3aceebf4d8c88665648680ee959967ec39e30475cab1daf5fe2a3ab8bda865e9

Sharing

Copy URL Twitter E-mail

General

Target

3aceebf4d8c88665648680ee959967ec39e30475cab1daf5fe2a3ab8bda865e9
Size

2.0MB
MD5

45855a3e519a57050abb53ea7363a621
SHA1

2c8495bc2b2ffeace003e809d23fa34e6e0fdbd8
SHA256

3aceebf4d8c88665648680ee959967ec39e30475cab1daf5fe2a3ab8bda865e9
SHA512

c3237ce5293e30e8e24c31a53614217e912a61e5c650c2334750a8f2af413d2131be4ef1b3b78e20c9ef6b341389bb3da70b8bec48771f696bc1713d25a674be
SSDEEP

49152:NeQvUmnkPWUr3A2GIeFy3ukt3VQnUAwASKYs:wOUokPWQGdM3ZX9AVl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aceebf4d8c88665648680ee959967ec39e30475cab1daf5fe2a3ab8bda865e9

Files

3aceebf4d8c88665648680ee959967ec39e30475cab1daf5fe2a3ab8bda865e9
.dll windows:6 windows x86 arch:x86

b991e48f7ee39c7ffb15f9778cfca3f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
recv
connect
WSACleanup
WSAStartup
socket
bind
inet_ntop
freeaddrinfo
getaddrinfo
WSAStringToAddressA
WSAIoctl
WSASetLastError
shutdown
setsockopt
send
ntohs
htons
getsockname
WSAGetLastError

kernel32

WriteConsoleW
CreateFileW
SetEnvironmentVariableW
GetCommandLineW
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
CompareStringW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetModuleFileNameW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
ReadFile
LoadLibraryExW
EncodePointer
InterlockedFlushSList
ResumeThread
OpenThread
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
TerminateProcess
CreateThread
GetModuleHandleA
GetFileAttributesW
OutputDebugStringA
LoadLibraryA
GetCurrentProcessId
OutputDebugStringW
GetLocalTime
VirtualProtect
VirtualQuery
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
SetLastError
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
TlsGetValue
TlsSetValue
GetCurrentProcessorNumber
GetSystemInfo
CloseHandle
RaiseException
SetEndOfFile
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GetCurrentThreadId
TerminateThread
GetExitCodeThread
FormatMessageA
TlsAlloc
AcquireSRWLockExclusive
SwitchToThread
VirtualAlloc
VirtualFree
IsBadCodePtr
GetFileSize
MapViewOfFileEx
GetProcAddress
lstrlenA
CreateFileMappingA
UnmapViewOfFile
InitializeCriticalSectionEx
DecodePointer
GetSystemTimeAsFileTime
Sleep
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
LCMapStringW
WriteFile
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetThreadContext
HeapDestroy
CreateFileA
GetStdHandle
SetHandleCount
SetThreadContext
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TlsFree
RtlUnwind
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
FreeLibrary
RtlMoveMemory
DeviceIoControl
GetVolumeInformationA
GetWindowsDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
lstrcpyn
OpenMutexA
CreateMutexA
InitializeCriticalSection
ExitProcess
IsBadReadPtr
WritePrivateProfileStringA
GetPrivateProfileStringA
LCMapStringA
FlushFileBuffers
SetStdHandle
GetVersion
InterlockedDecrement
InterlockedIncrement

user32

PeekMessageA
GetWindowThreadProcessId
FindWindowExA
FindWindowA
PostMessageA
MsgWaitForMultipleObjects
LoadCursorA
MessageBoxA
wsprintfA
ShowWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
UpdateWindow

gdi32

GetStockObject

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

StrChrA

winmm

timeGetTime

Sections

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 941B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b991e48f7ee39c7ffb15f9778cfca3f8

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

version

shlwapi

winmm

Sections

.text Size: 548KB - Virtual size: 548KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 75KB - Virtual size: 121KB

.vmp0 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 23KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 941B

.text
Size: 548KB - Virtual size: 548KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 75KB - Virtual size: 121KB

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 941B