ef0140a72e29038bdeff1447008611b2737967f8f0abb21cd54eeb11d627a0bb

Sharing

Copy URL

Twitter E-mail

General

Target

ef0140a72e29038bdeff1447008611b2737967f8f0abb21cd54eeb11d627a0bb
Size

1.9MB
MD5

976c5be1947125b673c7b6ca6fb494b1
SHA1

8e631d79021b9a54659482ecde9a7ef7552e60c6
SHA256

ef0140a72e29038bdeff1447008611b2737967f8f0abb21cd54eeb11d627a0bb
SHA512

7ec5200ce115850dd11512b9ad61d8608d903fe99d8ddf2217d3cfb1e891e0bc7f3b0f3ecebd8fb1795fb933f2ffc048d97ab9b1c49265bd5e9f1518af3dd4f7
SSDEEP

24576:iyoMkp3Y3uud9EY2HRM7rm/hJm29cSV3mmJ7tc06nI+bJtr+QmO7iOwQPKWN:6DbYF29cE3mu7zTSJtrBmO7iRVWN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef0140a72e29038bdeff1447008611b2737967f8f0abb21cd54eeb11d627a0bb

Files

ef0140a72e29038bdeff1447008611b2737967f8f0abb21cd54eeb11d627a0bb
.dll windows:6 windows x86 arch:x86

f56b4f101b58ec2a177a66efd49b0e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

...............................

Imports

kernel32

SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
DeleteFileW
FlushFileBuffers
GetConsoleOutputCP
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
ReadConsoleW
GetConsoleMode
SetFilePointerEx
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetStdHandle
GlobalLock
FreeLibraryAndExitThread
ExitThread
WideCharToMultiByte
WriteFile
SetEndOfFile
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
WriteConsoleW
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RaiseException
RtlUnwind
GetFileSizeEx
CreateFileA
VerifyVersionInfoA
SetLastError
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
MoveFileExA
GetTickCount
GetSystemDirectoryA
SleepEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
GetCurrentProcess
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GlobalUnlock
Sleep
GetModuleHandleA
IsBadReadPtr
GetCurrentProcessId
CloseHandle
GetLastError
FormatMessageW
VirtualProtect
CreateThread
K32GetModuleInformation
TerminateThread
DisableThreadLibraryCalls
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
FileTimeToSystemTime
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection

user32

MessageBeep
SetWindowPos
DispatchMessageA
DefWindowProcW
UnregisterClassW
RegisterClassExW
ShowWindow
SetWindowLongA
GetForegroundWindow
GetWindow
GetWindowLongA
SetLayeredWindowAttributes
GetSystemMetrics
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetAsyncKeyState
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
FindWindowExA
ShowCursor
UpdateWindow
PeekMessageA
TranslateMessage
CreateWindowExW

advapi32

CryptEncrypt
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

d3dx9_43

D3DXMatrixInverse

d3d9

Direct3DCreate9

normaliz

IdnToAscii

ws2_32

accept
ntohl
gethostname
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
sendto
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
recvfrom

wldap32

ord46
ord211
ord60
ord35
ord217
ord50
ord41
ord22
ord26
ord45
ord27
ord32
ord33
ord79
ord30
ord200
ord301
ord143

crypt32

CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertFindCertificateInStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CertFreeCertificateContext
PFXImportCertStore
CryptStringToBinaryA
CertOpenStore

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f56b4f101b58ec2a177a66efd49b0e1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

d3dx9_43

d3d9

normaliz

ws2_32

wldap32

crypt32

imm32

Sections

.text Size: 716KB - Virtual size: 715KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 716KB - Virtual size: 715KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 27KB - Virtual size: 26KB