725e252b9a759587bffe569832c002108b57127dbdc4ed7bddfec04c6a2e1d41

Sharing

Copy URL Twitter E-mail

General

Target

725e252b9a759587bffe569832c002108b57127dbdc4ed7bddfec04c6a2e1d41
Size

581KB
MD5

a99bfc7d32428b271a8b0025942af53c
SHA1

9f2ba32fd939fc2ad92b282310e5aefae3718db9
SHA256

725e252b9a759587bffe569832c002108b57127dbdc4ed7bddfec04c6a2e1d41
SHA512

2a28b9588db47fb6bd8f56aba6ba484153e08bc6711bcd40593fe65698cfcf7591f0e1a17f8182d90ea850f8e9b7f6f34ca45d9014c886b11e1068a686d7b665
SSDEEP

6144:jlFbtv3gTM1Wi8mjdnWcrLIuqrmjHU/Yrr3JKyS0plc7LbLGzwsIY8J6RHW4:xvdYyPQaw/YrwyS0plc7LbLCWYvR24

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
725e252b9a759587bffe569832c002108b57127dbdc4ed7bddfec04c6a2e1d41

Files

725e252b9a759587bffe569832c002108b57127dbdc4ed7bddfec04c6a2e1d41
.dll windows:5 windows x64 arch:x64

2a0f17ba59d07533b978dfb69d4a8601

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetFileAttributesW
CreateThread
WaitForSingleObject
GetModuleFileNameW
FreeLibrary
GetFileSize
ReadFile
GetCurrentThreadId
GetEnvironmentVariableW
WriteFile
GetSystemInfo
GetVersionExW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesW
GetFileTime
SetFileTime
IsBadReadPtr
GetVersion
OpenProcess
TerminateThread
LoadLibraryA
GetTickCount
OutputDebugStringW
GetWindowsDirectoryW
CreateDirectoryW
MoveFileExW
CreateMutexA
GetPrivateProfileStringW
GetComputerNameExW
DisableThreadLibraryCalls
GetComputerNameW
SetThreadExecutionState
LockResource
LoadResource
GetSystemDirectoryW
FindResourceExW
CreateFileW
MultiByteToWideChar
GlobalFree
GlobalAlloc
LocalFree
LocalAlloc
LoadLibraryW
FlushInstructionCache
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
HeapAlloc
RaiseException
GetNativeSystemInfo
HeapReAlloc
GetLastError
LeaveCriticalSection
UnregisterWaitEx
QueryDepthSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateSemaphoreW
ReleaseSemaphore
GetCurrentProcessorNumber
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
WideCharToMultiByte
CloseHandle
SignalObjectAndWait
CreateEventW
SetEvent
CreateTimerQueue
LoadLibraryExW
SetLastError
TerminateProcess
InterlockedFlushSList
VirtualQuery
VirtualFree
OpenThread
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
Thread32First
Thread32Next
HeapCreate
GetExitCodeThread
GetCurrentThread
SwitchToThread
InitializeCriticalSectionAndSpinCount
VirtualAlloc
GetCurrentProcess
EnterCriticalSection
HeapFree
VirtualProtect
QueryPerformanceCounter
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
SizeofResource
QueryPerformanceFrequency
Sleep

user32

wsprintfW
GetSystemMetrics
wsprintfA

advapi32

CryptDestroyHash
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
SystemFunction036
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RevertToSelf
RegOverridePredefKey
RegOpenCurrentUser
ImpersonateLoggedOnUser
GetUserNameW
OpenProcessToken
CryptGetHashParam

ole32

CoInitializeSecurity
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantClear

wininet

InternetCloseHandle
HttpQueryInfoW
InternetSetOptionW
InternetQueryOptionW
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetQueryDataAvailable
HttpAddRequestHeadersW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetReadFile

shlwapi

PathRemoveFileSpecW

iphlpapi

GetNetworkParams

mpr

WNetAddConnection3W

ws2_32

getsockopt
ntohs
shutdown
closesocket
setsockopt
WSAStartup
FreeAddrInfoW
GetAddrInfoW
socket
bind
listen
connect
send
WSAGetLastError
recv
accept
select
__WSAFDIsSet
getsockname
WSAIoctl
htons
inet_addr
gethostbyname
recvfrom
sendto
htonl
ioctlsocket

crypt32

CertFindChainInStore
CertCloseStore
CertFreeCertificateContext
CertOpenSystemStoreW
CryptDecodeObjectEx
CryptStringToBinaryA
CryptBinaryToStringA

netapi32

NetWkstaGetInfo
NetApiBufferFree

ntdll

RtlImageNtHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader

winhttp

WinHttpOpen
WinHttpConnect
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpQueryOption
WinHttpOpenRequest
WinHttpCloseHandle

dnsapi

DnsQuery_W
DnsFree

msvcrt

ceil
strchr
fgets
__CxxFrameHandler
_iob
_lock
??_U@YAPEAX_K@Z
__dllonexit
___lc_codepage_func
strncmp
_controlfp
_XcptFilter
_wcsicmp
wcsstr
??_V@YAXPEAX@Z
_clearfp
log10
_isatty
fflush
_fileno
_statusfp
?terminate@@YAXXZ
_msize
memcmp
strrchr
_errno
__C_specific_handler
__pctype_func
memchr
localeconv
realloc
memmove
strtol
memcpy
setlocale
_CxxThrowException
??0exception@@QEAA@XZ
memset
_initterm
atexit
fclose
??2@YAPEAX_K@Z
__getmainargs
_amsg_exit
_cexit
calloc
___lc_handle_func
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
toupper
_wtoi
fopen
??3@YAXPEAX@Z
_time64
malloc
__DestructExceptionObject
free
abort
fputc
fwrite
wcstoul
tolower
_unlock
__RTDynamicCast
sqrt
__uncaught_exception
exp
_beginthreadex

msvcp60

_Tolower
_Getctype
_Toupper

Exports

Exports

DispatchEx

Sections

.text
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a0f17ba59d07533b978dfb69d4a8601

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

shlwapi

iphlpapi

mpr

ws2_32

crypt32

netapi32

ntdll

winhttp

dnsapi

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 414KB - Virtual size: 413KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 13KB - Virtual size: 663KB

.pdata Size: 23KB - Virtual size: 22KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 414KB - Virtual size: 413KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 13KB - Virtual size: 663KB

.pdata
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 2KB