1d0fc2f1a6eb2b2bfa166a613ca871f0

Sharing

Copy URL Twitter E-mail

General

Target

1d0fc2f1a6eb2b2bfa166a613ca871f0
Size

651KB
MD5

1d0fc2f1a6eb2b2bfa166a613ca871f0
SHA1

15ebe7e2289e6334bf78feb3d8da2f788825ae68
SHA256

156d33cd77b439e59220722069633d6ca60718bf71c271fee9e3105ba59a6e43
SHA512

73b611d78381ef76f7278d2e71cc41edba53d200c005596798fb4aa73a36f7307ee073e057862e4590d62f648de62c59f37afa176a0512307833d11d980b5ddf
SSDEEP

12288:STI1yUamwjVLYC0QDb5rhM/M3UwDUI6pQou8YWr+oj/fRA+t0o4o:AIcEwhfNVP3UwDs+ouPk/5v0f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d0fc2f1a6eb2b2bfa166a613ca871f0

Files

1d0fc2f1a6eb2b2bfa166a613ca871f0
.dll windows:5 windows x64 arch:x64

6884dfe5e94fe34ba6a4c17464a6c1bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSizeEx
GetLastError
GetProcAddress
FindClose
Process32FirstW
ProcessIdToSessionId
Process32NextW
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
CloseHandle
DeleteFileW
VirtualFreeEx
VirtualAllocEx
LocalAlloc
GetCurrentProcessId
LocalFree
GetCommandLineW
GetTempFileNameW
SetFilePointer
lstrlenA
WaitForSingleObject
GetLogicalDrives
Sleep
CopyFileW
GetFileAttributesA
GetFileAttributesW
MultiByteToWideChar
lstrlenW
GetTempPathW
CreateDirectoryA
GetCurrentDirectoryW
CopyFileA
SetCurrentDirectoryW
OpenEventW
lstrcpyW
CreateThread
SystemTimeToFileTime
WideCharToMultiByte
InitializeCriticalSection
LeaveCriticalSection
FlushFileBuffers
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
GetLocalTime
CreateFileMappingW
GetFileInformationByHandle
VirtualAlloc
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
ExitThread
lstrcmpW
CreateFileW
GetModuleFileNameW
ReadFile
TerminateProcess
lstrcpynW
GetVersionExW
LoadLibraryW
GetSystemDirectoryW
OpenProcess
GetProcessTimes
WriteFile
SetFileTime
GetProcessHeap
GetTickCount
GetModuleHandleW
GetComputerNameW
CreateDirectoryW
HeapFree
HeapAlloc
CreateProcessW
GetDriveTypeW
ExpandEnvironmentStringsA
LoadLibraryA
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
CreateFileA
SetStdHandle
GetFullPathNameA
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStringTypeW
FreeLibrary
FindFirstFileW
EnterCriticalSection
GetFileSize
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
RtlUnwindEx
LCMapStringW
RtlPcToFileHeader
RaiseException
GetStdHandle
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
DecodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeZoneInformation

user32

wsprintfW
GetSystemMetrics
GetDesktopWindow

advapi32

CryptReleaseContext
GetTokenInformation
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptGenRandom
OpenProcessToken
CryptAcquireContextW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
SetTokenInformation
CreateProcessAsUserW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

shlwapi

PathUnquoteSpacesW
wnsprintfW
PathFindOnPathW
PathRemoveArgsW

ws2_32

setsockopt
recv
bind
socket
__WSAFDIsSet
closesocket
listen
accept
inet_ntoa
inet_addr
shutdown
htons
select
connect
ioctlsocket
send
WSAGetLastError
getpeername
WSACleanup
WSASetLastError
WSAIoctl
getsockname
ntohs
getsockopt
freeaddrinfo
getaddrinfo
sendto
recvfrom
gethostname
WSAStartup

psapi

GetModuleFileNameExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

dnsapi

DnsFree
DnsQuery_W

wldap32

ord35
ord46
ord27
ord301
ord33
ord79
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord41

Sections

.text
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6884dfe5e94fe34ba6a4c17464a6c1bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wtsapi32

shlwapi

ws2_32

psapi

userenv

dnsapi

wldap32

Sections

.text Size: 485KB - Virtual size: 485KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 8KB - Virtual size: 23KB

.pdata Size: 27KB - Virtual size: 26KB

text Size: 4KB - Virtual size: 3KB

data Size: 16KB - Virtual size: 16KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 485KB - Virtual size: 485KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 8KB - Virtual size: 23KB

.pdata
Size: 27KB - Virtual size: 26KB

text
Size: 4KB - Virtual size: 3KB

data
Size: 16KB - Virtual size: 16KB

.reloc
Size: 3KB - Virtual size: 3KB