ad9ca6ac6681370352aba5f7ff6b498ebb0af14830b6179b6c8e4709872139d8

Sharing

Copy URL Twitter E-mail

General

Target

ad9ca6ac6681370352aba5f7ff6b498ebb0af14830b6179b6c8e4709872139d8
Size

480KB
MD5

fefba8b6b4871f858bee62d5b95fbb17
SHA1

4095e56bcae4725158ae1783a600d9be7ba392fe
SHA256

ad9ca6ac6681370352aba5f7ff6b498ebb0af14830b6179b6c8e4709872139d8
SHA512

63dc95e86a2132642ea9cee60f5d9d42ec6c944f9aeb093c4224df6991c877ee1a32207bdc0ff9ca8e1091f5f580ef4a2ec03f61a735fdf25326c51ce4ce4bad
SSDEEP

12288:ft/ZTXhZxOiIwfrufJtNzyxiDtXqPdAkpfQSesTGty8r:dZTPPfruiAqPdISeQ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad9ca6ac6681370352aba5f7ff6b498ebb0af14830b6179b6c8e4709872139d8

Files

ad9ca6ac6681370352aba5f7ff6b498ebb0af14830b6179b6c8e4709872139d8
.dll windows:4 windows x86 arch:x86

fff756e970273f71d61dda965c1e8bc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc

user32

DispatchMessageA
UnhookWindowsHookEx
wsprintfA
TranslateMessage
PeekMessageA
SetWindowsHookExA
CallNextHookEx

kernel32

GetCurrentThread
InterlockedDecrement
ReadProcessMemory
HeapAlloc
GetProcessHeap
CloseHandle
WriteFile
CreateFileA
GetFileAttributesA
SetFileTime
GetFileTime
lstrlenA
DeleteFileA
VirtualFree
HeapFree
InterlockedExchange
ReadFile
VirtualAlloc
GetFileSize
GetModuleFileNameA
Sleep
WaitForSingleObject
GetLastError
CreateEventA
TerminateThread
WaitForMultipleObjects
SetEvent
CreateThread
GetModuleHandleA
ExitThread
InterlockedIncrement
LocalFree
lstrcmpiA
WideCharToMultiByte
lstrcpyA
lstrcpyW
DuplicateHandle
GetCurrentProcess
GetProcAddress
VirtualProtect
LoadLibraryA
lstrcmpA
GetShortPathNameA
MoveFileExA
VirtualLock
ExpandEnvironmentStringsA
MultiByteToWideChar
ResetEvent
WriteProcessMemory

advapi32

SetNamedSecurityInfoA
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegCloseKey
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

ntdll

memmove
memset

psapi

GetProcessImageFileNameA

Exports

Exports

_IWMPEvents

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fff756e970273f71d61dda965c1e8bc7

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

kernel32

advapi32

ole32

ntdll

psapi

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 461KB - Virtual size: 460KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 461KB - Virtual size: 460KB

.reloc
Size: 2KB - Virtual size: 2KB