f1b96bd59cdf8f180dddb7f374777a1a9c34faa6fc14aa3f1eeb5a185702f888

Sharing

Copy URL Twitter E-mail

General

Target

f1b96bd59cdf8f180dddb7f374777a1a9c34faa6fc14aa3f1eeb5a185702f888
Size

352KB
MD5

219529da9ca60707f113d501491031fc
SHA1

1f178f1b66fecd21e1ed53b394f1871b55c4a536
SHA256

f1b96bd59cdf8f180dddb7f374777a1a9c34faa6fc14aa3f1eeb5a185702f888
SHA512

cf2db8849cb1a4f4bfd92cc5228ef3555ba6dc17ae11efcb9516c34d89223f513b3bde3d73b3a8c87ae3ae552534285f7e7b4ea72aa8ce07e4053ffc4e18d2f4
SSDEEP

6144:KFIzfnBN/Gd2Q4qDZ2pP3xjGNRvMT7PN6qv4mBzqDusb7muH7CB:KFw/BFCp4qF2NBjGfvDlCYmB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1b96bd59cdf8f180dddb7f374777a1a9c34faa6fc14aa3f1eeb5a185702f888

Files

f1b96bd59cdf8f180dddb7f374777a1a9c34faa6fc14aa3f1eeb5a185702f888
.dll windows:5 windows x64 arch:x64

9e9dbd4825bcf33f71eb7fbef538676a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
GetCurrentThreadId
GetExitCodeThread
MultiByteToWideChar
QueryPerformanceCounter
InitializeCriticalSection
DisableThreadLibraryCalls
RaiseException
DecodePointer
ResetEvent
GetACP
lstrcatW
CreateEventA
GetFileSizeEx
ReadFile
lstrlenW
SetFilePointer
WriteFile
lstrcmpW
lstrcpyW
OpenEventW
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetProcessHeap
HeapSize
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
SetEndOfFile
CreateEventW
TerminateThread
FormatMessageW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetModuleHandleA
TerminateProcess
LoadLibraryA
GetProcAddress
OpenProcess
CloseHandle
WaitForSingleObject
GetStartupInfoW
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetWindowsDirectoryW
LocalFree
OutputDebugStringA
HeapFree
HeapReAlloc
HeapAlloc
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
GetLastError
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
EncodePointer
GetStringTypeW
WideCharToMultiByte
OutputDebugStringW
IsDebuggerPresent
CreateThread
Sleep
SetEvent

user32

GetMessageW
OpenInputDesktop
CloseDesktop
GetThreadDesktop
GetUserObjectInformationW
SetThreadDesktop
UnregisterClassW
SendMessageW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
PostQuitMessage
DefWindowProcW
GetForegroundWindow
GetWindowTextW
wsprintfW
GetFocus
GetKeyState
TranslateMessage
DispatchMessageW

gdi32

GetStockObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
SystemFunction036
RegSetValueExA
InitializeSecurityDescriptor
LookupAccountSidW
RevertToSelf
DuplicateToken
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
OpenProcessToken

ole32

CoCreateGuid
CoUninitialize
CoInitialize

psapi

GetModuleBaseNameA

ws2_32

htons
inet_addr
WSASocketW
WSAGetLastError
WSAStartup
WSACleanup
connect
WSACloseEvent
closesocket
WSAEnumNetworkEvents
shutdown
WSAEventSelect
WSACreateEvent
ioctlsocket
setsockopt
recv
gethostbyname
send

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl

shlwapi

SHGetValueA

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

Exports

Exports

OperateRoutineW
StartRoutineW
StopRoutineW
WorkRoutineW

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sklp
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e9dbd4825bcf33f71eb7fbef538676a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

psapi

ws2_32

winhttp

shlwapi

crypt32

wtsapi32

Exports

Exports

Sections

.text Size: 222KB - Virtual size: 221KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 6KB - Virtual size: 18KB

.pdata Size: 11KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.sklp Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 222KB - Virtual size: 221KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 6KB - Virtual size: 18KB

.pdata
Size: 11KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.sklp
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB