85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb

Sharing

Copy URL

Twitter E-mail

General

Target

85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb
Size

2.7MB
MD5

49e8853801554d9de4dd281828094c8a
SHA1

435b31eab4fb35e5775476a6a791b65cc1ccc6c8
SHA256

85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb
SHA512

73ca1f6d4d795636641888fb9f855061e9d4b18ce2e5d0fc27717daac2a81a9ca07f31bbc092fb4c6f88ab52acf94c3bae20e17a7aa025464de1c8b17c253bab
SSDEEP

49152:fuQk/WN01lN25JGUHn7Af/BQLGtZDdlXheVPUiX0C1H0i9:Vk/Wu1SPMB1QKiX/HD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb

Files

85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb
.dll windows:6 windows x64 arch:x64

4e9c7cdfdda84ad35b70aa5edd311a78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CreateMutexA
SetUnhandledExceptionFilter
Sleep
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetCurrentThread
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
GetStringTypeW
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
GetTimeZoneInformation
IsValidCodePage
TlsGetValue
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
ReadConsoleW
WriteConsoleW
SetEndOfFile
MultiByteToWideChar
TryEnterCriticalSection
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
WaitForSingleObject
LocalAlloc
GetSystemDirectoryW
LocalFree
CreateProcessW
LocalReAlloc
GetComputerNameW
RtlUnwind
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
InitOnceExecuteOnce
TlsAlloc
WideCharToMultiByte
CloseHandle
GetLastError
CreateFileW
WriteFile
GetFileInformationByHandleEx
ReadFile
GetFileAttributesW
FindClose
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
DeleteCriticalSection
LeaveCriticalSection
GetACP
EnterCriticalSection
FindNextFileW
SetFilePointerEx
FindFirstFileExW
GetCurrentDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetFullPathNameW
GetSystemTime
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
FindFirstFileW
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
SetConsoleMode
ReadConsoleA
LoadLibraryA
GetVolumeInformationW
lstrlenW
RemoveDirectoryW
GetLogicalDriveStringsW
DeleteFileW
CreateSemaphoreW
MoveFileW
GetDriveTypeW

ws2_32

closesocket
socket
connect
setsockopt
WSACleanup
getaddrinfo
WSAStartup
htons
WSAIoctl
recv
send
WSASetLastError
WSAGetLastError

advapi32

DeregisterEventSource
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptEnumProvidersW
GetUserNameW
CryptDestroyHash
CryptSignHashW
RegisterEventSourceW

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

wininet

InternetConnectA
InternetReadFile
InternetCloseHandle
HttpSendRequestA
InternetOpenW
HttpOpenRequestA
HttpQueryInfoA

bcrypt

BCryptGenRandom

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

shell32

SHGetFileInfoW

Exports

Exports

meshconvert

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 751KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e9c7cdfdda84ad35b70aa5edd311a78

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

advapi32

crypt32

wininet

bcrypt

user32

shell32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 751KB - Virtual size: 750KB

.data Size: 33KB - Virtual size: 71KB

.pdata Size: 93KB - Virtual size: 93KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 751KB - Virtual size: 750KB

.data
Size: 33KB - Virtual size: 71KB

.pdata
Size: 93KB - Virtual size: 93KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 29KB - Virtual size: 28KB