438258256f9e30c9678158f50d9d4bfe8d5ad26bc8770bdb560328e4fd22d0d5

Sharing

Copy URL Twitter E-mail

General

Target

438258256f9e30c9678158f50d9d4bfe8d5ad26bc8770bdb560328e4fd22d0d5
Size

2.3MB
MD5

561ed8b44987d2d98eff59972a1405bf
SHA1

092ef7a73d7c1164185487b11817138f249a686b
SHA256

438258256f9e30c9678158f50d9d4bfe8d5ad26bc8770bdb560328e4fd22d0d5
SHA512

da63a2e182f7ba72211f3682f67da6c908fb23a35836c3b657c81b6d4022d8574657d77d2c22a3f0aa0953898256628f47e935e1570058ce2f7a2b7b47ba2b38
SSDEEP

49152:KcQ31NBRw3vxbykIU3Zf4w2jZTeLYJVG1/zemtSKXf69iP:BoYxGKf2iLwozeGS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
438258256f9e30c9678158f50d9d4bfe8d5ad26bc8770bdb560328e4fd22d0d5

Files

438258256f9e30c9678158f50d9d4bfe8d5ad26bc8770bdb560328e4fd22d0d5
.dll windows:6 windows x64 arch:x64

3ee97cc01a0566fc720e3de22c1391c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
GetModuleHandleA

user32

GetUserObjectInformationW
OffsetRect

advapi32

ReportEventW
RegQueryValueA

msvcp140

?good@ios_base@std@@QEBA_NXZ

normaliz

IdnToAscii

wldap32

ord35

crypt32

CertFreeCertificateChainEngine

ws2_32

accept

bcrypt

BCryptOpenAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-runtime-l1-1-0

strerror_s

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-stdio-l1-1-0

ftell

api-ms-win-crt-time-l1-1-0

_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_dclass

shell32

SHGetDiskFreeSpaceA

Exports

Exports

login
rethp3rgo34rrge
sfwepkfrl2fkpef
wqdwq1kddefewrf

Sections

.pdata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 615KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pexe
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ee97cc01a0566fc720e3de22c1391c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

normaliz

wldap32

crypt32

ws2_32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

shell32

Exports

Exports

Sections

.pdata Size: - Virtual size: 1.7MB

.pdata Size: - Virtual size: 615KB

.pdata Size: - Virtual size: 38KB

.reloc Size: - Virtual size: 70KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 24KB - Virtual size: 24KB

.rdata Size: - Virtual size: 4.0MB

.pexe Size: 118KB - Virtual size: 118KB

.pdata
Size: - Virtual size: 1.7MB

.pdata
Size: - Virtual size: 615KB

.pdata
Size: - Virtual size: 38KB

.reloc
Size: - Virtual size: 70KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 24KB - Virtual size: 24KB

.rdata
Size: - Virtual size: 4.0MB

.pexe
Size: 118KB - Virtual size: 118KB