9d1d44b9c3a5eabebb1d875a2cda45a90dc8a22740824182291e6f9bcebffcbf

Sharing

Copy URL Twitter E-mail

General

Target

9d1d44b9c3a5eabebb1d875a2cda45a90dc8a22740824182291e6f9bcebffcbf
Size

3.6MB
MD5

0220975dee93ffb51b0b191cd3504dd3
SHA1

d9f910b93eb482882b49af598a29c8af6150dc75
SHA256

9d1d44b9c3a5eabebb1d875a2cda45a90dc8a22740824182291e6f9bcebffcbf
SHA512

e9fc490601d43f523f5683669569b3ba9aa8bbe9efc158a086e177528557de7f218e29b29ebd1577843e1d7b60febab7a3a836200f4f948998bc76b86c676d46
SSDEEP

49152:F8Y/Q94iZNrP2t0ZyyIjnRnUtSHxf5lwHI6F:F8Y/QSirHv2Rg4xf5lwHI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d1d44b9c3a5eabebb1d875a2cda45a90dc8a22740824182291e6f9bcebffcbf

Files

9d1d44b9c3a5eabebb1d875a2cda45a90dc8a22740824182291e6f9bcebffcbf
.dll windows:4 windows x64 arch:x64

928b316f3126865cdd91c5fd11b09dbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

user32

CharUpperW
CharPrevExA

advapi32

SystemFunction036

msvcrt

strchr
_purecall
memset
free
malloc
strlen
__CxxFrameHandler
realloc
strstr
wcscmp
strcmp
memmove
_CxxThrowException
memcpy
memcmp
exit
__C_specific_handler
_beginthreadex
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
Sleep
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
SetEvent
DeleteFileW
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetOEMCP
DeleteCriticalSection
LocalFileTimeToFileTime
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
WriteFile
ReadFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
FindClose
FindFirstFileW
GetModuleHandleA
GetFileAttributesW

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

928b316f3126865cdd91c5fd11b09dbf

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 344KB - Virtual size: 343KB

.data Size: 1KB - Virtual size: 35KB

.pdata Size: 76KB - Virtual size: 76KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 344KB - Virtual size: 343KB

.data
Size: 1KB - Virtual size: 35KB

.pdata
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 13KB - Virtual size: 12KB