678ae08c2c20c801060697053f315d9ab054decfdb08fac9d4e562d50200b848

Sharing

Copy URL Twitter E-mail

General

Target

678ae08c2c20c801060697053f315d9ab054decfdb08fac9d4e562d50200b848
Size

252KB
MD5

9848b3364210753ef09764c2b280da06
SHA1

04f4454f77de997c5760822b156067eb403d8669
SHA256

678ae08c2c20c801060697053f315d9ab054decfdb08fac9d4e562d50200b848
SHA512

5d19831d43b60a7d2ffdd42f062555ab5dc7e6aabe3d9e24018ff95b54c82b643817bb0d51f7be2c23e0771fb588ab9ffdf91d8dc2bcb4349f6576ec8d019c33
SSDEEP

1536:fhoqEr/ETvGAwfN/bXXrC5FIHEh4o15QzUOqqd3Dlt9/NESjxxl:f6Vr/8epTrC5+HEh4o4zNnl9xxl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
678ae08c2c20c801060697053f315d9ab054decfdb08fac9d4e562d50200b848

Files

678ae08c2c20c801060697053f315d9ab054decfdb08fac9d4e562d50200b848
.dll windows:6 windows x86 arch:x86

48c8d8502c1399c53f0a771c4281c411

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msv1_0.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
swprintf_s
wcschr
strncmp
towupper
memmove
wcsrchr
wcsncpy_s
_wcsicmp
strcpy_s
wcsncmp
_snwprintf_s
wcsncat_s
sprintf_s
_vsnprintf_s
memset
wcscpy_s
wcscat_s
memcpy
_ultow

ntdll

EtwEventEnabled
EtwEventWrite
EtwEventRegister
EtwEventUnregister
RtlTimeToTimeFields
RtlEqualString
RtlExtendedMagicDivide
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlInitializeGenericTable
NtOpenProcess
NtQueryInformationProcess
RtlIpv6StringToAddressExW
RtlNumberGenericTableElements
RtlEnterCriticalSection
RtlGetElementGenericTable
RtlDeleteElementGenericTable
RtlLeaveCriticalSection
NtDuplicateToken
NtDuplicateObject
NtOpenProcessToken
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQueryInformationToken
RtlNtStatusToDosError
RtlOemStringToUnicodeString
RtlInitializeCriticalSection
NtQuerySystemInformation
WinSqmSetDWORD
NtOpenKey
RtlFreeOemString
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
RtlIntegerToChar
RtlDeleteResource
NtQueryValueKey
NtDeleteValueKey
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
NtSetValueKey
NtCreateKey
RtlEqualSid
RtlUpcaseUnicodeStringToOemString
RtlCopyUnicodeString
RtlPrefixUnicodeString
NtAllocateLocallyUniqueId
RtlUpcaseUnicodeString
RtlCopySid
RtlConvertSharedToExclusive
RtlAcquireResourceExclusive
NtCreateEvent
NtOpenEvent
NtWaitForSingleObject
RtlGetNtProductType
RtlInitializeResource
EtwLogTraceEvent
RtlInitializeSid
RtlDowncaseUnicodeString
RtlLengthSid
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlIdentifierAuthoritySid
RtlUpperChar
NtQuerySystemTime
RtlCompareMemory
WinSqmIncrementDWORD
RtlEraseUnicodeString
RtlEqualDomainName
RtlDuplicateUnicodeString
RtlRunDecodeUnicodeString
RtlFreeUnicodeString
RtlEqualUnicodeString
RtlAcquireResourceShared
RtlReleaseResource
RtlImpersonateSelf
NtOpenThreadToken
RtlAllocateAndInitializeSid
NtFilterToken
NtSetInformationThread
RtlFreeSid
NtClose
RtlInitString
RtlFreeHeap
RtlAllocateHeap
RtlImageNtHeader
NtSetEvent
RtlInitUnicodeString
EtwTraceMessage
RtlSystemTimeToLocalTime

api-ms-win-security-base-l1-1-0

GetTokenInformation
ImpersonateAnonymousToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RevertToSelf
AdjustTokenPrivileges
GetLengthSid
EqualSid

cryptdll

CDLocateCheckSum
HMACwithSHA
aesCTSDecryptMsg
PBKDF2
aesCTSEncryptMsg

kernel32

SetFilePointer
CreateFileW
GetLastError
GetWindowsDirectoryW
WriteFile
GetLocalTime
CloseHandle
FreeLibrary
LoadLibraryW
GetProcAddress
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
LoadLibraryA
GetComputerNameW
UnregisterWait
GetProfileIntW
RegisterWaitForSingleObjectEx
GetModuleFileNameW
GetModuleHandleW
GetCurrentThread
FlushFileBuffers
GetCurrentProcessId
GetCurrentThreadId
GetComputerNameExW
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
RegSetValueExW
DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer
SetCurrentDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
MoveFileExW
GetSystemDirectoryW
OpenFileMappingW
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
GetVersion
VirtualQuery
VirtualAlloc
VirtualProtect
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
Sleep
LoadLibraryExA
DelayLoadFailureHook
OpenProcess
QueryFullProcessImageNameW
InterlockedCompareExchange64
FormatMessageW
IsDebuggerPresent
DebugBreak
GetTickCount
FormatMessageA
InterlockedExchangeAdd
LocalFree
LocalAlloc
GetSystemInfo
InterlockedDecrement
SetLastError
GetVersionExW
CreateEventW

Exports

Exports

DllMain
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUserEx2
Msv1_0ExportSubAuthenticationRoutine
Msv1_0SubAuthenticationPresent
MsvGetLogonAttemptCount
MsvIsLocalhostAliases
MsvSamLogoff
MsvSamValidate
MsvValidateTarget
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48c8d8502c1399c53f0a771c4281c411

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-security-base-l1-1-0

cryptdll

kernel32

Exports

Exports

Sections

.text Size: 221KB - Virtual size: 220KB

.data Size: 11KB - Virtual size: 12KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 221KB - Virtual size: 220KB

.data
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 11KB - Virtual size: 11KB