b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4

Sharing

Copy URL Twitter E-mail

General

Target

b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4
Size

1.5MB
MD5

1d626b48ae7062bd319cb768a8ca979d
SHA1

d117643019d665a29ce8a7b812268fb8d3e5aadb
SHA256

b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4
SHA512

e0e56150267e3626f6ef4c5d2d1ed8f5cfe4aa0302b04f30b16e7599114d398b95d6cbf2ef4aabdd42b0054eade52e6d6a7ae99fcfea508d727e54c4670d3be2
SSDEEP

24576:0eUXJp4Xq2mbK+d4WLdfiBUcqmxoF8j7QGgOcBYiiJ/RLYPzUKMCvATqgxJXZJ/:0jVd4WLLcqWoF8gvOugRLYPzUKMCvAWu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4

Files

b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4
.dll windows:5 windows x86 arch:x86

c835c9b8ef8727c3044e1626e756e5f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryW
SetFileTime
CreateFileW
ExpandEnvironmentStringsW
IsBadStringPtrA
MapViewOfFile
UnmapViewOfFile
SetEvent
FlushViewOfFile
OpenProcess
GetLocalTime
SetHandleInformation
ReadFile
CreatePipe
GetOEMCP
GetProcAddress
LoadLibraryA
OpenEventW
GetFileSize
SetFilePointer
WriteFile
VirtualProtectEx
GetExitCodeThread
lstrcmpiW
LoadLibraryW
GetModuleHandleW
GetVersionExW
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
ReadProcessMemory
WriteProcessMemory
GetModuleHandleA
CreateThread
WideCharToMultiByte
DeleteFileW
CloseHandle
CreateEventW
TerminateProcess
Sleep
GetCurrentProcess
CreateProcessW
GetLastError
GetTickCount
WaitForSingleObject
GetNativeSystemInfo
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InitializeCriticalSection
SetEndOfFile
SetStdHandle
OutputDebugStringW
VirtualQuery
GetCurrentProcessId
GetSystemTimeAsFileTime
GetFileAttributesExW
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
HeapReAlloc
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
RaiseException
RtlUnwind
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableW
SetEnvironmentVariableA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
FreeLibrary
LoadLibraryExW
HeapSize
GetProcessHeap
GetTimeZoneInformation
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
GetModuleFileNameA
QueryPerformanceCounter

advapi32

CryptDestroyHash
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
CryptHashData

psapi

GetModuleBaseNameA
EnumProcessModulesEx
EnumProcessModules
GetModuleBaseNameW

Exports

Exports

UMEP
VFEP

Sections

.text
Size: 930KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 193KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c835c9b8ef8727c3044e1626e756e5f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

psapi

Exports

Exports

Sections

.text Size: 930KB - Virtual size: 930KB

.rdata Size: 346KB - Virtual size: 346KB

.data Size: 193KB - Virtual size: 220KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 930KB - Virtual size: 930KB

.rdata
Size: 346KB - Virtual size: 346KB

.data
Size: 193KB - Virtual size: 220KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 36KB - Virtual size: 35KB