fade96ec359474962f2167744ca8c55ab4e6d0700faa142b3d95ec3f4765023b

Sharing

Copy URL

Twitter E-mail

General

Target

fade96ec359474962f2167744ca8c55ab4e6d0700faa142b3d95ec3f4765023b
Size

195KB
MD5

b0729083052b407de643abf78f712058
SHA1

7482dd986923b164f2715eb02eafbedddf545479
SHA256

fade96ec359474962f2167744ca8c55ab4e6d0700faa142b3d95ec3f4765023b
SHA512

603771acb11468d51f589d8bdc6e446a61cae65335bb5fc34c70767ef924280e5fb06650dac3ae8d04a22de5a0e552cef85a18b114cd708715e8e2a5a0299acf
SSDEEP

6144:UqX9aQTGvkTzwIdMDf6kiKRTeyohAIeQ5S0:UqxavV2KRLoeIeQ5d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fade96ec359474962f2167744ca8c55ab4e6d0700faa142b3d95ec3f4765023b

Files

fade96ec359474962f2167744ca8c55ab4e6d0700faa142b3d95ec3f4765023b
.dll windows:6 windows x64 arch:x64

8152fb095d80fec526a7172977df9283

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ProcessIdToSessionId
CreateProcessA
GetStartupInfoA
CreateThread
ExitThread
WaitForMultipleObjects
GetStdHandle
ReadFile
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
GetSystemDirectoryA
WriteConsoleInputA
ReadConsoleOutputCharacterA
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleActiveScreenBuffer
SetConsoleScreenBufferSize
SetConsoleCursorPosition
AllocConsole
FreeConsole
CreateConsoleScreenBuffer
GetTempPathA
CreateFileW
ReadConsoleW
WriteConsoleW
LocalFree
FileTimeToSystemTime
FindNextFileA
FindFirstFileA
SetFileAttributesA
lstrcpynA
FindClose
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetComputerNameA
MoveFileExA
MoveFileA
DeleteFileA
CreateFileA
GetWindowsDirectoryA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
CreateEventA
lstrcatA
lstrcpyA
lstrcmpiA
CloseHandle
SetFilePointer
WideCharToMultiByte
Sleep
WaitForSingleObject
SetErrorMode
GetLastError
TerminateThread
GetCurrentThreadId
TerminateProcess
ExitProcess
GetCurrentProcessId
GetCurrentProcess
lstrlenA
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
GetProcAddress
FreeLibrary
SetStdHandle
HeapSize
FlushFileBuffers
RaiseException
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
DeleteCriticalSection
GetTimeZoneInformation
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
WriteFile
GetCurrentDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
ResumeThread
EncodePointer
DecodePointer
LoadLibraryExW
GetSystemTimeAsFileTime
RtlUnwindEx
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetModuleHandleExW
GetModuleFileNameW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
SetEnvironmentVariableA

user32

wsprintfA
MapVirtualKeyA

advapi32

RegisterServiceCtrlHandlerW
GetTokenInformation
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetServiceStatus
OpenServiceA
OpenSCManagerA
EnumServicesStatusExA
DeleteService
ControlService
CloseServiceHandle
RegSetValueExA
RegSetKeySecurity
RegSaveKeyA
RegRestoreKeyA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegGetKeySecurity
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserA
ImpersonateLoggedOnUser
LookupPrivilegeValueA
LookupAccountSidA
SetKernelObjectSecurity
MakeAbsoluteSD
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
DeleteAce
GetAclInformation
AdjustTokenPrivileges
OpenProcessToken
GetKernelObjectSecurity

shell32

ShellExecuteA
CommandLineToArgvW

ole32

CoCreateGuid
CoUninitialize
CoInitialize

ws2_32

select
recv
listen
inet_ntoa
inet_addr
htons
ioctlsocket
closesocket
bind
accept
send
gethostbyname
gethostname
WSAStartup
socket
shutdown

shlwapi

StrCmpNIA
SHDeleteKeyA
PathFileExistsA

wininet

HttpOpenRequestA
InternetOpenA
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
InternetCloseHandle
InternetGetConnectedState
HttpQueryInfoA
InternetConnectA

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

Run
ServiceMain
StartMain

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8152fb095d80fec526a7172977df9283

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

shlwapi

wininet

psapi

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB