16b2daea59139104cdd3ea688c438b4b2d0a5292a44617f3baacb511a2054f71

Sharing

Copy URL

Twitter E-mail

General

Target

16b2daea59139104cdd3ea688c438b4b2d0a5292a44617f3baacb511a2054f71
Size

897KB
MD5

66437dc8773d6d6a371ebe034b551cf2
SHA1

08c9009595a39629710eb988274bc81d67141cfb
SHA256

16b2daea59139104cdd3ea688c438b4b2d0a5292a44617f3baacb511a2054f71
SHA512

f9d55748940406a3d4abbaa5600b00b9d088749512cf8302a2e97dd1ef5a89edfef43f6cd2f8106302fcdb5f5bf75983287b1fb3944d9c8b1b53523753acc1c4
SSDEEP

12288:1Od3tbsw1ltBY0PfQyjjiIHzRZgEXT3uUzsPNEz8HR9Ey+t9:gNtfftBY0AapgEXDuoW9q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16b2daea59139104cdd3ea688c438b4b2d0a5292a44617f3baacb511a2054f71

Files

16b2daea59139104cdd3ea688c438b4b2d0a5292a44617f3baacb511a2054f71
.dll windows:6 windows x86 arch:x86

e3f7ff74e2c5c21de6c84be23bb9cec3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualLock
VirtualAlloc
VirtualFree
DebugBreak
GetLastError
GetSystemInfo
IsBadCodePtr
VirtualQueryEx
GetCurrentProcessId
CreateMutexA
GetCurrentThreadId
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
VirtualQuery
Sleep
GetVersion
UnmapViewOfFile
OpenProcess
GetCurrentProcess
OpenMutexA
MapViewOfFileEx
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
OutputDebugStringA
IsDebuggerPresent
HeapFree
GetProcessHeap
HeapAlloc
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
SetEvent
LeaveCriticalSection
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStdHandle
EnumSystemLocalesW
IsValidLocale
GetTimeZoneInformation
MoveFileExW
DeleteFileW
CreateDirectoryW
GetFullPathNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
LoadLibraryExW
RtlUnwind
RaiseException
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
CreateEventW
DecodePointer
EncodePointer
SetEnvironmentVariableA
GetFileAttributesW
GetUserDefaultLCID
FreeLibrary
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
CreateFileW
FlushFileBuffers
ReadFile
SetEndOfFile
WriteFile
SetLastError
GetProcAddress
FindClose
GetModuleFileNameA
GetACP
FindFirstFileW
FindNextFileW
RemoveDirectoryW

