g | Triage

Sharing

Copy URL Twitter E-mail

General

Target

g
Size

439KB
MD5

4bb0387728cbb604e4101da8a5993554
SHA1

24c6190becc0d4fcd5eba54306a3386273987f21
SHA256

6329244cfb3480eae11070f1aa880bff2fd52b374e12ac37f1eacb6379c72b80
SHA512

7219f4e8aa0a08dcd6ee68d376dc28be68d568d023ac3338819c1f4ef93e7bad6ad6e2d32183a50fe4b2db7d3acd41e258af95dfa0c91ab4c0ee40c8e6a5af71
SSDEEP

6144:WJ0C7G5Wm/xf+rWcfKm75zvuaZHUvXggD6FT1Bnxhslt3pQGKyurrUaBZq+Rgxx/:ZC7G5WBpnZu2BFLxsKlU+Zzgxx9oW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
g

Files

g
.dll windows:6 windows x86 arch:x86

9c0deeb64d3b80cc6432019cb9710e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
WinExec
GetModuleHandleW
LoadLibraryW
GetProcAddress
CloseHandle
CreateMutexW
GetLastError
GetConsoleOutputCP
WriteFile
SetStdHandle
GetModuleFileNameW
HeapSize
GetStringTypeW
GetVersionExW
LCMapStringW
GetProcessHeap
HeapFree
LoadLibraryA
FormatMessageW
HeapAlloc
CreateEventW
WaitForSingleObject
ReleaseSRWLockExclusive
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
AcquireSRWLockExclusive
GetCurrentProcess
RtlCaptureContext
ReleaseMutex
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentThreadId
GetCommandLineA
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
DuplicateHandle
SetFilePointerEx
SetThreadPriority
SleepEx
GetCPInfo
GetOEMCP
GetCurrentProcessId
IsValidCodePage
FindFirstFileExW
GetModuleHandleExW
RaiseException
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStdHandle
InterlockedFlushSList
WriteFileEx
GetExitCodeProcess
TerminateProcess
TryAcquireSRWLockExclusive
RtlUnwind
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx
CreateMutexA
TlsSetValue
GetModuleHandleA
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
IsProcessorFeaturePresent
GetStartupInfoW
CreateDirectoryW
FindFirstFileW
ReadFile
GetOverlappedResult
CancelIo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetFileType
IsDebuggerPresent
InitializeSListHead
ReadFileEx
ExitProcess
GetCurrentThread
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetACP
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
TlsGetValue
GetFullPathNameW
GetSystemTimeAsFileTime
FreeLibrary
DecodePointer

shell32

IsUserAnAdmin

advapi32

SystemFunction036

ntdll

NtReadFile
RtlNtStatusToDosError
NtCreateFile
NtWriteFile

bcrypt

BCryptGenRandom

Exports

Exports

DllMain

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c0deeb64d3b80cc6432019cb9710e4b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

advapi32

ntdll

bcrypt

Exports

Exports

Sections

.text Size: 331KB - Virtual size: 331KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 2KB - Virtual size: 5KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 331KB - Virtual size: 331KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 2KB - Virtual size: 5KB

.reloc
Size: 13KB - Virtual size: 12KB