ce7042809c33be0a0347d7c53e05cddd464366c9972790782147379bcf2e8574

Sharing

Copy URL Twitter E-mail

General

Target

ce7042809c33be0a0347d7c53e05cddd464366c9972790782147379bcf2e8574
Size

64KB
MD5

7dacdf1b3ad803daa2e624a335ef23c5
SHA1

80dfb979ad9a8c0e7025dec15f583add14239f64
SHA256

ce7042809c33be0a0347d7c53e05cddd464366c9972790782147379bcf2e8574
SHA512

8d51d64bb6e53835f4be3d4c5dc46b08e7cda55bc489c7c36262e85db4bcdb30f2e82d7cdc48155e9c0a51367d183dfc61a8f7cd5d0d1363ea0006954884fc69
SSDEEP

1536:2yLPDDzfP+eZYY7uY/SPtJNzA9CWueohR:bL/bLZYYbO89CBL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce7042809c33be0a0347d7c53e05cddd464366c9972790782147379bcf2e8574

Files

ce7042809c33be0a0347d7c53e05cddd464366c9972790782147379bcf2e8574
.dll windows:5 windows x86 arch:x86

c913d7df823542f64ad47be72bed1230

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlDestroyQueryDebugBuffer
RtlGetCurrentPeb
RtlPrefixUnicodeString
wcschr
RtlRandom
ZwEnumerateValueKey
ZwQueryDirectoryFile
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
ZwQueryVolumeInformationFile
RtlExitUserThread
ZwSetSecurityObject
ZwPlugPlayControl
LdrFindEntryForAddress
ZwQueryVirtualMemory
RtlImageDirectoryEntryToData
ZwAdjustPrivilegesToken
ZwImpersonateThread
LdrAccessResource
LdrFindResource_U
ZwDeleteKey
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwRequestPort
LdrAddRefDll
ZwReadVirtualMemory
ZwSetContextThread
ZwReplyWaitReceivePort
ZwCreatePort
ZwAlertThread
ZwQueryInformationThread
RtlQueryProcessDebugInformation
ZwFreeVirtualMemory
ZwResumeThread
ZwAllocateVirtualMemory
RtlNtStatusToDosError
wcscat
RtlConvertSidToUnicodeString
ZwDuplicateToken
_strupr
strtoul
ZwWriteFile
ZwClose
ZwEnumerateKey
ZwOpenKey
ZwQueryValueKey
memcpy
ZwQueryInformationToken
ZwOpenProcessToken
ZwOpenProcess
_alldiv
RtlCreateQueryDebugBuffer
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwQueryInformationProcess
ZwAcceptConnectPort
ZwWriteVirtualMemory
ZwDuplicateObject
memset
ZwSetInformationThread
RtlInitUnicodeString
RtlHashUnicodeString
ZwOpenThreadTokenEx
ZwSetSystemPowerState
_stricmp
RtlComputeCrc32
strlen
ZwCreateFile
ZwSetValueKey
ZwCreateKey
ZwOpenFile
ZwQueryInformationFile
ZwSetInformationFile
RtlIpv4AddressToStringExA
sprintf
ZwOpenThread
DbgPrint
RtlAdjustPrivilege
RtlTimeToSecondsSince1970
wcslen
swprintf
memcmp
RtlStringFromGUID
ZwQueryKey
RtlCreateUserThread
wcscpy
_allmul

kernel32

VirtualProtect
ExitThread
DeactivateActCtx
ActivateActCtx
ExitProcess
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetThreadLocale
FreeLibraryAndExitThread
LocalFree
LocalAlloc
GetLastError
BindIoCompletionCallback
IsDebuggerPresent
GetSystemTimeAsFileTime
WideCharToMultiByte
Sleep
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
GetSystemDefaultLangID
GetVersion
GetTickCount

user32

DestroyWindow
MessageBoxW
DestroyIcon
SendMessageW
EnumThreadWindows
GetWindowLongA
IsWindowUnicode
GetWindowThreadProcessId
UnregisterClassW
RegisterClassW
LoadCursorW
IsWindow
GetActiveWindow
GetMessageW
TrackPopupMenu
GetCursorPos
LoadImageW
PostQuitMessage
CheckMenuItem
InsertMenuItemW
CreatePopupMenu
ChildWindowFromPoint
FindWindowW
InvalidateRect
SystemParametersInfoW
ExitWindowsEx
LoadIconW
IsWindowVisible
SetWindowPos
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
KillTimer
SetDlgItemTextA
EndDialog
SetTimer
GetDlgItem
DialogBoxParamW
GetWindowRect
IsIconic
GetSystemMetrics
AdjustWindowRect
GetClientRect
DefWindowProcW
CreateWindowExW
SetWindowLongW
SetForegroundWindow
EnableWindow
DestroyMenu
ShowWindow
GetWindowLongW
PostMessageW
SetWindowTextW

gdi32

DeleteObject
GetStockObject
CreateSolidBrush

advapi32

ControlService
MD5Final
MD5Update
MD5Init
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CreateProcessAsUserW

shell32

SHGetFileInfoW
Shell_NotifyIconW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
LoadTypeLibEx
SysAllocStringLen
VariantClear
SysFreeString

comctl32

ord17

mswsock

AcceptEx

ws2_32

WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSAStartup
listen
WSACleanup

rpcrt4

UuidCreateSequential

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c913d7df823542f64ad47be72bed1230

Headers

File Characteristics

Imports

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

mswsock

ws2_32

rpcrt4

userenv

version

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 3KB