8ff280e6e5ce3d38fb92c687cfe7ad39538b041632ed018815eb126b24e5d491

Sharing

Copy URL Twitter E-mail

General

Target

8ff280e6e5ce3d38fb92c687cfe7ad39538b041632ed018815eb126b24e5d491
Size

1.8MB
MD5

62f80cc65a5521735d0ae28cbde576fd
SHA1

34e53bc176fb649a15ddbc4d5bccfa11c039866f
SHA256

8ff280e6e5ce3d38fb92c687cfe7ad39538b041632ed018815eb126b24e5d491
SHA512

ba8a3f57f8f4fed9a473974a96ad60ed3d3ebf327c21a44a97bb4d9b754cf89a9e9c21e51212b2beed5cb7dba2121e24b5c05013191da2fe7cd86ab6d02e811b
SSDEEP

24576:xTh5Yb2KrLOjeKtnyoHPVzvp8Ok8SrHA+fu1sX/A4PdlvbiN:xt5o2kLOje6LPVb6OiA+BPA4Pdlvm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ff280e6e5ce3d38fb92c687cfe7ad39538b041632ed018815eb126b24e5d491

Files

8ff280e6e5ce3d38fb92c687cfe7ad39538b041632ed018815eb126b24e5d491
.dll windows:5 windows x86 arch:x86

7207b4368e6e34ddcdb3c51f17a1b990

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

GetUrlCacheEntryInfoW

oleaut32

LoadRegTypeLi

advapi32

DecryptFileW
IsValidSid
GetSidIdentifierAuthority
InitializeSecurityDescriptor

shell32

FindExecutableW

kernel32

GetThreadLocale
WritePrivateProfileStructA
GetVolumeInformationA
GetDiskFreeSpaceA
FindActCtxSectionStringW
GetComputerNameExA
LocalFree
FindVolumeClose
GetCalendarInfoW
FreeLibrary
GetCurrencyFormatA
DefineDosDeviceA
GetStringTypeA
WriteProfileStringW
ExpandEnvironmentStringsW
GetFileTime
lstrcpynW
GetCommTimeouts
GetModuleFileNameA
GetBinaryTypeA
GetTickCount
GetModuleHandleA

urlmon

FindMimeFromData

user32

GetKeyNameTextA
GetRawInputDeviceList
GetWindowRgn
GetClassInfoW
GetKeyboardLayout
GetCursor
GetQueueStatus
GetWindowTextW
GetDlgItemTextW

gdi32

GetTextMetricsW
GetOutlineTextMetricsA
ExcludeClipRect
GetRandomRgn
GetTextCharset
GetWindowOrgEx
GetPaletteEntries

winspool.drv

DeletePortW

mscms

GetStandardColorSpaceProfileW

msvcrt

towlower

Sections

.text
Size: 712KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 910KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7207b4368e6e34ddcdb3c51f17a1b990

Headers

DLL Characteristics

File Characteristics

Imports

wininet

oleaut32

advapi32

shell32

kernel32

urlmon

user32

gdi32

winspool.drv

mscms

msvcrt

Sections

.text Size: 712KB - Virtual size: 709KB

.rdata Size: 912KB - Virtual size: 910KB

.data Size: 140KB - Virtual size: 142KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 712KB - Virtual size: 709KB

.rdata
Size: 912KB - Virtual size: 910KB

.data
Size: 140KB - Virtual size: 142KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 35KB