2fa0402b5153bfca7b937b5edd201124e9152236845f643c35c27ab42f2e1abf

Sharing

Copy URL

Twitter E-mail

General

Target

2fa0402b5153bfca7b937b5edd201124e9152236845f643c35c27ab42f2e1abf
Size

981KB
MD5

66ccab04fe493082ffc853876c88395d
SHA1

aededefd56b55280f4cfee002c3b172ac378911a
SHA256

2fa0402b5153bfca7b937b5edd201124e9152236845f643c35c27ab42f2e1abf
SHA512

7747c93d8d36c24a561e6d0237ace1dface20e9a7db812e4a3b00bdc51550e1fb831782c447f5c12f50ec5a3b33c6dcd65b7bf488aa7ad590a2fb09c28fbf526
SSDEEP

24576:VX2XV7pJo6cMHEM1W94jKcRvoXiA5TRR+W:VXccNM1j2dt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fa0402b5153bfca7b937b5edd201124e9152236845f643c35c27ab42f2e1abf

Files

2fa0402b5153bfca7b937b5edd201124e9152236845f643c35c27ab42f2e1abf
.dll windows:6 windows x86 arch:x86

59e2c7c8038c86c777cbc7a774672003

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memchr
strstr
strchr
memset
memmove
memcpy
strrchr
memcmp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
_write
__stdio_common_vfprintf
_close
_commit
_read

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_configure_narrow_argv
_errno
_cexit

api-ms-win-crt-convert-l1-1-0

strtol
strtoul

api-ms-win-crt-string-l1-1-0

strcpy
strcmp
strlen
isxdigit
strncmp

api-ms-win-crt-math-l1-1-0

ceil
fabs
cos
sqrt
tan
floor
atan2
log10
ldexp
sin
exp
_except1
pow

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-utility-l1-1-0

_swab

glib-lite

ord127
ord448
ord373
ord369
ord366
ord367
ord370
ord358
ord18
ord20
ord14
ord15
ord360
ord377
ord379
ord365
ord384
ord434
ord424
ord433
ord423
ord438
ord437
ord426
ord425
ord416
ord417
ord453
ord502
ord475
ord500
ord476
ord64
ord385
ord479
ord467
ord94
ord95
ord96
ord105
ord106
ord107
ord481
ord482
ord451
ord450
ord452
ord449
ord493
ord470
ord478
ord485
ord464
ord494
ord471
ord487
ord466
ord496
ord473
ord486
ord495
ord483
ord462
ord480
ord468
ord118
ord484
ord463
ord361
ord499
ord22
ord285
ord211
ord212
ord213
ord350
ord353
ord371
ord441
ord304
ord300
ord421
ord439
ord419
ord413
ord412
ord229
ord210
ord52
ord51
ord54
ord53
ord55
ord113
ord411
ord410
ord43
ord323
ord319
ord222
ord242
ord256
ord243
ord26
ord308
ord309
ord50
ord171
ord172
ord180
ord166
ord168
ord170
ord178
ord120
ord132
ord125
ord126
ord294
ord287
ord295
ord291
ord289
ord298
ord288
ord414
ord477
ord44
ord238
ord488
ord455
ord489
ord25
ord316
ord47
ord45
ord48
ord46
ord201
ord332
ord334
ord329
ord331
ord368
ord303
ord220
ord394
ord341
ord345
ord338
ord112
ord7
ord12
ord32
ord492
ord31
ord266
ord431
ord430
ord232
ord101
ord98
ord49
ord307
ord459
ord181
ord164
ord165
ord179
ord19
ord356
ord389
ord388
ord390
ord427
ord491
ord184
ord363
ord432
ord440
ord219
ord224
ord226
ord498
ord146
ord189
ord128
ord428
ord420
ord326
ord99
ord28
ord30
ord59
ord57
ord58
ord167
ord23
ord375
ord436
ord415
ord321
ord142
ord221
ord225
ord230
ord237
ord233
ord255
ord252
ord4
ord305
ord140
ord139
ord135
ord136
ord138
ord137
ord141
ord504
ord231
ord250
ord245
ord257
ord9
ord3
ord248
ord311
ord314
ord315
ord129
ord29
ord27
ord97
ord108
ord337
ord395
ord396
ord88
ord84
ord81
ord79
ord68
ord78
ord77
ord74
ord70
ord71
ord73
ord75
ord72
ord87
ord76
ord374
ord8
ord199
ord37
ord265
ord131
ord133
ord13
ord381
ord17
ord16
ord380
ord503
ord161
ord234
ord115
ord263
ord446
ord349
ord507
ord505
ord506
ord249
ord435
ord508
ord92
ord93
ord91
ord264
ord447
ord290
ord364
ord376
ord352
ord351
ord355
ord354
ord208
ord207
ord204
ord206
ord205
ord209
ord317
ord392
ord501
ord253
ord258
ord254
ord260
ord261
ord262
ord259
ord251
ord393
ord386
ord175
ord348
ord202
ord244
ord247
ord277
ord276
ord275
ord280
ord279
ord278
ord272
ord281
ord274
ord273
ord56
ord60
ord85
ord69
ord86
ord407
ord409
ord217
ord215
ord216
ord214
ord218
ord177
ord328
ord330
ord383
ord472
ord465
ord457
ord461
ord460
ord454
ord458
ord497
ord474
ord422
ord357
ord359
ord162
ord284
ord283
ord36
ord327
ord325
ord200
ord324
ord186
ord198
ord109
ord10
ord241
ord62
ord61
ord240
ord145
ord124
ord65
ord63
ord90
ord89
ord66
ord6
ord34
ord1
ord2
ord11
ord187
ord35
ord5
ord456
ord117
ord469
ord306
ord173
ord333
ord21
ord239
ord110
ord185
ord174
ord183
ord121
ord143
ord144
ord335
ord336
ord404
ord402
ord403
ord405
ord299
ord301
ord228
ord408
ord382
ord33

ws2_32

WSAWaitForMultipleEvents
WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
WSASetLastError

kernel32

GetLastError
SetLastError
SetEvent
ResetEvent
CloseHandle
CreateEventA
FormatMessageA
GetProcAddress
GetModuleFileNameW
WaitForSingleObject
LoadLibraryA
GetModuleHandleA
RaiseException
QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
Sleep
QueryPerformanceFrequency
GetModuleFileNameA

user32

GetDesktopWindow

dsound

ord1

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 282KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59e2c7c8038c86c777cbc7a774672003

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

glib-lite

ws2_32

kernel32

user32

dsound

Sections

.text Size: 532KB - Virtual size: 532KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 282KB - Virtual size: 284KB

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 282KB - Virtual size: 284KB