e6d93eb5a2237b5804aa56fb3b547c108edd192401f7189b2ada88c010ccc001

Sharing

Copy URL Twitter E-mail

General

Target

e6d93eb5a2237b5804aa56fb3b547c108edd192401f7189b2ada88c010ccc001
Size

2.7MB
MD5

0c168ae34c469ed4e8941b5f98b03336
SHA1

32ef44a537d5a1a047760bc80e8b80e53516f695
SHA256

e6d93eb5a2237b5804aa56fb3b547c108edd192401f7189b2ada88c010ccc001
SHA512

e2ef6a8eaad55850d9ca630346644128a6a0a1d0bdcb9493e41d467f8979ec8ceb1ea04de76a4814ed74e041f28df1e6e6028580ac1aed301644b15430c8e96e
SSDEEP

24576:7AkehUbPo92Qr4dykZVuIIGmpHMPY76ZnPjf7zi9mX2waud6Uq8OG7d:7eSD63pGZ7W9+t5aG7d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6d93eb5a2237b5804aa56fb3b547c108edd192401f7189b2ada88c010ccc001

Files

e6d93eb5a2237b5804aa56fb3b547c108edd192401f7189b2ada88c010ccc001
.dll windows:4 windows x86 arch:x86

c80c56f7ce36cb5f1914e99626b1df74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
lstrlenW
InterlockedDecrement
LocalFree
WideCharToMultiByte
lstrcpynA
lstrlenA
MultiByteToWideChar
lstrcmpiW
GetUserDefaultLCID
MoveFileW
DeleteFileW
CloseHandle
lstrcpynW
CreateFileW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
WriteFile
LockResource
LoadResource
GetModuleHandleW
FindResourceW
SizeofResource
GetLastError
GetSystemDefaultLCID
GetFileSize
lstrcmpW
SetEnvironmentVariableA
GetLocaleInfoW
SetConsoleCtrlHandler
LoadLibraryA
GetOEMCP
GetACP
SetStdHandle
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
GetProcAddress
HeapCreate
OutputDebugStringA
lstrcpyA
OutputDebugStringW
GetLocalTime
GetTickCount
Sleep
SetFilePointer
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileAttributesW
SetLastError
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
CompareFileTime
GetFileTime
GetFullPathNameW
SetFileTime
GetTempFileNameW
GetTempPathW
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
RaiseException
GetCommandLineA
GetVersion
ExitProcess
FatalAppExitA
GetCPInfo
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
HeapSize
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA

user32

MessageBoxW
MessageBoxA
wsprintfW
LoadStringW
GetActiveWindow
wsprintfA

ole32

CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CreateBindCtx
CreateFileMoniker
CLSIDFromProgID
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
ProgIDFromCLSID

oleaut32

SysStringLen
VariantCopy
LoadTypeLibEx
CreateErrorInfo
SetErrorInfo
SafeArrayCreate
SafeArrayAccessData
SysStringByteLen
SysAllocStringByteLen
SafeArrayUnaccessData
VariantInit
GetErrorInfo
SysAllocStringLen
VariantClear
SysAllocString
SafeArrayDestroy
SysFreeString
VariantChangeType

shlwapi

PathFindFileNameW
PathRemoveBackslashW
PathMatchSpecW
PathIsRelativeW
PathRenameExtensionW
PathRelativePathToW

advapi32

CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash

shell32

SHFileOperationW

Exports

Exports

DllCanUnloadNow
SFDBP_MSA_RegisterFactories
SFDBP_MSA_UnregisterFactories

Sections

.text
Size: 908KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c80c56f7ce36cb5f1914e99626b1df74

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 908KB - Virtual size: 906KB

.rdata Size: 152KB - Virtual size: 148KB

.data Size: 92KB - Virtual size: 108KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 72KB - Virtual size: 70KB

.text
Size: 908KB - Virtual size: 906KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 92KB - Virtual size: 108KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 72KB - Virtual size: 70KB