696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b

Sharing

Copy URL

Twitter E-mail

General

Target

696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b
Size

329KB
MD5

5eaa83e6c73670779eab08d468d8a631
SHA1

3e410c750e44de6d5c3e740c731bae413574c4cc
SHA256

696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b
SHA512

8dd81d9d0b065fe4bbbfac537d335dbad5093c450d98f5f19536490622eec68ffbfb1796d5b9d23231c1f1891406697d7529a080f9117022708762970e9b65ae
SSDEEP

6144:RmWhxR1arY/PbgmFOabPIIBhJXAv7eTY9suz0xhttGSrDKE3KIvSka8b2:RmWTR1arYnEKosuzY34CZ3DvSkN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b

Files

696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b
.dll windows:5 windows x86 arch:x86

9d537a41f578adfa5c667555f5058bc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winscard

SCardFreeMemory
SCardListReadersA
SCardReleaseContext
SCardEstablishContext
SCardConnectA
SCardDisconnect

sensapi

IsNetworkAlive

iphlpapi

GetTcpTable

dbghelp

SymSetOptions
SymGetSymFromAddr
SymGetModuleBase
SymInitialize
SymGetModuleInfo

msvcrt

strchr
isprint
fclose
fseek
realloc
fwrite
fread
fopen
_except_handler3
strncpy
sprintf
atoi
isdigit
strtol
strstr
_strrev
_snprintf
exit
malloc
calloc
free
memcpy
memset

psapi

GetModuleFileNameExA

netapi32

NetQueryDisplayInformation
NetApiBufferFree

dnsapi

DnsFlushResolverCache

wininet

HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetSetStatusCallback
InternetQueryOptionA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

ws2_32

send
listen
accept
WSAGetLastError
WSASetLastError
inet_addr
htons
closesocket
ntohs
gethostbyname
socket
bind
recv
shutdown
WSAStartup
inet_ntoa
select
setsockopt
htonl
getpeername
gethostname
connect
__WSAFDIsSet
recvfrom

shell32

ExtractIconExA
SHGetFolderPathA
SHGetSpecialFolderPathA
ord680
SHFileOperationA
ShellExecuteA

shlwapi

StrToIntA
PathMakeSystemFolderA
PathAppendA
PathAddBackslashA
PathFindFileNameA
StrStrIA
StrCmpNIA
StrNCatA
StrStrA
StrChrIA
StrStrIW
PathFileExistsA

ntdll

RtlImageNtHeader
RtlCreateUserThread
ZwQueryInformationThread

kernel32

OpenEventA
lstrcmpiW
OpenFileMappingA
CreateMutexA
lstrlenA
CreateEventA
GetVersionExA
ResetEvent
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
GetDriveTypeA
lstrcmpiA
SetCurrentDirectoryA
GetLogicalDriveStringsA
CopyFileA
GetCurrentDirectoryA
GetProcessHeap
HeapValidate
HeapSize
GetCommandLineW
ExitThread
MoveFileA
WinExec
TerminateThread
FindNextChangeNotification
FindFirstChangeNotificationA
SetThreadPriority
HeapCreate
lstrcmpA
FlushInstructionCache
GetComputerNameA
LeaveCriticalSection
FindNextFileW
lstrlenW
CreateFileW
FileTimeToSystemTime
FindFirstFileW
GetFileInformationByHandle
GetFileType
LocalAlloc
GetLocalTime
SystemTimeToFileTime
GetFileSize
FileTimeToDosDateTime
SwitchToThread
WriteProcessMemory
LocalFree
Module32Next
LoadLibraryA
VirtualAllocEx
GetHandleInformation
Module32First
GetProcessTimes
CreateRemoteThread
VirtualQuery
GetPrivateProfileStringA
GetShortPathNameA
GetFileAttributesW
GetFileAttributesA
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
VirtualProtect
GetThreadPriority
GetLastError
SetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetTickCount
GetVolumeInformationA
GetEnvironmentVariableA
GetCurrentProcess
GetTimeFormatA
GetCurrentThread
VirtualFree
GetDateFormatA
VirtualAlloc
AddVectoredExceptionHandler
GetSystemDefaultLangID
Process32First
OpenProcess
GetSystemWindowsDirectoryA
GetTimeZoneInformation
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
lstrcpynA
Sleep
WaitForMultipleObjects
CloseHandle
GetSystemTime
CreateFileA
SetFilePointer
MoveFileExA
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
GetTempFileNameA
FindClose
FindNextFileA
GetTempPathA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
SetErrorMode
SetEvent
OpenMutexA
GetCurrentThreadId
GetCurrentProcessId
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateProcessA
GlobalUnlock
GlobalFree
CreateThread
InterlockedExchange

user32

GetWindowDC
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
CharUpperA
GetSystemMetrics
GetDC
SetCaretBlinkTime
SetThreadDesktop
GetThreadDesktop
ReleaseDC
GetShellWindow
GetWindow
FindWindowA
SetClipboardData
OpenClipboard
GetDesktopWindow
EmptyClipboard
RegisterWindowMessageA
CreateDesktopA
GetTopWindow
CloseClipboard
SendMessageW
IsWindowVisible
IsWindow
GetLastActivePopup
PostMessageW
IsIconic
MapVirtualKeyW
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
PostMessageA
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
SendMessageA
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetMenuItemCount
DefMDIChildProcW
DefWindowProcA
GetMenuState
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
GetUserObjectInformationA
FindWindowW
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
RedrawWindow
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
PtInRect
WindowFromPoint
GetFocus
RealChildWindowFromPoint
GetClassNameA
GetCursorPos
GetWindowTextW
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii
PrintWindow

gdi32

GetClipRgn
BitBlt
GetViewportOrgEx
SelectClipRgn
CreateFontIndirectA
CreateRectRgn
DeleteDC
CreateDIBSection
GetDIBits
GdiFlush
OffsetRgn
CreateCompatibleBitmap
GetObjectA
DeleteObject
SelectObject
CreateCompatibleDC
SetViewportOrgEx
GetDeviceCaps

advapi32

RegNotifyChangeKeyValue
AdjustTokenPrivileges
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueA
RegDeleteKeyA
GetTokenInformation
SetNamedSecurityInfoA
OpenThreadToken
RegEnumKeyExA
RegDeleteValueA
GetUserNameA
RegCloseKey
RegFlushKey
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d537a41f578adfa5c667555f5058bc0

Headers

DLL Characteristics

File Characteristics

Imports

winscard

sensapi

iphlpapi

dbghelp

msvcrt

psapi

netapi32

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

Sections

.text Size: 272KB - Virtual size: 271KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 67KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 272KB - Virtual size: 271KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 67KB

.reloc
Size: 17KB - Virtual size: 17KB