21352dd31018be2185657ad08c1b5009a0bf97e5d2d063aff597c0a96b2d52b7

Sharing

Copy URL Twitter E-mail

General

Target

21352dd31018be2185657ad08c1b5009a0bf97e5d2d063aff597c0a96b2d52b7
Size

329KB
MD5

658707540e59852523f28562dcc346b5
SHA1

7284da816714b950b51e1a134927a5d3cbcdf7f5
SHA256

21352dd31018be2185657ad08c1b5009a0bf97e5d2d063aff597c0a96b2d52b7
SHA512

748bf473c8f86cf4c9ea87acc5dabc8ad7e03727051ef9b87e7bd2df0880ae8b480ff1b8776c85f844d888449ad4c0861f10559b27078ea1420d8e6b5eff9ca9
SSDEEP

6144:smWicfSPyXTnkl+r+MHLt8TaggWQI9TXS0os0:smWip2TnGC+MHL2mgiIFXS0

Score

10^/10

Malware Config

Signatures

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21352dd31018be2185657ad08c1b5009a0bf97e5d2d063aff597c0a96b2d52b7

Files

21352dd31018be2185657ad08c1b5009a0bf97e5d2d063aff597c0a96b2d52b7
.dll windows:5 windows x86 arch:x86

0ed688721285c2be667eedae4e00d1fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

PFXExportCertStoreEx
CertOpenSystemStoreA
CertVerifyTimeValidity
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertGetCertificateContextProperty
CertGetNameStringA
CertCloseStore
CertAddCertificateContextToStore
CertOpenStore
CertDeleteCertificateFromStore
PFXIsPFXBlob

winscard

SCardReleaseContext
SCardListReadersA
SCardDisconnect
SCardFreeMemory
SCardEstablishContext
SCardConnectA

sensapi

IsNetworkAlive

iphlpapi

GetTcpTable

msvcrt

_except_handler3
memset
memcpy
isdigit
strtol
strstr
_strrev
strchr
_snprintf
_wcsicmp
isprint
fclose
fseek
realloc
fwrite
fread
fopen
strncpy
exit
sprintf
free
calloc
malloc
atoi

psapi

GetModuleFileNameExA

dnsapi

DnsFlushResolverCache

wininet

HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetSetStatusCallback
InternetQueryOptionA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

ws2_32

ntohs
gethostbyname
closesocket
htons
inet_addr
WSASetLastError
WSAGetLastError
accept
listen
send
socket
bind
recv
shutdown
WSAStartup
inet_ntoa
connect
gethostname
getpeername
htonl
setsockopt
recvfrom
select
__WSAFDIsSet

shell32

ShellExecuteA
SHGetSpecialFolderPathA
ord680
SHGetFolderPathA
ExtractIconExA
SHFileOperationA

shlwapi

PathAppendA
StrStrIA
PathIsDirectoryA
PathFileExistsA
PathFindFileNameA
PathAddBackslashA
StrStrIW
StrToIntA
StrChrIA
StrStrA
StrNCatA
StrCmpNIA
PathMakeSystemFolderA

ntdll

ZwOpenProcess
RtlCreateUserThread
RtlImageNtHeader

kernel32

FindNextFileW
lstrlenW
CreateFileW
FileTimeToSystemTime
FindFirstFileW
GetFileInformationByHandle
GetFileType
LocalAlloc
GetLocalTime
SystemTimeToFileTime
GetFileSize
FileTimeToDosDateTime
SwitchToThread
WriteProcessMemory
LocalFree
Module32Next
VirtualAllocEx
GetHandleInformation
Module32First
GetProcessTimes
CreateRemoteThread
VirtualFree
VirtualQuery
LoadLibraryA
GetPrivateProfileStringA
GetShortPathNameA
GetFileAttributesW
GetFileAttributesA
GetVersionExW
WideCharToMultiByte
VirtualProtect
GetThreadPriority
VirtualAlloc
InterlockedExchange
FlushInstructionCache
CloseHandle
lstrcmpA
TerminateThread
WinExec
MoveFileA
ExitThread
GetCommandLineW
HeapSize
HeapValidate
GetProcessHeap
GetCurrentDirectoryA
CopyFileA
GetLogicalDriveStringsA
SetCurrentDirectoryA
SetThreadPriority
GetDriveTypeA
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
IsDebuggerPresent
GetTickCount
GetVolumeInformationA
GetEnvironmentVariableA
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
Process32First
GetTimeFormatA
GetDateFormatA
OpenProcess
GetSystemWindowsDirectoryA
GetTimeZoneInformation
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
lstrcpynA
Sleep
GetTempFileNameA
WaitForMultipleObjects
GetTempPathA
GetSystemTime
CreateFileA
SetFilePointer
MoveFileExA
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
SetErrorMode
SetEvent
OpenMutexA
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateProcessA
MultiByteToWideChar
GlobalUnlock
GlobalFree
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
OpenFileMappingA
CreateMutexA
GetComputerNameA
lstrlenA
CreateEventA
GetVersionExA
ResetEvent
GetCommandLineA
InitializeCriticalSection

user32

GetWindow
DestroyIcon
FindWindowA
SetClipboardData
OpenClipboard
GetDesktopWindow
EmptyClipboard
GetIconInfo
RegisterWindowMessageA
SendMessageA
WindowFromPoint
DrawIcon
CreateDesktopA
GetTopWindow
CloseClipboard
SendMessageW
IsWindowVisible
IsWindow
GetShellWindow
PostMessageW
IsIconic
MapVirtualKeyW
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
PostMessageA
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
ReleaseDC
GetMenuItemCount
DefMDIChildProcW
DestroyCursor
DefWindowProcA
GetMenuState
CopyIcon
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
GetUserObjectInformationA
PrintWindow
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
RedrawWindow
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
PtInRect
GetFocus
RealChildWindowFromPoint
GetClassNameA
GetCursorPos
GetWindowTextW
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii
FindWindowW
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetWindowDC
GetThreadDesktop
SetThreadDesktop
SetCaretBlinkTime
GetDC
GetSystemMetrics
CharUpperA
GetCursor
GetLastActivePopup

gdi32

CreateFontIndirectA
GetObjectA
GetClipRgn
BitBlt
GetViewportOrgEx
SetViewportOrgEx
CreateCompatibleBitmap
OffsetRgn
GetDeviceCaps
DeleteDC
CreateDIBSection
GetDIBits
GdiFlush
DeleteObject
SelectClipRgn
CreateRectRgn
SelectObject
CreateCompatibleDC

advapi32

CryptGetKeyParam
RegSetValueExA
RegFlushKey
GetUserNameA
RegDeleteValueA
RegEnumKeyExA
RegNotifyChangeKeyValue
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
AdjustTokenPrivileges
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
GetTokenInformation
SetNamedSecurityInfoA
OpenThreadToken
OpenProcessToken
CryptGetUserKey
RegOpenKeyA
RegCloseKey

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantInit
SysAllocString

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ed688721285c2be667eedae4e00d1fd

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

winscard

sensapi

iphlpapi

msvcrt

psapi

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 269KB - Virtual size: 268KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 68KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 269KB - Virtual size: 268KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 68KB

.reloc
Size: 18KB - Virtual size: 18KB