f3d1d0b71bc36d66674de4f67d1da7e4c8d3dbfe026b775e651fbf984438083f

Sharing

Copy URL Twitter E-mail

General

Target

f3d1d0b71bc36d66674de4f67d1da7e4c8d3dbfe026b775e651fbf984438083f
Size

83KB
MD5

c458b0c2dfa7984901ed03789e6aa405
SHA1

a4e318de7294eb11fb6a596e20af5d657480355a
SHA256

f3d1d0b71bc36d66674de4f67d1da7e4c8d3dbfe026b775e651fbf984438083f
SHA512

e2af347a44de462b23b4eac62221e822b3acba1329fede7e6904e61176786f4e2e8fe04da7cc50bd0c48af8a6a9956b3b54c5a4bd3c427fc0b70001bde4dea51
SSDEEP

1536:7qEmfhaUpFkaky9MP3cfFb/MyMAjpB7MbTB2mLVabc5VvSpshSWgUnMIj:7qEWAU8akyFb/MyMAjptMbt2mLVabcWC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3d1d0b71bc36d66674de4f67d1da7e4c8d3dbfe026b775e651fbf984438083f

Files

f3d1d0b71bc36d66674de4f67d1da7e4c8d3dbfe026b775e651fbf984438083f
.dll windows:5 windows x86 arch:x86

c719b4ced0eb02a9a3cfd24362d8f6d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strstr
isspace
strpbrk
_stricmp
sscanf
_wcsicmp
_wtoi
mbstowcs
_except_handler3
isprint
strchr
wcscmp
strtoul
wcscpy
strncpy
ctime
_wcsnicmp
wcslen
swprintf
sprintf

ntdll

NtQueryInformationToken
NtOpenThreadToken
RtlNtStatusToDosError
NtOpenProcessToken
RtlTimeToElapsedTimeFields
RtlConvertSidToUnicodeString
NtQueryIoCompletion
NtQueryKey
NtQuerySection
NtQueryMutant
NtQuerySemaphore
NtQueryEvent
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
NtDuplicateObject
NtQueryObject
NtClose
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
NtQueryInformationAtom
RtlCompareMemoryUlong
RtlCompareMemory
NtQuerySystemInformation
NtQueryInformationProcess
NtQueryInformationThread
NtQueryTimer

kernel32

FormatMessageA
lstrcmpA
ExpandEnvironmentStringsA
LoadLibraryA
GetModuleHandleA
ReadProcessMemory
GetVersionExA
LocalFree
GetLastError
HeapFree
WriteProcessMemory
LocalAlloc
lstrcmpiA
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
DuplicateHandle
GetSystemTimeAsFileTime
GetCurrentProcess
lstrlenA
HeapAlloc
VirtualQueryEx

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
LookupAccountSidW
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA

Exports

Exports

NtsdExtensionDllInit
atom
critsec
dh
dlls
dp
dreg
dt
error
gatom
gflag
gle
handle
heap
help
hleak
igrep
kuser
locks
peb
runaway
teb
threadtoken
version
vprot

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c719b4ced0eb02a9a3cfd24362d8f6d6

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 6KB - Virtual size: 6KB