9845ebd8bfbf5d01f5314266adb249d0beccf4dcaa6442c8dd987374bce8eacf

Sharing

Copy URL Twitter E-mail

General

Target

9845ebd8bfbf5d01f5314266adb249d0beccf4dcaa6442c8dd987374bce8eacf
Size

2.7MB
MD5

d794d53909325ec5e030b7c80bb8031f
SHA1

b1e6a4ba3a2585b996a05d4a6791be6bec7caab6
SHA256

9845ebd8bfbf5d01f5314266adb249d0beccf4dcaa6442c8dd987374bce8eacf
SHA512

f010ff6c76fac8c17aa6e7b3e9e914cb5d7bc121c1d38adcccf80cfd4d273705e63d99922d0d8226e0ba5f852038be7ba1780842c1e76f70f66b90df8bfde304
SSDEEP

24576:4AE+RU7DW92wFd3kFBVoRxGpHJbqRqzbv+/BaKlQD4TuyyK6Uq8OGK1:4eC15p96BFlk5iaGK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9845ebd8bfbf5d01f5314266adb249d0beccf4dcaa6442c8dd987374bce8eacf

Files

9845ebd8bfbf5d01f5314266adb249d0beccf4dcaa6442c8dd987374bce8eacf
.dll windows:4 windows x86 arch:x86

c80c56f7ce36cb5f1914e99626b1df74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
lstrlenW
InterlockedDecrement
LocalFree
WideCharToMultiByte
lstrcpynA
lstrlenA
MultiByteToWideChar
lstrcmpiW
GetUserDefaultLCID
MoveFileW
DeleteFileW
CloseHandle
lstrcpynW
CreateFileW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
WriteFile
LockResource
LoadResource
GetModuleHandleW
FindResourceW
SizeofResource
GetLastError
GetSystemDefaultLCID
GetFileSize
lstrcmpW
SetEnvironmentVariableA
GetLocaleInfoW
SetConsoleCtrlHandler
LoadLibraryA
GetOEMCP
GetACP
SetStdHandle
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
GetProcAddress
HeapCreate
OutputDebugStringA
lstrcpyA
OutputDebugStringW
GetLocalTime
GetTickCount
Sleep
SetFilePointer
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileAttributesW
SetLastError
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
CompareFileTime
GetFileTime
GetFullPathNameW
SetFileTime
GetTempFileNameW
GetTempPathW
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
RaiseException
GetCommandLineA
GetVersion
ExitProcess
FatalAppExitA
GetCPInfo
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
HeapSize
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA

user32

MessageBoxW
MessageBoxA
wsprintfW
LoadStringW
GetActiveWindow
wsprintfA

ole32

CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CreateBindCtx
CreateFileMoniker
CLSIDFromProgID
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
ProgIDFromCLSID

oleaut32

SysStringLen
VariantCopy
LoadTypeLibEx
CreateErrorInfo
SetErrorInfo
SafeArrayCreate
SafeArrayAccessData
SysStringByteLen
SysAllocStringByteLen
SafeArrayUnaccessData
VariantInit
GetErrorInfo
SysAllocStringLen
VariantClear
SysAllocString
SafeArrayDestroy
SysFreeString
VariantChangeType

shlwapi

PathFindFileNameW
PathRemoveBackslashW
PathMatchSpecW
PathIsRelativeW
PathRenameExtensionW
PathRelativePathToW

advapi32

CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash

shell32

SHFileOperationW

Exports

Exports

DllCanUnloadNow
SFDBP_MSA_RegisterFactories
SFDBP_MSA_UnregisterFactories

Sections

.text
Size: 908KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c80c56f7ce36cb5f1914e99626b1df74

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 908KB - Virtual size: 906KB

.rdata Size: 152KB - Virtual size: 148KB

.data Size: 92KB - Virtual size: 108KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 72KB - Virtual size: 70KB

.text
Size: 908KB - Virtual size: 906KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 92KB - Virtual size: 108KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 72KB - Virtual size: 70KB