7a7996eb30be5ebf21dfce3112b6f0af806d48c7c9f75d2a93f71257844292ad

Sharing

Copy URL Twitter E-mail

General

Target

7a7996eb30be5ebf21dfce3112b6f0af806d48c7c9f75d2a93f71257844292ad
Size

2.7MB
MD5

943036a17f43ee08ce4ca616b8a9464a
SHA1

44075cf575ec77d17ebb50aeef4ca617ab6737a8
SHA256

7a7996eb30be5ebf21dfce3112b6f0af806d48c7c9f75d2a93f71257844292ad
SHA512

f2d597914bdf8d51feafb66ec27a8f33d34903da8198b926a85339ef35a13dbfd203c69b5215a24bdf67d2540fe9713148814c1d2c8e48bc112c33bf69cec05e
SSDEEP

49152:8UDTsHejP1XCu6oYHdjO42G1bqqU9S7rJfEphzvqka878KdnuP7M7GwN5VKMWTFY:8G6e1XCOYw/G1bqP479fw4kaSuP7MlsU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a7996eb30be5ebf21dfce3112b6f0af806d48c7c9f75d2a93f71257844292ad

Files

7a7996eb30be5ebf21dfce3112b6f0af806d48c7c9f75d2a93f71257844292ad
.dll windows:5 windows x86 arch:x86

f638dee62a96ca3045f829e394c89ba4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertAddCertificateContextToStore
CryptMsgDuplicate

kernel32

GetExitCodeThread
GetVersionExA
QueryPerformanceCounter
HeapReAlloc
SetThreadIdealProcessor
GetModuleHandleA
GetProcAddress
LoadLibraryExA
GetThreadPriority
TerminateThread
InterlockedPushEntrySList
GetModuleHandleW
GetModuleFileNameW
GetBinaryTypeW
IsProcessorFeaturePresent
CreateFileA
GetProcessHeap
GetSystemDefaultLCID
GetSystemTimeAsFileTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
SetStdHandle
SetFilePointer
LCMapStringW
LCMapStringA
OpenSemaphoreA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
LoadLibraryA
GetModuleFileNameA
WriteFile
VirtualAlloc
VirtualFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
GetLastError
GetStdHandle
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapFree
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
ReadFile
InitializeCriticalSectionAndSpinCount
RtlUnwind

rpcrt4

RpcSsContextLockExclusive
RpcMgmtStopServerListening

ole32

CoWaitForMultipleHandles
HGLOBAL_UserMarshal
GetHGlobalFromStream

gdi32

GetFontUnicodeRanges
FrameRgn

winspool.drv

SetPrinterDataW

ws2_32

WSAGetLastError

shell32

ExtractAssociatedIconA

netapi32

NetGroupDelUser

shlwapi

StrChrW
AssocQueryStringA

winmm

waveOutPause
waveInStart

advapi32

RegCloseKey

oleaut32

SysAllocStringLen

user32

ScreenToClient
LoadAcceleratorsW
GetGUIThreadInfo
DispatchMessageA
SetLastErrorEx
UnhookWindowsHookEx
CreateWindowExA
AllowSetForegroundWindow
UpdateWindow

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

Exports

Exports

MetnentaCsge

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 780KB - Virtual size: 779KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

q
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f638dee62a96ca3045f829e394c89ba4

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

rpcrt4

ole32

gdi32

winspool.drv

ws2_32

shell32

netapi32

shlwapi

winmm

advapi32

oleaut32

user32

psapi

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 164KB - Virtual size: 173KB

PACK Size: 780KB - Virtual size: 779KB

q Size: 1.4MB - Virtual size: 1.4MB

CRT Size: 216KB - Virtual size: 215KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 68KB - Virtual size: 64KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 164KB - Virtual size: 173KB

PACK
Size: 780KB - Virtual size: 779KB

q
Size: 1.4MB - Virtual size: 1.4MB

CRT
Size: 216KB - Virtual size: 215KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 68KB - Virtual size: 64KB