5f88172131fb10d372d2919bfa4b53d3f6f3bfeb53e7f2c7540bd970529c42aa

Sharing

Copy URL

Twitter E-mail

General

Target

5f88172131fb10d372d2919bfa4b53d3f6f3bfeb53e7f2c7540bd970529c42aa
Size

329KB
MD5

510dc9413bd0ad98fdedaea1f39c0620
SHA1

3a8237ebfa57418d5201c2349917eae501a0f9af
SHA256

5f88172131fb10d372d2919bfa4b53d3f6f3bfeb53e7f2c7540bd970529c42aa
SHA512

620a5295be3ed594c710657b9880b211cb910d070323ee089509feee921e12c4ea50ea04304bc3e06b52b15d8c7f68f2f444ba1a17e29f0abc6b0c22508aa52b
SSDEEP

6144:RLmWnuNrNVUvPEmRyWHj8MVloEh5QLxCSPGIsTPNctYy6egz8zZ4SUcXgZQoi:RLmWuNrNVUXEYDQL5JsL+2DN8F4SUyAi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f88172131fb10d372d2919bfa4b53d3f6f3bfeb53e7f2c7540bd970529c42aa

Files

5f88172131fb10d372d2919bfa4b53d3f6f3bfeb53e7f2c7540bd970529c42aa
.dll windows:5 windows x86 arch:x86

ea89c4b03849f1f72257eac879217121

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winscard

SCardEstablishContext
SCardFreeMemory
SCardConnectA
SCardReleaseContext
SCardListReadersA
SCardDisconnect

sensapi

IsNetworkAlive

iphlpapi

GetTcpTable

msvcrt

strchr
isprint
fclose
fseek
realloc
_except_handler3
fwrite
fread
fopen
strncpy
sprintf
atoi
isdigit
strtol
strstr
_strrev
_snprintf
exit
malloc
calloc
free
memcpy
memset

psapi

GetModuleFileNameExA

netapi32

NetApiBufferFree
NetQueryDisplayInformation

dnsapi

DnsFlushResolverCache

wininet

HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetSetStatusCallback
InternetQueryOptionA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA

ws2_32

listen
accept
WSAGetLastError
send
inet_addr
htons
closesocket
ntohs
gethostbyname
socket
bind
recv
shutdown
WSAStartup
inet_ntoa
connect
gethostname
getpeername
htonl
setsockopt
WSASetLastError
__WSAFDIsSet
recvfrom
select

shell32

ord680
ShellExecuteA
ExtractIconExA
SHFileOperationA
SHGetSpecialFolderPathA
SHGetFolderPathA

shlwapi

PathFileExistsA
StrToIntA
PathFindFileNameA
StrStrIA
PathMakeSystemFolderA
PathAppendA
StrCmpNIA
StrNCatA
StrStrA
PathAddBackslashA
StrChrIA
StrStrIW

ntdll

RtlCreateUserThread
RtlImageNtHeader

kernel32

GetCommandLineA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetDriveTypeA
SetCurrentDirectoryA
GetLogicalDriveStringsA
CopyFileA
GetCurrentDirectoryA
GetProcessHeap
HeapValidate
HeapSize
ResetEvent
ExitThread
MoveFileA
WinExec
TerminateThread
FindNextChangeNotification
FindFirstChangeNotificationA
lstrcmpA
GetCurrentProcess
FlushInstructionCache
InterlockedExchange
GetThreadPriority
VirtualProtect
WideCharToMultiByte
GetVersionExW
GetCommandLineW
GetVersionExA
GetFileAttributesA
GetFileAttributesW
SetThreadPriority
FindNextFileW
lstrlenW
CreateFileW
FileTimeToSystemTime
FindFirstFileW
GetFileInformationByHandle
GetFileType
LocalAlloc
GetLocalTime
SystemTimeToFileTime
GetFileSize
FileTimeToDosDateTime
SwitchToThread
WriteProcessMemory
LocalFree
Module32Next
LoadLibraryA
VirtualAllocEx
GetHandleInformation
Module32First
GetProcessTimes
CreateRemoteThread
VirtualQuery
GetPrivateProfileStringA
GetLastError
SetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
IsDebuggerPresent
GetTickCount
GetVolumeInformationA
GetEnvironmentVariableA
GetTimeFormatA
VirtualFree
GetDateFormatA
VirtualAlloc
AddVectoredExceptionHandler
GetSystemDefaultLangID
Process32First
OpenProcess
GetSystemWindowsDirectoryA
GetTimeZoneInformation
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
lstrcpynA
Sleep
WaitForMultipleObjects
CloseHandle
GetSystemTime
CreateFileA
SetFilePointer
MoveFileExA
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
GetTempFileNameA
FindClose
FindNextFileA
GetTempPathA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
SetErrorMode
SetEvent
OpenMutexA
GetCurrentThreadId
GetCurrentProcessId
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateProcessA
MultiByteToWideChar
GlobalUnlock
GlobalFree
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
OpenFileMappingA
CreateMutexA
GetComputerNameA
lstrlenA
CreateEventA
GetShortPathNameA

user32

GetSystemMetrics
GetDC
SetCaretBlinkTime
SetThreadDesktop
GetThreadDesktop
ReleaseDC
GetShellWindow
GetWindow
SetClipboardData
OpenClipboard
GetDesktopWindow
EmptyClipboard
RegisterWindowMessageA
CreateDesktopA
GetTopWindow
CloseClipboard
SendMessageW
IsWindowVisible
IsWindow
GetLastActivePopup
PostMessageW
IsIconic
MapVirtualKeyW
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
PostMessageA
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
SendMessageA
GetWindowInfo
CharUpperA
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetMenuItemCount
DefMDIChildProcW
DefWindowProcA
GetMenuState
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
GetUserObjectInformationA
PrintWindow
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
FindWindowA
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
PtInRect
WindowFromPoint
GetFocus
RealChildWindowFromPoint
GetClassNameA
GetCursorPos
GetWindowTextW
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii
FindWindowW
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetWindowDC
GetParent
RedrawWindow

gdi32

CreateFontIndirectA
GetObjectA
GetClipRgn
BitBlt
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
OffsetRgn
CreateRectRgn
DeleteDC
CreateDIBSection
GetDIBits
GetDeviceCaps
GdiFlush
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegOpenKeyExA
SetNamedSecurityInfoA
AdjustTokenPrivileges
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueA
GetTokenInformation
RegDeleteKeyA
OpenThreadToken
OpenProcessToken
RegNotifyChangeKeyValue
RegEnumKeyExA
RegDeleteValueA
GetUserNameA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegFlushKey

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea89c4b03849f1f72257eac879217121

Headers

DLL Characteristics

File Characteristics

Imports

winscard

sensapi

iphlpapi

msvcrt

psapi

netapi32

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

Sections

.text Size: 272KB - Virtual size: 271KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 67KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 272KB - Virtual size: 271KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 67KB

.reloc
Size: 18KB - Virtual size: 17KB