8158227c9cc443ab42159b2b46f4e3273a0da631852cd4b3e45fda58628ead45

Sharing

Copy URL Twitter E-mail

General

Target

8158227c9cc443ab42159b2b46f4e3273a0da631852cd4b3e45fda58628ead45
Size

7.6MB
MD5

459c67733836775995e874d879f1ddf1
SHA1

734172fda8c3809fd12e2c61a62a2de02d326073
SHA256

8158227c9cc443ab42159b2b46f4e3273a0da631852cd4b3e45fda58628ead45
SHA512

5a2659ead219179c1dc0bb63b8b4c16460f495f0f7b1e657d2bad591cc3d5f4b10e0582034fa64d0de8bea8251b11e3a99ac2fd26f5d29f9a97925d6c2d04f46
SSDEEP

196608:jO15VTu29kqgwqY8Ndf3uymbdlLcMZMEPvi2Jik7GAMHgN:avV/kPwWKywlZPvirkC1gN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8158227c9cc443ab42159b2b46f4e3273a0da631852cd4b3e45fda58628ead45

Files

8158227c9cc443ab42159b2b46f4e3273a0da631852cd4b3e45fda58628ead45
.dll windows:5 windows x86 arch:x86

b379e6dcd7d6dff50eb6a1de7e19d4b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
Sleep
CreateFileA
GetFileSize
IsBadReadPtr
FileTimeToSystemTime
ReadFile
GetModuleFileNameW
GetFileTime
CloseHandle
FileTimeToLocalFileTime
GetModuleHandleA
OpenProcess
WideCharToMultiByte
VirtualFree
ReadProcessMemory
GetFileAttributesW
GetLastError
VirtualAlloc
VirtualFreeEx
VirtualAllocEx
GetCurrentProcessId
FindVolumeClose
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
MultiByteToWideChar
QueryDosDeviceW
FindFirstVolumeW
ExitProcess
SetUnhandledExceptionFilter
GetTickCount
CreateDirectoryA
GetLocalTime
GetCurrentThreadId
lstrlenA
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
TerminateThread
CreateEventA
GetTempPathA
DeleteFileA
CreateThread
FindFirstFileA
FindClose
FindNextFileA
FileTimeToDosDateTime
GetVersionExA
CreateProcessA
CreatePipe
GetEnvironmentVariableW
RemoveDirectoryA
OpenMutexA
VirtualProtect
VirtualQuery
GetWindowsDirectoryW
OpenFileMappingA
OpenEventA
GlobalFree
GlobalAlloc
GetComputerNameA
DeviceIoControl
CreateFileW
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WaitForMultipleObjects
GetVolumeInformationA
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetConsoleMode
GetModuleFileNameA
GlobalMemoryStatusEx
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
GetNativeSystemInfo
GetFileAttributesA
GetSystemWow64DirectoryA
GetModuleHandleW
GetCurrentProcess
lstrcpyA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
RaiseException
RtlUnwind
CompareStringA
GetCPInfo
CompareStringW
LCMapStringA
LCMapStringW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetConsoleCP

user32

GetClassNameA
GetParent
GetLastInputInfo
SetTimer
KillTimer
GetForegroundWindow
MessageBoxA
GetWindowThreadProcessId
FindWindowA
SendMessageA
FindWindowExA
EnumThreadWindows
GetDesktopWindow
GetWindow
GetClientRect
GetWindowTextA
wsprintfW

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid

ws2_32

inet_addr
WSAStartup
connect
htons
gethostbyname
recv
socket
closesocket
send
inet_ntoa

dbghelp

MiniDumpWriteDump

wininet

InternetConnectA
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA

oleaut32

SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VariantClear
SysAllocString
SysFreeString

advapi32

RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyW

Exports

Exports

iefl
iehs
iexk

Sections

.text
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sub0
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b379e6dcd7d6dff50eb6a1de7e19d4b5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

version

setupapi

ole32

ws2_32

dbghelp

wininet

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 538KB - Virtual size: 538KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 14KB - Virtual size: 24KB

.sub0 Size: 6.9MB - Virtual size: 6.9MB

.reloc Size: 17KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 434B

.text
Size: 538KB - Virtual size: 538KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 14KB - Virtual size: 24KB

.sub0
Size: 6.9MB - Virtual size: 6.9MB

.reloc
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 434B