2a4302e61015fdf5f65fbd456249bafe96455cd5cc8aefe075782365b9ae3076

Sharing

Copy URL Twitter E-mail

General

Target

2a4302e61015fdf5f65fbd456249bafe96455cd5cc8aefe075782365b9ae3076
Size

341KB
MD5

415b5faf53231dee903f2b8c0a5b8e19
SHA1

2e1b8f65bf87430b736cf1e7fbc58b1a95be23d3
SHA256

2a4302e61015fdf5f65fbd456249bafe96455cd5cc8aefe075782365b9ae3076
SHA512

8afdf1acc0aaa3a152b679cbc43be97564294b037788a0f80b11ae2c4b3783c60a282a0912090602c05bae359f2ce7867b745c65662e82bf430586d8ea1ecc70
SSDEEP

6144:d3zwwaYNyIg2rfL2msjRGr0Ip3rL0sCKVfgZwPeTXCx1IgRP:d3zwjYcIg0amsjEr7pbL9ww2oF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a4302e61015fdf5f65fbd456249bafe96455cd5cc8aefe075782365b9ae3076

Files

2a4302e61015fdf5f65fbd456249bafe96455cd5cc8aefe075782365b9ae3076
.dll windows:5 windows x86 arch:x86

8a401356233321f60def26211a660143

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DecodePointer
GetModuleFileNameA
WaitForSingleObject
LoadLibraryW
Sleep
GetProcAddress
GetModuleHandleA
CloseHandle
RaiseException
VirtualProtect
IsBadReadPtr
VirtualAlloc
VirtualFree
LoadLibraryA
FreeLibrary
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree
WriteConsoleW
SetFilePointerEx
SetLastError
MultiByteToWideChar
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetSystemTimeAsFileTime
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
GetStdHandle
WriteFile
GetModuleFileNameW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
LoadLibraryExW
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileW

advapi32

RegisterServiceCtrlHandlerW

Exports

Exports

??0Cssdll@@QAE@XZ
??4Cssdll@@QAEAAV0@ABV0@@Z
?fnabcssdll@@YAHXZ
?nssdll@@3HA
ServiceMain
StartUp

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a401356233321f60def26211a660143

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 232KB - Virtual size: 240KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 232KB - Virtual size: 240KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 5KB - Virtual size: 4KB