stk

?match@?$URegex@$0A@@ex@stk@@QBE?AV?$URegexMatch@$0A@@23@ABV?$UString@$0A@@23@@Z
??B?$URegex@$0A@@ex@stk@@QBE_NXZ
?compare@?$UString@$0A@@ex@stk@@QBEHABV123@Vcase_insensitive_t@detail@23@@Z
?compare@?$UString@$0A@@ex@stk@@QBEHABV123@Vcase_sensitive_t@detail@23@@Z
??H?$UString@$0A@@ex@stk@@QBE?AV012@ABV012@@Z
?isEmpty@?$UString@$0A@@ex@stk@@QBE_NXZ
?init@?$UString@$0A@@ex@stk@@IAEXPB_SI@Z
?deallocate@AllocatorHelper@detail@ex@stk@@IAEXPAXI@Z
?allocate@AllocatorHelper@detail@ex@stk@@IAEPAXIPBX@Z
?getLossyConversion@UStringEncodingException@ex@stk@@QAE?AV?$UString@$0A@@23@XZ
??1?$UStringArray@$0A@@ex@stk@@UAE@XZ
??0?$URegex@$0A@@ex@stk@@QAE@XZ
??8?$UString@$0A@@ex@stk@@QBE_NABV012@@Z
?getAsFoldedCase@?$UString@$0A@@ex@stk@@QBE?AV123@XZ
?getAsUtf16@?$UString@$0A@@ex@stk@@QBE?AV?$UString@$00@23@XZ
??4?$UString@$0A@@ex@stk@@QAEAAV012@ABV012@@Z
?init@?$UString@$0A@@ex@stk@@IAEXXZ
?rawData@?$UString@$00@ex@stk@@QBEPB_SXZ
?size@?$UString@$00@ex@stk@@QBEIXZ
?getAsUtf16@?$UString@$00@ex@stk@@QBE?AV123@XZ
??1?$UString@$00@ex@stk@@QAE@XZ
?init@?$UStringArray@$0A@@ex@stk@@AAEXXZ
?rawData@?$UString@$06@ex@stk@@QBEPBDXZ
?size@?$UString@$06@ex@stk@@QBEIXZ
?replaceAll@?$UString@$0A@@ex@stk@@QAEAAV123@DDVcase_sensitive_t@detail@23@@Z
?double_to_string@ex@stk@@YAPBDNQAD@Z
??1?$URegex@$0A@@ex@stk@@QAE@XZ
??0ObsoleteRegexp@@QAE@ABVObsoleteString@@@Z
?getAsEncoding@?$UString@$0A@@ex@stk@@QBE?AV?$UString@$06@23@ABVEncoding@23@@Z
??1?$UString@$0A@@ex@stk@@QAE@XZ
??0?$UString@$0A@@ex@stk@@QAE@$$QAV012@@Z
??0?$UString@$0A@@ex@stk@@QAE@ABV012@@Z
??0?$UString@$0A@@ex@stk@@QAE@ABV?$UStringView@$0A@@12@@Z
??0?$UString@$0A@@ex@stk@@QAE@PBDIABVEncoding@12@@Z
?index@ObsoleteRegexp@@QBEIABVObsoleteString@@PAII@Z
??0ObsoleteRegexp@@QAE@PBD@Z
??1?$PimplBase@VObsoleteRegexpImpl@@@detail@ex@stk@@IAE@XZ
?case_sensitive@?$UString@$0A@@ex@stk@@2Vcase_sensitive_t@detail@23@B
?case_insensitive@?$UString@$0A@@ex@stk@@2Vcase_insensitive_t@detail@23@B
?rstrip@?$UString@$0A@@ex@stk@@QAEAAV123@ABV?$vector@D@23@@Z
??4?$UString@$0A@@ex@stk@@QAEAAV012@$$QAV012@@Z
?size@?$UString@$0A@@ex@stk@@QBEIXZ
?rawData@?$UString@$0A@@ex@stk@@QBEPBDXZ
?beginsWith@?$UString@$0A@@ex@stk@@QBE_NABV123@Vcase_sensitive_t@detail@23@@Z
?rfind@?$UString@$0A@@ex@stk@@QBEIDI@Z
?substr@?$UString@$0A@@ex@stk@@QBE?AV?$UStringView@$0A@@23@II@Z
?prepend@?$UString@$0A@@ex@stk@@QAEAAV123@ABV123@@Z
?append@?$UString@$0A@@ex@stk@@QAEAAV123@ABV123@@Z
??0?$UString@$00@ex@stk@@QAE@PBDIABVEncoding@12@@Z
?replaceAll@?$UString@$0A@@ex@stk@@QAEAAV123@ABV123@0Vcase_sensitive_t@detail@23@@Z
??1?$UString@$06@ex@stk@@QAE@XZ

Exports

Exports

DllSetMemoryErrorHandler
FME_acceptSession
FME_apiVersion
FME_createWriter
FME_destroyWriter
FME_initialize

Sections

.text
Size: 655KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3f7ff74e2c5c21de6c84be23bb9cec3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

stk

Exports

Exports

Sections

.text Size: 655KB - Virtual size: 654KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 25KB - Virtual size: 197KB

.gfids Size: 512B - Virtual size: 420B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 655KB - Virtual size: 654KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 25KB - Virtual size: 197KB

.gfids
Size: 512B - Virtual size: 420B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 44KB - Virtual size: 44KB