adb61560363fcda109ea077a6aaf66da530fcbbb5dbde9c5923a59385021a498

Sharing

Copy URL Twitter E-mail

General

Target

adb61560363fcda109ea077a6aaf66da530fcbbb5dbde9c5923a59385021a498
Size

224KB
MD5

4d8783df1b546f5e59a3d25025f7e4c2
SHA1

82bcf9640ac575148a55b5559c1226e875c91973
SHA256

adb61560363fcda109ea077a6aaf66da530fcbbb5dbde9c5923a59385021a498
SHA512

8587058ab2251250a4af80fa2ab5ebbec397b0c5e152977544d4113ec913b030ac02bde616dd49ec4ad8f9b7fb58af3a89f435274383395e3030934266fa4262
SSDEEP

3072:lOVno4box0lU03S4aqc+AU+Kvrr4lJrVXmJKxqWkVOF4wevflfDfdhye5hKeP:lOo4Ux+cxKvrrYJrVXaVO1eVfDlhAs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adb61560363fcda109ea077a6aaf66da530fcbbb5dbde9c5923a59385021a498

Files

adb61560363fcda109ea077a6aaf66da530fcbbb5dbde9c5923a59385021a498
.dll windows:5 windows x86 arch:x86

5e6f146c0f0ee746fb65a53775198ec5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DecodePointer
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
Sleep
LoadLibraryW
WaitForSingleObject
SetLastError
VirtualProtect
IsBadReadPtr
VirtualAlloc
VirtualFree
LoadLibraryA
FreeLibrary
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
WriteConsoleW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetSystemTimeAsFileTime
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
GetStdHandle
WriteFile
GetModuleFileNameW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
LoadLibraryExW
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
CreateFileW

Exports

Exports

??0Cssdll@@QAE@XZ
??4Cssdll@@QAEAAV0@ABV0@@Z
?fnabcssdll@@YAHXZ
?nssdll@@3HA
ServiceMain

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e6f146c0f0ee746fb65a53775198ec5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 131KB - Virtual size: 139KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 131KB - Virtual size: 139KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB