30955b9ffa71af4ff75483951046777f2e741cd11282dbc664391c627d92cc68

Sharing

Copy URL Twitter E-mail

General

Target

30955b9ffa71af4ff75483951046777f2e741cd11282dbc664391c627d92cc68
Size

376KB
MD5

1a4ccef8707eacb77d28601f8a927e70
SHA1

52a73706a654c29aff407c2307aae0e8e35b79e0
SHA256

30955b9ffa71af4ff75483951046777f2e741cd11282dbc664391c627d92cc68
SHA512

9142445bedf8d932719d01e614d4e15b25546fa5f82b3aef1b61d26cc6733abea6f1e6b172540b028347af4b49a3a685aa996413e93d6d4716d3ff59824c1b54
SSDEEP

6144:RH8s8myiWpoDEYh4o4hS3e2FZPzlTMPm7CIam6xQie95N:RcXHVhStnhfCIV6xQ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30955b9ffa71af4ff75483951046777f2e741cd11282dbc664391c627d92cc68

Files

30955b9ffa71af4ff75483951046777f2e741cd11282dbc664391c627d92cc68
.dll windows:4 windows x86 arch:x86

9f620bb6a78791a6b58e1e82abbffe12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetDateFormatA
GlobalFree
lstrlenW
lstrcmpiW
LocalAlloc
InterlockedCompareExchange
CloseHandle
InterlockedIncrement
FreeLibrary
VirtualAlloc
ReleaseMutex
MultiByteToWideChar
GetModuleHandleW
WaitForSingleObject
InterlockedDecrement
GetTickCount
GetVersionExA
GetModuleHandleA
GlobalAlloc
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
InterlockedExchange
WideCharToMultiByte
CreateEventW
SetEvent
GetLastError
GetModuleFileNameW
UnhandledExceptionFilter
GetCurrentThreadId
LoadResource
LocalFree
ReadFile
CreateWaitableTimerW
DeleteCriticalSection
TerminateProcess
LeaveCriticalSection
SetUnhandledExceptionFilter
GetThreadLocale
ResetEvent
WaitForMultipleObjects
EnterCriticalSection
GetExitCodeThread
CreateFileW
QueryPerformanceCounter
DeviceIoControl
CreateMutexW
RaiseException

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoInitializeEx

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey

oleaut32

SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

Exports

Exports

ClearFreeList
InteractLoop
List_Size
Warning
ZeroDivisiError
set_convert_mono
set_hIST
vInitA

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f620bb6a78791a6b58e1e82abbffe12

Headers

File Characteristics

Imports

kernel32

ole32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 8KB - Virtual size: 7KB