93c185e7662bebc3712a638498e41831f4f771c1782bf6dad1668d81331cb4d5

Sharing

Copy URL Twitter E-mail

General

Target

93c185e7662bebc3712a638498e41831f4f771c1782bf6dad1668d81331cb4d5
Size

661KB
MD5

2334e109f7b3879a5c36f86093d67d12
SHA1

f8c6ba9615d77b7806c912b33fe2b2d1c859a5f6
SHA256

93c185e7662bebc3712a638498e41831f4f771c1782bf6dad1668d81331cb4d5
SHA512

7b6dd75ab7a57192638fd8143815ec9a29a663fc20ce51421eb0b510974ac5f996f22e6c285ec75bf2545265ae4581470b12d9a77aac5f75d66b43c1928a6b3c
SSDEEP

12288:o4N+lwBdMlVA5KXXrPI26B6cA1EAdm0tRTUph0lhSMXliGo0vF:t+lwfMlMmX96B6dEAo0tRTqh0lhSMXlt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93c185e7662bebc3712a638498e41831f4f771c1782bf6dad1668d81331cb4d5

Files

93c185e7662bebc3712a638498e41831f4f771c1782bf6dad1668d81331cb4d5
.dll windows:6 windows x64 arch:x64

9bd88e0f51f9edbed0c7c0ab21296fb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileW
FindClose
MultiByteToWideChar
GetTickCount64
GetLastError
Process32NextW
GetCurrentThread
CloseHandle
CreateRemoteThread
GetTickCount
SetLastError
TerminateProcess
ResumeThread
ExitProcess
VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
UnmapViewOfFile
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadLibraryExW
VerSetConditionMask
WideCharToMultiByte
VerifyVersionInfoW
HeapSize
FlushFileBuffers
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetStringTypeW
QueryPerformanceCounter
GetModuleHandleExW
CreateFileW
FindFirstFileExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
RtlPcToFileHeader
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeSRWLock
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
GetSystemTimeAsFileTime
GetCPInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ReadFile
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
HeapReAlloc
GetConsoleOutputCP
IsValidCodePage
GetACP
WriteConsoleW

ws2_32

GetAddrInfoExW
InetPtonW

Exports

Exports

DllGetActivationFactory
StartApplication

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bd88e0f51f9edbed0c7c0ab21296fb1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 369KB - Virtual size: 368KB

.rdata Size: 235KB - Virtual size: 235KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 14KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 348B

.detourc Size: 26KB - Virtual size: 25KB

.detourd Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 369KB - Virtual size: 368KB

.rdata
Size: 235KB - Virtual size: 235KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 14KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 348B

.detourc
Size: 26KB - Virtual size: 25KB

.detourd
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB