ea5fd29fd8bde88061f96f009fa7c2f34b128d9b4713779b2f8d2bb33b42fdb7

Sharing

Copy URL

Twitter E-mail

General

Target

ea5fd29fd8bde88061f96f009fa7c2f34b128d9b4713779b2f8d2bb33b42fdb7
Size

551KB
MD5

800012382b8120cdcdb9dd4967056fed
SHA1

371536b196b44ba87b9685bea4657fe63ca3e3ca
SHA256

ea5fd29fd8bde88061f96f009fa7c2f34b128d9b4713779b2f8d2bb33b42fdb7
SHA512

49177adee82590d25ddac77aeeca51c25600d1f34c0d9822133a5fcb987a7940288a49eb399cc7eab04e6846b54d1764d1d765be2bbb299b19a7b95e71b07d53
SSDEEP

12288:24Gd/1gtlKdSP7Y9yS0UfELCwUy97HnuZlghVG:2/6vgfE0y97HuZlgDG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea5fd29fd8bde88061f96f009fa7c2f34b128d9b4713779b2f8d2bb33b42fdb7

Files

ea5fd29fd8bde88061f96f009fa7c2f34b128d9b4713779b2f8d2bb33b42fdb7
.dll windows:5 windows x64 arch:x64

268a96ebde339bebce27411c886b05ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
SizeofResource
FindResourceExW
GetSystemDirectoryW
CloseHandle
CreateFileW
SetFileAttributesW
CreateThread
WaitForSingleObject
GetModuleFileNameW
GetFileSize
ReadFile
GetCurrentThreadId
WriteFile
GetSystemInfo
GetVersionExW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesW
GetFileTime
SetFileTime
IsBadReadPtr
GetVersion
OpenProcess
TerminateThread
OutputDebugStringW
GetModuleHandleA
LoadLibraryA
VirtualFree
GetWindowsDirectoryW
CreateDirectoryW
GetPrivateProfileStringW
GetComputerNameExW
DisableThreadLibraryCalls
CreateMutexA
SetThreadExecutionState
LoadResource
LocalFree
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
FlushInstructionCache
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
HeapAlloc
RaiseException
GetNativeSystemInfo
HeapReAlloc
GetLastError
LeaveCriticalSection
UnregisterWaitEx
QueryDepthSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateSemaphoreW
ReleaseSemaphore
GetCurrentProcessorNumber
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
GlobalFree
SetThreadPriority
SignalObjectAndWait
CreateEventW
SetEvent
CreateTimerQueue
LoadLibraryExW
FreeLibrary
GetTickCount
SetLastError
TerminateProcess
InterlockedFlushSList
VirtualQuery
OpenThread
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
Thread32First
Thread32Next
HeapCreate
InitializeCriticalSectionAndSpinCount
VirtualAlloc
GetCurrentProcess
EnterCriticalSection
HeapFree
VirtualProtect
QueryPerformanceCounter
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GlobalAlloc
QueryPerformanceFrequency
Sleep

user32

wsprintfA
GetSystemMetrics
wsprintfW

advapi32

RegOverridePredefKey
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
GetUserNameW
ImpersonateLoggedOnUser
SystemFunction036
RegOpenCurrentUser
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RevertToSelf

ole32

CoInitializeSecurity
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysAllocString
SysFreeString

wininet

InternetConnectW
InternetQueryOptionW
HttpEndRequestW
InternetWriteFile
InternetQueryDataAvailable
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW

shlwapi

PathRemoveFileSpecW

iphlpapi

GetNetworkParams

ws2_32

GetAddrInfoW
socket
bind
listen
WSAStartup
send
WSAGetLastError
recv
accept
select
__WSAFDIsSet
shutdown
htons
inet_addr
setsockopt
gethostbyname
recvfrom
sendto
closesocket
ioctlsocket
FreeAddrInfoW
getsockopt
connect
WSAIoctl

crypt32

CertFindChainInStore
CertCloseStore
CertFreeCertificateContext
CertOpenSystemStoreW
CryptDecodeObjectEx
CryptStringToBinaryA
CryptBinaryToStringA

netapi32

NetApiBufferFree
NetWkstaGetInfo

ntdll

RtlImageNtHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader

winhttp

WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpQueryOption
WinHttpSetOption
WinHttpReceiveResponse
WinHttpConnect
WinHttpSendRequest

dnsapi

DnsQuery_W
DnsFree

msvcrt

__CxxFrameHandler
___lc_codepage_func
_lock
_unlock
_iob
__dllonexit
fgets
_controlfp
_XcptFilter
abort
free
malloc
_time64
_clearfp
log10
__pctype_func
_statusfp
?terminate@@YAXXZ
_msize
??3@YAXPEAX@Z
strchr
ceil
memcmp
strncmp
___lc_handle_func
strrchr
memchr
localeconv
realloc
memmove
_beginthreadex
fputc
memcpy
setlocale
_CxxThrowException
??0exception@@QEAA@XZ
memset
_initterm
atexit
__getmainargs
_amsg_exit
_cexit
calloc
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
toupper
_wtoi
wcstoul
tolower
strtol
??_U@YAPEAX_K@Z
_wcsicmp
wcsstr
??_V@YAXPEAX@Z
_errno
__C_specific_handler
fclose
??2@YAPEAX_K@Z
fopen
__DestructExceptionObject
__uncaught_exception
exp
sqrt
__RTDynamicCast

msvcp60

_Getctype
_Tolower
_Toupper

Exports

Exports

CoreStage
DispatchEx

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

268a96ebde339bebce27411c886b05ff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

shlwapi

iphlpapi

ws2_32

crypt32

netapi32

ntdll

winhttp

dnsapi

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 13KB - Virtual size: 23KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 13KB - Virtual size: 23KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB