b34f957963f020cd8ba8eb5e9c3754de3e277a6d8648671d81bf1996133d51e2

Sharing

Copy URL Twitter E-mail

General

Target

b34f957963f020cd8ba8eb5e9c3754de3e277a6d8648671d81bf1996133d51e2
Size

820KB
MD5

250ff1a5bfa234d04eb5b56625cce701
SHA1

99905e16b7b4091714341c56fca36dbb19204aa4
SHA256

b34f957963f020cd8ba8eb5e9c3754de3e277a6d8648671d81bf1996133d51e2
SHA512

8cdc7cc399434edb2780b0e10057f628ae70c0ef0278a06d24c62251a39ef0b65d903e8271e558572ebb0ca040b5ab92bbc6bf3eb02b2f463e7c9f1e05ed817a
SSDEEP

12288:xFcAyis4mAywSYFW+oS+zQotTIhIWvsRlnvCvNA2h0M4C:xdyis4mAysRotTI7EDnJ2h0NC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b34f957963f020cd8ba8eb5e9c3754de3e277a6d8648671d81bf1996133d51e2

Files

b34f957963f020cd8ba8eb5e9c3754de3e277a6d8648671d81bf1996133d51e2
.dll windows:4 windows x86 arch:x86

d9db4c7627bdeeae908bf8b6502a6f82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
GetUserNameW
RegOpenKeyW
RegSetValueExW
SetFileSecurityW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExA
RegSetValueExA
RegEnumKeyW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegSetKeySecurity
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegOpenKeyA
RegCreateKeyExA
RegCreateKeyA
RegConnectRegistryW

user32

SetThreadDesktop
GetThreadDesktop
OpenDesktopW
OpenInputDesktop
GetUserObjectInformationW
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
GetSystemMetrics
MsgWaitForMultipleObjects
OpenWindowStationW
MessageBoxW
EnumDesktopWindows
GetWindowThreadProcessId
GetWindowLongW
GetParent
IsWindowVisible
EnumWindows
GetWindowTextA
GetWindowTextW
CloseDesktop

ws2_32

getsockname
recvfrom
__WSAFDIsSet
select
closesocket
inet_addr
htons
socket
WSAGetLastError
ntohl
inet_ntoa
gethostbyname
sendto
getpeername
htonl
send
getsockopt
WSASetLastError
WSAIoctl
WSAStartup
ntohs

kernel32

GetDriveTypeW
GetLogicalDrives
QueryDosDeviceW
QueryDosDeviceA
GetVolumeInformationW
SetVolumeLabelW
GetDiskFreeSpaceExW
DefineDosDeviceW
GetDriveTypeA
DeviceIoControl
VirtualProtect
GetWindowsDirectoryA
CreateFileMappingA
BeginUpdateResourceW
UpdateResourceW
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
GetLastError
Sleep
GetCurrentThreadId
OutputDebugStringW
GetTickCount
GetCurrentProcessId
WaitForSingleObject
CloseHandle
OpenMutexW
ReleaseMutex
GetModuleHandleW
GetModuleFileNameW
SetLastError
GetLongPathNameW
OpenEventW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
WideCharToMultiByte
GetFileInformationByHandle
CreateFileA
GetModuleHandleA
CreateThread
GetCurrentProcess
OpenProcess
LocalFree
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetSystemInfo
DeleteFileW
RemoveDirectoryW
lstrcmpW
SetFileAttributesW
GetFileAttributesW
CopyFileW
MoveFileW
ReadFile
CreateFileW
CreateDirectoryW
GetProfileStringW
InterlockedIncrement
InterlockedDecrement
lstrlenA
FormatMessageA
LoadResource
FindResourceExW
GetACP
lstrlenW
FormatMessageW
GetVersionExW
DeleteCriticalSection
SleepEx
InterlockedExchange
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
CreateEventW
SetEvent
PulseEvent
ResetEvent
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
SuspendThread
GetExitCodeThread
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
FatalAppExitA
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetFilePointer
GetOEMCP
LoadLibraryA
SetConsoleCtrlHandler
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
FlushFileBuffers
SetEnvironmentVariableA
GetLocalTime
FreeConsole
WriteConsoleW
AllocConsole
ExpandEnvironmentStringsA
GetSystemDirectoryA
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathA
GetTempPathW
GetEnvironmentVariableW
SetFileAttributesA
GetFileAttributesA
DeleteFileA
MoveFileA
CreateDirectoryA
CopyFileA
RemoveDirectoryA
MoveFileExA
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
OpenFileMappingW
lstrcmpA
LocalAlloc
SetPriorityClass
GetPriorityClass
GetThreadPriority
ReadProcessMemory
CreateProcessA
InterlockedCompareExchange
InterlockedExchangeAdd
CreateProcessW
VirtualQueryEx
FreeResource
LoadLibraryExW
VirtualQuery
LockResource
SizeofResource
EnumResourceNamesW
EnumResourceTypesW
EnumResourceLanguagesW
EndUpdateResourceW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CoInitializeEx
CoInitialize

Exports

Exports

IsInBlacklist
IsInTAccCtrllist
IsInWhitelist
RegisterNetSecurityProc
SecurityProxyStart
SetEnableNetSecurity
SetGWMode
StartUploadCtrl
TAccCtrlStart
TAccCtrlStop
TMailHookStart
TMailHookStop
TSafeGWStart
TSafeGWStop
UnRegisterNetSecurityProc

Sections

.text
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9db4c7627bdeeae908bf8b6502a6f82

Headers

File Characteristics

Imports

advapi32

user32

ws2_32

kernel32

version

ole32

Exports

Exports

Sections

.text Size: 628KB - Virtual size: 626KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 88KB - Virtual size: 117KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 41KB

.text
Size: 628KB - Virtual size: 626KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 88KB - Virtual size: 117KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 41KB