9252d39d710e0fa83e2c3fdfcd63c623eeae3c118988ddb1494fa128d85ac1c1

Sharing

Copy URL

Twitter E-mail

General

Target

9252d39d710e0fa83e2c3fdfcd63c623eeae3c118988ddb1494fa128d85ac1c1
Size

1.7MB
MD5

95ed7cba6c614f763fce67f179f6a851
SHA1

5b71e4fcb309be5c5d586462268c1ecb64f57242
SHA256

9252d39d710e0fa83e2c3fdfcd63c623eeae3c118988ddb1494fa128d85ac1c1
SHA512

3152f96364dbce79b21656ba9a1fb94a9cb77143439d4315c3e0b24eb8b6ab0b800221922eb482960e5c68e80c547390dd1911c6f103e29a4fff72104c24e831
SSDEEP

49152:XchO9kgQD2EfcvVAslByR7zGhBidVxrZgx/OZcx6/STGDd2H9:XchONO2/islBy1Q8r6x/O2x0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9252d39d710e0fa83e2c3fdfcd63c623eeae3c118988ddb1494fa128d85ac1c1

Files

9252d39d710e0fa83e2c3fdfcd63c623eeae3c118988ddb1494fa128d85ac1c1
.dll windows:6 windows x86 arch:x86

81ec48cae7385bbdf854652d5197f5be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleacc

AccessibleObjectFromWindow
AccessibleChildren
AccessibleObjectFromEvent
WindowFromAccessibleObject

urlmon

ObtainUserAgentString

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

freeaddrinfo
inet_pton
closesocket
ntohl
gethostname
recv
getaddrinfo
ioctlsocket
htonl
select
__WSAFDIsSet
sendto
recvfrom
listen
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send

ole32

CoInitializeSecurity
CoCreateInstance
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoInitialize
CoUninitialize

kernel32

ExitThread
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetACP
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileW
FindNextFileW
GetLocalTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
SetEvent
ReleaseMutex
CreateMutexA
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThread
GetCurrentThreadId
GetTickCount
GetModuleFileNameW
LocalFree
FormatMessageW
lstrlenW
OpenMutexA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
GetEnvironmentVariableA
Sleep
MoveFileExA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
WaitForSingleObjectEx
SetLastError
FormatMessageA
CreateFileA
GetFileSizeEx
CreateEventW
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetConsoleMode
ReadConsoleW
InitializeCriticalSectionAndSpinCount
WriteFile
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FlushFileBuffers
IsValidCodePage
GetOEMCP
SetStdHandle
GetTimeZoneInformation
HeapSize
FindFirstFileExA
FindNextFileA
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
CreateEventA
OpenEventA
TlsAlloc
TlsGetValue
TlsSetValue
WideCharToMultiByte
DuplicateHandle
SwitchToThread
GetExitCodeThread
TryEnterCriticalSection
GetStringTypeW
EncodePointer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
TlsFree

user32

UnhookWinEvent
SetWinEventHook
GetWindowThreadProcessId
GetClassNameW
PostThreadMessageW
PeekMessageW
DispatchMessageW
GetMessageW

shell32

SHGetFolderPathW

oleaut32

SysAllocStringLen
VariantCopy
VariantInit
SysFreeString
SysAllocString
VariantClear

advapi32

LookupAccountSidW
OpenProcessToken
OpenThreadToken
GetTokenInformation
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData

ntdll

RtlUnwind

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptDecodeObjectEx
CertOpenStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore

Exports

Exports

?answer@outbyte@@YA_NXZ
?count@outbyte@@YA_NXZ
?find@outbyte@@YA_NXZ
?invoke@outbyte@@YA_NPBD0D0@Z
?move@outbyte@@YA_NXZ
?reply@outbyte@@YA_NXZ
?reverse@outbyte@@YA_NXZ
?rotate@outbyte@@YA_NXZ
?search@outbyte@@YA_NXZ

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81ec48cae7385bbdf854652d5197f5be

Headers

DLL Characteristics

File Characteristics

Imports

oleacc

urlmon

version

ws2_32

ole32

kernel32

user32

shell32

oleaut32

advapi32

ntdll

crypt32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 288KB - Virtual size: 288KB

.data Size: 35KB - Virtual size: 78KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 70KB - Virtual size: 70KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 288KB - Virtual size: 288KB

.data
Size: 35KB - Virtual size: 78KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 70KB - Virtual size: 70KB