b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3

Sharing

Copy URL

Twitter E-mail

General

Target

b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3
Size

327KB
MD5

dfd7cad7ba3786cd0dda71d5cca7b190
SHA1

5a243ca6d42fab5b833fb71d9119e5a42a6438db
SHA256

b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3
SHA512

cef152237d0a7ec66d0e040ac4b6487545e355559ec93bc0a056d2f866ab81c10f4d8b4538143ab93e59e5b40acd94b2cfb3751d0439d0a31b5c2e5c0ed56624
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3

Files

b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3
.dll windows:5 windows x86 arch:x86

9359562ed14a4ae6cd1b155989ded1e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winscard

SCardDisconnect
SCardListReadersA
SCardEstablishContext
SCardConnectA
SCardFreeMemory
SCardReleaseContext

sensapi

IsNetworkAlive

iphlpapi

GetTcpTable

dbghelp

MiniDumpWriteDump

msvcrt

strchr
isprint
fclose
fseek
realloc
fwrite
fread
fopen
_except_handler3
strncpy
sprintf
atoi
isdigit
strtol
_strrev
_snprintf
exit
malloc
calloc
free
strstr
memcpy
memset

psapi

GetModuleFileNameExA

netapi32

NetQueryDisplayInformation
NetApiBufferFree

dnsapi

DnsFlushResolverCache

wininet

HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetSetStatusCallback
InternetQueryOptionA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

ws2_32

accept
WSAGetLastError
WSASetLastError
inet_addr
htons
closesocket
gethostbyname
ntohs
listen
send
socket
bind
recv
shutdown
WSAStartup
inet_ntoa
connect
gethostname
getpeername
htonl
setsockopt
select
__WSAFDIsSet
recvfrom

shell32

ord680
ShellExecuteA
ExtractIconExA
SHFileOperationA
SHGetSpecialFolderPathA
SHGetFolderPathA

shlwapi

StrStrIW
StrToIntA
PathFileExistsA
StrStrIA
PathMakeSystemFolderA
PathAppendA
StrCmpNIA
StrNCatA
StrStrA
PathFindFileNameA
StrChrIA
PathAddBackslashA

ntdll

RtlCreateUserThread
RtlImageNtHeader

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetDriveTypeA
SetThreadPriority
SetCurrentDirectoryA
GetLogicalDriveStringsA
CopyFileA
GetProcessHeap
HeapValidate
HeapSize
GetCommandLineA
ExitThread
MoveFileA
WinExec
TerminateThread
FindNextChangeNotification
FindFirstChangeNotificationA
lstrcmpA
CloseHandle
FlushInstructionCache
InterlockedExchange
VirtualAlloc
GetThreadPriority
VirtualProtect
WideCharToMultiByte
GetCommandLineW
GetVersionExA
GetVersionExW
GetFileAttributesA
ResetEvent
GetCurrentDirectoryA
FindNextFileW
lstrlenW
CreateFileW
FileTimeToSystemTime
FindFirstFileW
GetFileInformationByHandle
GetFileType
LocalAlloc
GetLocalTime
SystemTimeToFileTime
GetFileSize
FileTimeToDosDateTime
SwitchToThread
WriteProcessMemory
LocalFree
Module32Next
LoadLibraryA
VirtualAllocEx
GetHandleInformation
Module32First
GetProcessTimes
CreateRemoteThread
VirtualFree
VirtualQuery
GetPrivateProfileStringA
GetShortPathNameA
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
IsDebuggerPresent
GetTickCount
GetEnvironmentVariableA
GetCurrentProcess
AddVectoredExceptionHandler
GetCurrentThreadId
GetCurrentProcessId
GetSystemDefaultLangID
Process32First
GetTimeFormatA
GetDateFormatA
OpenProcess
GetTimeZoneInformation
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
lstrcpynA
Sleep
GetTempFileNameA
WaitForMultipleObjects
GetTempPathA
GetSystemTime
CreateFileA
SetFilePointer
MoveFileExA
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
SetErrorMode
SetEvent
OpenMutexA
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateProcessA
MultiByteToWideChar
GlobalUnlock
GlobalFree
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
OpenFileMappingA
CreateMutexA
GetComputerNameA
lstrlenA
CreateEventA
GetFileAttributesW

user32

CharUpperA
FindWindowA
GetSystemMetrics
GetDC
SetCaretBlinkTime
SetThreadDesktop
GetThreadDesktop
ReleaseDC
GetShellWindow
GetWindow
DestroyIcon
SetClipboardData
OpenClipboard
GetDesktopWindow
EmptyClipboard
GetIconInfo
RegisterWindowMessageA
SendMessageA
WindowFromPoint
DrawIcon
CreateDesktopA
GetTopWindow
CloseClipboard
SendMessageW
IsWindowVisible
IsWindow
GetLastActivePopup
PostMessageW
IsIconic
MapVirtualKeyW
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
PostMessageA
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetCursor
GetMenuItemCount
DefMDIChildProcW
DestroyCursor
DefWindowProcA
GetMenuState
CopyIcon
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
PrintWindow
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
RedrawWindow
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
PtInRect
GetFocus
RealChildWindowFromPoint
GetClassNameA
GetCursorPos
GetWindowTextW
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii
FindWindowW
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetWindowDC
GetUserObjectInformationA

gdi32

GetClipRgn
BitBlt
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
GetObjectA
CreateRectRgn
DeleteDC
CreateDIBSection
GetDIBits
GdiFlush
OffsetRgn
CreateCompatibleBitmap
DeleteObject
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GetDeviceCaps

advapi32

GetTokenInformation
OpenProcessToken
RegDeleteKeyA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegDeleteValueA
RegFlushKey
RegSetValueExA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9359562ed14a4ae6cd1b155989ded1e3

Headers

DLL Characteristics

File Characteristics

Imports

winscard

sensapi

iphlpapi

dbghelp

msvcrt

psapi

netapi32

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

Sections

.text Size: 270KB - Virtual size: 270KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 67KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 270KB - Virtual size: 270KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 67KB

.reloc
Size: 17KB - Virtual size: 17KB