c5166c868ed4835c35332350deccc83e72b85b5143367ed538e6fee32e4913d6

Sharing

Copy URL

Twitter E-mail

General

Target

c5166c868ed4835c35332350deccc83e72b85b5143367ed538e6fee32e4913d6
Size

1.6MB
MD5

a4df76f08fc4182f0ae7cff918a8296b
SHA1

5892744ea92502e180e8103fd9c04e714f6104dd
SHA256

c5166c868ed4835c35332350deccc83e72b85b5143367ed538e6fee32e4913d6
SHA512

9d642d0e9cd919ad6a50abadaa3e5953b8859708158435f28f24b07d5c7619bcd99cb936708cb9b61b45c20c56699a67b0ed4c95200dc8f3024989b871e8cd93
SSDEEP

12288:RaxDT9gYA8u9kkJ6uApoie2YYN0G0J3et0cIS2lxTfG5R2Mf:ODT9vIf2K00cB2q4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5166c868ed4835c35332350deccc83e72b85b5143367ed538e6fee32e4913d6

Files

c5166c868ed4835c35332350deccc83e72b85b5143367ed538e6fee32e4913d6
.dll windows:6 windows x86 arch:x86

c15ee08517b95df7c5745e3a90360a35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

socket
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError

wldap32

ord219
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord145

kernel32

IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapReAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
ExitProcess
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
CreateFileW
GetACP
ReadFile
CloseHandle
WriteFile
DebugBreak
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
CreateFileA
SetFilePointer
lstrlenA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
Sleep
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
VerifyVersionInfoW
QueryPerformanceCounter
GetTickCount
WaitForSingleObjectEx
GetStdHandle
GetFileType
GetLastError
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
SetLastError
FormatMessageA
MultiByteToWideChar
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileAttributesExW
SetEndOfFile
HeapSize
WriteConsoleW
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegisterEventSourceA
DeregisterEventSource

Exports

Exports

RegisterModule

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mcgf
Size: 1020KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c15ee08517b95df7c5745e3a90360a35

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 501KB - Virtual size: 500KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 5KB - Virtual size: 9KB

.mcgf Size: 1020KB - Virtual size: 1020KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 501KB - Virtual size: 500KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 5KB - Virtual size: 9KB

.mcgf
Size: 1020KB - Virtual size: 1020KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 21KB