1205bd3d090fd6a0e666a2d8743ffd1f49536aff1fb88d488213b420ad3047b5

Sharing

Copy URL Twitter E-mail

General

Target

1205bd3d090fd6a0e666a2d8743ffd1f49536aff1fb88d488213b420ad3047b5
Size

396KB
MD5

5c1c461e980aef3f671b82853620cc77
SHA1

35115d10f2120ae3409f5caa34c5f6e146febfff
SHA256

1205bd3d090fd6a0e666a2d8743ffd1f49536aff1fb88d488213b420ad3047b5
SHA512

599dbc342ea4a3645dd4f5291dc396c09bd76ddebe896c79e253f57913991cc38cef88f250241b52d987ce009a049f8fe0e2ec18d23e8673c380d7b69ea40903
SSDEEP

12288:jxL2OWY9jSwbWQBxvJJzfWnMZd4vt1AkmSxI3oyb:t2FapbfWSkmSxI3oyb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1205bd3d090fd6a0e666a2d8743ffd1f49536aff1fb88d488213b420ad3047b5

Files

1205bd3d090fd6a0e666a2d8743ffd1f49536aff1fb88d488213b420ad3047b5
.dll windows:4 windows x86 arch:x86

d5d24d3e0dcce6e680803b20cbb503bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadStringPtrW
lstrcatW
GetPrivateProfileStringW
lstrcpynW
lstrcmpW
Sleep
CloseHandle
CreateFileW
GetTickCount
SetFilePointer
ReadFile
WriteFile
lstrlenA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetFileAttributesW
SetLastError
SetFileAttributesW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
DisableThreadLibraryCalls
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
GetFileTime
GetFullPathNameW
SetFileTime
GetTempFileNameW
GetTempPathW
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetLocaleInfoW
SetStdHandle
SetConsoleCtrlHandler
LoadLibraryA
GetOEMCP
GetACP
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
lstrlenW
lstrcmpiW
CompareFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
FindResourceW
GetLastError
MoveFileW
SizeofResource
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetProcAddress
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
HeapReAlloc
ExitProcess
FatalAppExitA
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
HeapSize
SetUnhandledExceptionFilter
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy

user32

CharUpperBuffW
CharUpperBuffA
LoadStringW
MessageBoxW
CharLowerBuffA
PeekMessageW
TranslateMessage
DispatchMessageW
CharLowerBuffW
CharNextW
wsprintfW

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
IsTextUnicode
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptAcquireContextW

shell32

SHFileOperationW

ole32

CreateFileMoniker
CoCreateInstance
CreateBindCtx

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantInit

urlmon

CreateURLMoniker

shlwapi

PathIsRelativeW
PathRemoveBackslashW
PathMatchSpecW
PathFindFileNameW
PathRelativePathToW

Exports

Exports

?CreateIConvertInterface@@YAPAVIConvert@@XZ
?FreeIConvertInterface@@YAXPAVIConvert@@@Z
DllCanUnloadNow

Sections

.text
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5d24d3e0dcce6e680803b20cbb503bd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

shlwapi

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 293KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 28KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 296KB - Virtual size: 293KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 17KB