d6ed9c9b3c4f03c400ccb6b0bb7ec7baf6c610ad26ec001d057792caf10694b5

Sharing

Copy URL Twitter E-mail

General

Target

d6ed9c9b3c4f03c400ccb6b0bb7ec7baf6c610ad26ec001d057792caf10694b5
Size

6.4MB
MD5

988a3c0edc6e6c90fc71c788481cea0f
SHA1

bd18bba7244b3d90119544b689b3fbf2bd52316d
SHA256

d6ed9c9b3c4f03c400ccb6b0bb7ec7baf6c610ad26ec001d057792caf10694b5
SHA512

58a38054d7485f0bad415a4b819e349e431e5a7972515045e2581490cb3e2ce752115a33ed39a013461075516921544f899430da5de819cc11cca54ce6d9014c
SSDEEP

196608:AJCS6iM8pGSVWI7EpOk3hGgwKABLVcNbvyfrJlVAV023:qkiMKVWoBk3UWA9Vccfd8L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6ed9c9b3c4f03c400ccb6b0bb7ec7baf6c610ad26ec001d057792caf10694b5

Files

d6ed9c9b3c4f03c400ccb6b0bb7ec7baf6c610ad26ec001d057792caf10694b5
.dll windows:6 windows x86 arch:x86

97c14c28437f00b42a018a399e0a4c8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
CloseHandle
GetModuleFileNameW
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
SetFilePointerEx
LoadLibraryExW
ReadConsoleW
OutputDebugStringW
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
SwitchToThread
GetUserDefaultUILanguage
GetPrivateProfileIntW
GetFileAttributesW
GetLogicalDrives
EnumCalendarInfoW
WriteFile
GetSystemDefaultUILanguage
GetOEMCP
GetACP
IsValidCodePage
GetProcessHeap
GetFileType
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
GetSystemTimeAsFileTime
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle

user32

MapDialogRect
SetRect
MessageBoxA
TrackPopupMenu
IsIconic
AttachThreadInput
CreateMenu
PostQuitMessage
GetDC
GetCapture
SetWindowLongA
UnregisterClassA
RemoveMenu
GetSystemMetrics
ValidateRect
KillTimer
GetParent
SetClassLongA
GetDesktopWindow
CreatePopupMenu
ReleaseCapture
WaitMessage

gdi32

GetBitmapBits
ExtCreatePen
DeleteDC
CreateFontA
SelectClipRgn
CreateBrushIndirect
GetObjectType
SetPaletteEntries
SetTextAlign
TextOutA
GetStockObject
SetTextColor

advapi32

GetLengthSid
AllocateAndInitializeSid
StartServiceW
RegGetKeySecurity
RegQueryInfoKeyW
ControlService

shell32

SHGetFileInfoW

oleaut32

SafeArrayGetLBound
SafeArrayPtrOfIndex
VariantClear

Exports

Exports

?__ahtfrydhwshi@@YAKXZ
?__cyzmus@@YA_WXZ
?__djgxm@@YA_JXZ
?__hhxmbooquhjfeq@@YAGXZ
?__nabvjirkh@@YAIXZ
?__uoknnedztksh@@YAOXZ
?__vqlxwmaimci@@YAMXZ
?__yimainalslrsyw@@YA_JXZ
?__ypwfpggkg@@YAKXZ

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jdfekh
Size: 512B - Virtual size: 18B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ywtol
Size: 512B - Virtual size: 18B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gnbhxg
Size: 512B - Virtual size: 197B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5.9MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jdfekh
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ywtol
Size: 1024B - Virtual size: 637B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gnbhxg
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wctxu
Size: 512B - Virtual size: 183B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97c14c28437f00b42a018a399e0a4c8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 442KB - Virtual size: 442KB

.jdfekh Size: 512B - Virtual size: 18B

.ywtol Size: 512B - Virtual size: 18B

.gnbhxg Size: 512B - Virtual size: 197B

.data Size: 5.9MB - Virtual size: 12.6MB

.idata Size: 3KB - Virtual size: 3KB

.jdfekh Size: 512B - Virtual size: 202B

.ywtol Size: 1024B - Virtual size: 637B

.gnbhxg Size: 9KB - Virtual size: 8KB

.wctxu Size: 512B - Virtual size: 183B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 442KB - Virtual size: 442KB

.jdfekh
Size: 512B - Virtual size: 18B

.ywtol
Size: 512B - Virtual size: 18B

.gnbhxg
Size: 512B - Virtual size: 197B

.data
Size: 5.9MB - Virtual size: 12.6MB

.idata
Size: 3KB - Virtual size: 3KB

.jdfekh
Size: 512B - Virtual size: 202B

.ywtol
Size: 1024B - Virtual size: 637B

.gnbhxg
Size: 9KB - Virtual size: 8KB

.wctxu
Size: 512B - Virtual size: 183B

.reloc
Size: 12KB - Virtual size: 12KB