6c0ff2bddb080318caf2a91d6c47ee80057a5240170b4d1402f97eb599185f7c

Sharing

Copy URL

Twitter E-mail

General

Target

6c0ff2bddb080318caf2a91d6c47ee80057a5240170b4d1402f97eb599185f7c
Size

148.0MB
MD5

6bb76f09c4c2c90055faf8ad65e5dd2d
SHA1

5db516b45e4479e48ee83ed667247d26f605d116
SHA256

6c0ff2bddb080318caf2a91d6c47ee80057a5240170b4d1402f97eb599185f7c
SHA512

5e198af279d6377864053093e573a93ebf342556fe5f99cdd99e8f014104e347922617cb0e48e7e4be9609a8445b10bc57bd563580cc3b5ff59fe8921844b332
SSDEEP

786432:zYJcN4v1SoNjWPNLd1pQshPQLnXni9vyM/52nyMh8sap6cHDh4:zYJqU1JNSPtyLXi9vOn6ccO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c0ff2bddb080318caf2a91d6c47ee80057a5240170b4d1402f97eb599185f7c

Files

6c0ff2bddb080318caf2a91d6c47ee80057a5240170b4d1402f97eb599185f7c
.dll windows:6 windows x86 arch:x86

6de8101ad99b296d01cf68ef52f0fa94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recv
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket

wldap32

ord219
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord73
ord216
ord14
ord46
ord145

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

kernel32

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
FlushFileBuffers
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
HeapReAlloc
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
CreateDirectoryW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
EnumSystemLocalesW
GetTickCount
MoveFileA
GetFileAttributesExA
SetFileTime
GetLastError
CreateFileA
DeleteFileA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
VerifyVersionInfoW
QueryPerformanceCounter
Sleep
MoveFileExA
WaitForSingleObjectEx
GetModuleHandleA
MultiByteToWideChar
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
GetFileSizeEx
WideCharToMultiByte
ExitProcess
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
GetFileAttributesExW
SetEndOfFile
HeapSize
WriteConsoleW
CreateFileW
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

advapi32

CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext

Exports

Exports

_calculatediffs@16
_cleanup_client@4
_dopatch@12
_enablediff@8
_getdiffs@12
_make_client@20
_patch@28

Sections

.text
Size: 536KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6de8101ad99b296d01cf68ef52f0fa94

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 536KB - Virtual size: 535KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 6KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 536KB - Virtual size: 535KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 22KB