8a2e3b8ada0dde0f328f54a1ce6987288a6dbcf4ce27d9a39cadbc8764d5ca60

Sharing

Copy URL Twitter E-mail

General

Target

8a2e3b8ada0dde0f328f54a1ce6987288a6dbcf4ce27d9a39cadbc8764d5ca60
Size

3.3MB
MD5

339458a605d4af62d26911eeb2791189
SHA1

1e8608e272b5d6ae73a73b6aa6e3766312cbc376
SHA256

8a2e3b8ada0dde0f328f54a1ce6987288a6dbcf4ce27d9a39cadbc8764d5ca60
SHA512

0bc4e6fc7150b1fca3afae97a2c4777f55c93bddfbd1befb7cc535f75862e056ec511b8268c55cb1085e61331a3d19a315108a21ef06a2c8212eb795bf447aee
SSDEEP

49152:iXPwh11sXIAyT9tN93gs5SkP2lS1mdM03aT1Pc/jYcN+DINeMyS:qPs1sByTr5SQrWM03o1c/dN+DINfyS

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a2e3b8ada0dde0f328f54a1ce6987288a6dbcf4ce27d9a39cadbc8764d5ca60

Files

8a2e3b8ada0dde0f328f54a1ce6987288a6dbcf4ce27d9a39cadbc8764d5ca60
.dll windows:6 windows x86 arch:x86

90cbedcae2562774f5bc0a9a0e96a88b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Imports

ws2_32

bind
inet_addr
recvfrom
WSACloseEvent
send
recv
WSAResetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
connect
WSARecv
WSASend
shutdown
ioctlsocket
setsockopt
getsockname
WSAAddressToStringW
WSAStringToAddressW
ntohs
WSAIoctl
WSASetLastError
WSAGetOverlappedResult
listen
WSAGetLastError
getsockopt
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
gethostbyname
socket
sendto
inet_ntoa
htons
htonl
closesocket

kernel32

LCMapStringW
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
EncodePointer
OutputDebugStringW
WaitForSingleObject
GetLastError
SetEvent
LoadLibraryW
ResetEvent
GetProcAddress
UnmapViewOfFile
CloseHandle
CreateEventW
CreateMutexW
Sleep
DisableThreadLibraryCalls
CreateThread
GetCurrentProcessId
OpenMutexW
VirtualAlloc
VirtualFree
GetModuleHandleW
CreateFileW
DeleteFileW
FindClose
GetFileSize
SetFilePointer
WriteFile
SetLastError
CreateFileMappingW
MapViewOfFile
GlobalAlloc
GlobalFree
HeapFree
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetWindowsDirectoryW
GetComputerNameExW
GetNativeSystemInfo
VirtualProtect
OpenFileMappingW
FreeResource
LoadResource
SizeofResource
FindResourceW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
FlushFileBuffers
OutputDebugStringA
GetLocalTime
GetTickCount
FreeLibrary
LoadLibraryA
IsBadReadPtr
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
PostQueuedCompletionStatus
RaiseException
GetQueuedCompletionStatus
DecodePointer
SwitchToThread
CreateIoCompletionPort
WaitForMultipleObjects
MapViewOfFileEx
CreateSemaphoreW
ReleaseSemaphore
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
GetStdHandle
GetFileType
GetStringTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PeekMessageW
wsprintfW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
MessageBoxW
CharUpperBuffW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

ShellExecuteExW

iphlpapi

SendARP
GetIpForwardTable
GetAdaptersInfo

shlwapi

StrPBrkW
StrChrW

winmm

timeGetTime

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.acc0
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.acc1
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90cbedcae2562774f5bc0a9a0e96a88b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

iphlpapi

shlwapi

winmm

Sections

.text Size: 260KB - Virtual size: 259KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 5KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 248B

.acc0 Size: 617KB - Virtual size: 616KB

.acc1 Size: 51KB - Virtual size: 50KB

.reloc Size: 17KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 868B

.text
Size: 260KB - Virtual size: 259KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 5KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 248B

.acc0
Size: 617KB - Virtual size: 616KB

.acc1
Size: 51KB - Virtual size: 50KB

.reloc
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 868B