f3aaa091fdbc8772fb7bd3a81665f4d33c3b62bf98caad6fee4424654ba26429

Sharing

Copy URL Twitter E-mail

General

Target

f3aaa091fdbc8772fb7bd3a81665f4d33c3b62bf98caad6fee4424654ba26429
Size

243KB
MD5

3b10f20729d79ca3a92510674ff037c2
SHA1

80b5cd49f809c2c9c41007d7de1e941bfbd7c1f2
SHA256

f3aaa091fdbc8772fb7bd3a81665f4d33c3b62bf98caad6fee4424654ba26429
SHA512

fe29442f0e0eb70810610e9a95c62962a6937f3dc8e6b364eccf6e29a6d43ee1c74af0e9a899ec0a6828c2bf59660dc073e7dfa8aee1128e2fe1878b020311bf
SSDEEP

3072:qaLoMtel3yIZlSjaEE5DzsHrNR90+ZJ+QUc8w/v2/bG+9f3b8zNyMZM:qrael3yne5+D9d+fc8w/vD+9QzNh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3aaa091fdbc8772fb7bd3a81665f4d33c3b62bf98caad6fee4424654ba26429

Files

f3aaa091fdbc8772fb7bd3a81665f4d33c3b62bf98caad6fee4424654ba26429
.dll windows:5 windows x64 arch:x64

ba8efcd56a17a4f5ee4e6b0662bd2388

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

wcslen
strpbrk
_ultoa
memcmp
_memicmp
strrchr
strncat
_strlwr
qsort
_strcmpi
strtoul
_itoa
strstr
strncmp
strcpy
atoi
_stricmp
toupper
strchr
strncpy
_vsnprintf
abs
strlen
sprintf
memcpy
VerSetConditionMask
memset
_wcsicmp
__chkstk
strcat
strcmp

psapi

GetModuleBaseNameA
EnumProcesses

netapi32

NetApiBufferFree
NetGetDCName

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
GetExitCodeThread
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WaitForSingleObject
GetCurrentThreadId
GetLastError
LocalFree
HeapFree
HeapAlloc
GetProcAddress
LoadLibraryA
FreeLibrary
SetLastError
FormatMessageA
GetTickCount
CreateEventA
CancelIo
SetEvent
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
WriteFile
CallNamedPipeA
PeekNamedPipe
GetOverlappedResult
WaitForMultipleObjects
TransactNamedPipe
ReadFile
CreateNamedPipeA
ConnectNamedPipe
GetCurrentProcess
WritePrivateProfileStringA
GetFileSize
CreateDirectoryA
lstrcatA
CreateMutexA
GetCurrentProcessId
GetProcessHeap
SetErrorMode
HeapDestroy
TerminateThread
WaitForMultipleObjectsEx
GetPrivateProfileStringA
Sleep
MultiByteToWideChar
GetDiskFreeSpaceExA
FlushFileBuffers
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
ReleaseMutex
SetFilePointer
GetTempFileNameA
FindClose
FindNextFileA
DeleteFileA
lstrlenW
GetPrivateProfileSectionA
TerminateProcess
SetHandleInformation
GetTempPathA
GetComputerNameA
GetLocalTime
MoveFileExA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetEnvironmentVariableA
GetModuleHandleA
lstrcmpiA
CreateFileW
Module32NextW
lstrcpyW
lstrcmpiW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FindFirstFileA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
ConvertSidToStringSidA
RegQueryValueExA
LogonUserA
DuplicateTokenEx
CreateProcessAsUserA
CryptAcquireContextA
CryptGenRandom
OpenProcessToken
GetTokenInformation
GetUserNameA
ImpersonateNamedPipeClient
RevertToSelf
ConvertStringSidToSidA
GetLengthSid
SetTokenInformation
SetFileSecurityA
ConvertStringSecurityDescriptorToSecurityDescriptorA
MakeAbsoluteSD

msvcrt

fclose
fopen
_lrotl
_vscprintf
_strdup
_beginthreadex
_endthreadex
wcstok
rand
vfprintf
_localtime64
_time64
_tzset
_errno
strtok
rewind
ftell
fseek
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
malloc
fprintf
__iob_func
exit
free
ferror
fwrite
fflush
fread

Exports

Exports

OnDemandStart
OnDemandStop

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba8efcd56a17a4f5ee4e6b0662bd2388

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

psapi

netapi32

userenv

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 205KB - Virtual size: 204KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 918B

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 918B