228eb97229ecd4507e8253b5191280d96a08fb8595cfbbf7dacc9dc4047e0c8c

Sharing

Copy URL

Twitter E-mail

General

Target

228eb97229ecd4507e8253b5191280d96a08fb8595cfbbf7dacc9dc4047e0c8c
Size

1.3MB
MD5

69c2ec8893254b651a22744f3a11445c
SHA1

887702ebb6983da53400a5bf83a024b75e2024de
SHA256

228eb97229ecd4507e8253b5191280d96a08fb8595cfbbf7dacc9dc4047e0c8c
SHA512

a364034f52a3ba96b88ac31f9650c4188c106ac752ae710732d001550442cf7a5dba108ae99c1ae4aa7723f566d41c5853ce176123d293f77ef4c18687a8c537
SSDEEP

24576:ku9tSu6JJPeBeiC6P2BUuJ61mFCN9MZ/m05G+Ib9kPn0I+4:qtiCkAehE0I+4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
228eb97229ecd4507e8253b5191280d96a08fb8595cfbbf7dacc9dc4047e0c8c

Files

228eb97229ecd4507e8253b5191280d96a08fb8595cfbbf7dacc9dc4047e0c8c
.dll windows:4 windows x86 arch:x86

35733b7b9bb20906af7a34ffad916cce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
DeviceIoControl
GetSystemDirectoryW
InterlockedExchange
ReleaseSemaphore
CreateSemaphoreW
SetEvent
LocalFree
GetCurrentProcessId
OpenMutexW
CreateMutexW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
GetDriveTypeW
QueryDosDeviceW
GetFileSize
GetLastError
CreateEventW
ResetEvent
WaitForMultipleObjects
GetFileAttributesW
CreateFileW
WriteFile
lstrlenA
WideCharToMultiByte
FormatMessageA
LoadResource
FindResourceExW
MultiByteToWideChar
GetACP
lstrlenW
FormatMessageW
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
ReleaseMutex
PulseEvent
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SuspendThread
GetExitCodeThread
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
IsBadReadPtr
SetNamedPipeHandleState
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
CancelIo
OpenSemaphoreW
ExpandEnvironmentStringsA
GetSystemDirectoryA
ExpandEnvironmentStringsW
GetModuleFileNameA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
ReadFile
CreateFileA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesA
DeleteFileA
MoveFileA
MoveFileW
CreateDirectoryA
CopyFileA
RemoveDirectoryA
CreateDirectoryW
CopyFileW
RemoveDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
MoveFileExA
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
SetFilePointer
OutputDebugStringW
FreeConsole
WriteConsoleW
GetStdHandle
AllocConsole
GetLocalTime
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
GetTimeZoneInformation
GetSystemTime
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
HeapFree
FatalAppExitA
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadCodePtr
UnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetOEMCP
LoadLibraryA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileInformationByHandle
OpenProcess
lstrcmpW
GetSystemInfo
SetPriorityClass
GetPriorityClass
GetThreadPriority
ReadProcessMemory
FreeLibrary
CreateProcessA
InterlockedCompareExchange
InterlockedExchangeAdd
CreateProcessW
VirtualQueryEx
lstrcmpA
LocalAlloc
SetEndOfFile
SetFileTime
GetFileTime
GetFileAttributesExW
BackupWrite
BackupSeek
BackupRead
GetDriveTypeA
GetLogicalDrives
QueryDosDeviceA
GetVolumeInformationW
SetVolumeLabelW
GetDiskFreeSpaceExW
DefineDosDeviceW
QueryPerformanceCounter
DeleteFileW
GetTickCount
WaitForSingleObject
OpenEventW
CloseHandle
Sleep
GetPrivateProfileStringW
GetModuleFileNameW
GetEnvironmentVariableW
GetCurrentThreadId

user32

MessageBoxW
GetSystemMetrics
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetUserObjectInformationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
OpenInputDesktop
EnumWindowStationsW
EnumDesktopsW
EnumDesktopWindows
SystemParametersInfoW
GetWindowLongW
MessageBoxA
SetWindowTextW
ShowWindow
FindWindowW
SendMessageW
PostMessageW
DestroyWindow
CloseWindow
wsprintfW
MsgWaitForMultipleObjects
PostThreadMessageW
DispatchMessageW
TranslateMessage
SetWindowLongW
GetMessageW
PeekMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
GetDesktopWindow

advapi32

RegDeleteValueW
RegConnectRegistryW
ControlService
StartServiceW
OpenServiceW
DeleteService
OpenSCManagerW
LockServiceDatabase
CreateServiceW
CloseServiceHandle
UnlockServiceDatabase
RegQueryValueExA
RegCreateKeyA
RegCreateKeyW
RegCreateKeyExA
RegOpenKeyW
GetTokenInformation
SetFileSecurityW
RegSetKeySecurity
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW
GetUserNameW
RegOpenKeyA
QueryServiceStatus
QueryServiceConfigW
ChangeServiceConfigW
EnumServicesStatusW
DeregisterEventSource
ReportEventA
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyW
RegSetValueExA
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegisterEventSourceA

ws2_32

listen
shutdown
closesocket
connect
socket
WSAIoctl
htons
htonl
bind
ntohs
setsockopt
WSACleanup
getsockopt
send
recv
sendto
WSAStartup
WSAGetLastError
recvfrom
ntohl
getpeername
accept
getsockname

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdi32

CreateDCA
DeleteDC
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject

shell32

SHGetSpecialFolderPathW

oleaut32

DosDateTimeToVariantTime

Exports

Exports

??0CSDTransformReader@@QAE@XZ
??4CSDTransformReader@@QAEAAV0@ABV0@@Z
?fnSDTransformReader@@YAHXZ
?nSDTransformReader@@3HA
RunSDTransformReader

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35733b7b9bb20906af7a34ffad916cce

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

version

gdi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 108KB - Virtual size: 126KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 76KB - Virtual size: 73KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 108KB - Virtual size: 126KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 76KB - Virtual size: 73KB