorW
InvalidateRgn
InvertRect
TabbedTextOutA
EnumWindowStationsW
IsMenu
SendDlgItemMessageA
OpenDesktopW
VkKeyScanA
DispatchMessageA
SetTimer
CallNextHookEx
KillTimer
GetMessageA
UnhookWindowsHookEx
IsWindow

shlwapi

PathFindNextComponentW
PathIsUNCServerW
PathAppendW
StrToIntA
PathCommonPrefixW
PathIsUNCServerShareW
StrStrIA
StrStrIW
SHStrDupW
UrlCreateFromPathW
UrlIsW
SHDeleteKeyW
StrCpyNW
PathIsRootW
PathRemoveBlanksW
StrStrA
PathCreateFromUrlW
PathIsURLW
StrNCatW
PathCombineW
StrChrIW
StrCatBuffA
SHAutoComplete
PathIsFileSpecW
PathStripPathW
PathRemoveArgsW
SHGetValueW
PathFileExistsW
AssocCreate
PathSetDlgItemPathW
UrlEscapeW
StrRChrW
PathCompactPathExW

advapi32

RegQueryValueExA
RegOpenKeyExA
UnlockServiceDatabase
RegEnumKeyA
RegCreateKeyW
GetAclInformation
RegCreateKeyA
RegCreateKeyExA
ChangeServiceConfigA
RegisterEventSourceA
QueryServiceConfigA
RegisterServiceCtrlHandlerExA
ImpersonateAnonymousToken
RegEnumKeyW
RegCreateKeyExW
RegDeleteValueW
IsTokenRestricted
SetEntriesInAclA
RegSetValueA
DuplicateToken
RegQueryInfoKeyW
RevertToSelf
CreateProcessAsUserA
StartServiceCtrlDispatcherW
EnumServicesStatusExW
ReadEventLogW
ClearEventLogW
GetServiceKeyNameW
RegisterServiceCtrlHandlerA
GetNumberOfEventLogRecords
RegEnumKeyExW
ReportEventA
RegisterEventSourceW
DeregisterEventSource
RegLoadKeyA
RegRestoreKeyW
EnumServicesStatusA
ControlService
ReportEventW
RegEnumValueW
QueryServiceConfigW
SetThreadToken
RegOpenKeyExW
ChangeServiceConfigW
ReadEventLogA
RegisterServiceCtrlHandlerExW

shell32

SHGetInstanceExplorer
ExtractIconExW
SHAddToRecentDocs
SHGetFileInfoW
DragFinish
SHGetSpecialFolderLocation
SHFileOperationA
SHGetFolderPathAndSubDirW
ExtractIconA
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
SHGetPathFromIDListW
CommandLineToArgvW

gdi32

SelectObject
GetNearestPaletteIndex
GetTextCharset
PlayEnhMetaFile
GetTextCharsetInfo
SetPixel
SetTextColor
Arc
CreateDiscardableBitmap
PlayEnhMetaFileRecord
GetCurrentPositionEx
MoveToEx
FillRgn
GetPixelFormat
CreateFontA
SetMapperFlags
ResizePalette
GetTextExtentPoint32A
GetBitmapDimensionEx
SetGraphicsMode
DPtoLP
CreatePen
CreateBitmap
BitBlt
RectVisible
IntersectClipRect
GetPaletteEntries
CreateDIBitmap
PolyPolyline
CreateBitmapIndirect
CopyMetaFileW
ExtFloodFill
SetDIBits
CreateMetaFileA
EqualRgn
StartDocW
PolylineTo
GetMetaFileBitsEx
SwapBuffers
EnumMetaFile
SelectPalette
GetOutlineTextMetricsA
FlattenPath
PolyDraw
GetCharWidth32W
GetCharABCWidthsA
ResetDCA
GetClipRgn
GetEnhMetaFileBits
ExtTextOutW
CreateFontW
GetTextFaceW
PathToRegion
AbortDoc
CloseFigure
SetTextAlign
SetPaletteEntries
SetMetaRgn
SetStretchBltMode
GetGlyphOutlineA
SetDCBrushColor
GetFontResourceInfoW
DeleteMetaFile
CreatePenIndirect
EnumEnhMetaFile
StartDocA

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b603b62f7f808afd25327ab2f38055f

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

shell32

gdi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 956B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 956B

.reloc
Size: 4KB - Virtual size: 2KB