122f13fcffd3a8747c05829fa21c72dbda254412d88e43625906915f1b9ef4cb[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

122f13fcffd3a8747c05829fa21c72dbda254412d88e43625906915f1b9ef4cb.dll
Size

24.5MB
MD5

e6a1b79aceb1a98016c6edcf8f3d0a65
SHA1

bddca6de5c54d2c38d78a102c05fd3bc89c7adf1
SHA256

122f13fcffd3a8747c05829fa21c72dbda254412d88e43625906915f1b9ef4cb
SHA512

ad7c62e12a6727b6327248f1d2d12b074269e72d249f52b5bc7991156c0f7f9882c911011a13a54ae501c68d5d378c182fa84c97d28c391fb2da3f56774a7d2d
SSDEEP

786432:BIIIIIIIvIIIIIII8ycgIs9wRX+LwtJ0a+XOU094IdJ3ar1KlcWuVy:BIIIIIIIvIIIIIII8ygxcO0acOUWdFam

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
122f13fcffd3a8747c05829fa21c72dbda254412d88e43625906915f1b9ef4cb.dll

Files

122f13fcffd3a8747c05829fa21c72dbda254412d88e43625906915f1b9ef4cb.dll
.dll windows:5 windows x86 arch:x86

d3d94942f471f61f358133e947c37a92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

clusapi

OpenCluster
ClusterOpenEnum
ClusterEnum
OpenClusterGroup
ClusterGroupOpenEnum
ClusterGroupEnum
OpenClusterResource
CloseClusterResource
CloseClusterGroup
ClusterCloseEnum
ClusterResourceControl

wsock32

WSAStartup
gethostname
gethostbyname
send
socket
ioctlsocket
htons
connect
closesocket

resutils

ResUtilFindExpandSzProperty

kernel32

HeapReAlloc
DeleteFileA
GetVersionExW
GetWindowsDirectoryA
CreateFileA
WriteFile
HeapAlloc
GetVersionExA
LoadLibraryA
CreateMutexA
CreateEventA
ReleaseMutex
CreateEventW
SetEvent
ResetEvent
GetWindowsDirectoryW
GetTempFileNameW
GetCurrentThread
GetCurrentProcess
GlobalAlloc
GlobalFree
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringA
VirtualQuery
GetCurrentProcessId
GetTickCount
VirtualFree
HeapDestroy
LocalAlloc
GetPrivateProfileStringW
CloseHandle
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
WaitForSingleObject
CreateFileW
GetFileSize
ReadFile
SetFilePointer
lstrlenW
lstrcpyW
DeleteFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcessHeap
HeapFree
LocalFree
OutputDebugStringW
GetLocalTime
GetCurrentThreadId
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetEndOfFile
GetLocaleInfoA
RtlUnwind
GetSystemTimeAsFileTime
WideCharToMultiByte
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
Sleep
ExitProcess
GetModuleFileNameA
GetModuleHandleA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate

user32

MessageBoxW

gdi32

GetTextMetricsW
StartDocW
StartPage
EndPage
TextOutA
EndDoc
AbortDoc
CreateDCW
GetDeviceCaps
CreateDIBSection
SetStretchBltMode
StretchDIBits
GetDIBits
GdiPlayEMF
CreateCompatibleDC
DeleteDC
CreateFontIndirectW
DeleteObject
SelectObject
GetFontData
GetTextFaceW
CancelDC

winspool.drv

GetPrinterW
OpenPrinterW
WritePrinter
GetJobW
ReadPrinter
GetPrinterDataW
XcvDataW
EndDocPrinter
StartDocPrinterW
ClosePrinter
SetJobW

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegisterEventSourceA
ReportEventA
SetThreadToken
RegSetValueExA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegCreateKeyExA
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
SetNamedSecurityInfoW
GetTokenInformation
ImpersonateLoggedOnUser
OpenThreadToken
OpenProcessToken
RevertToSelf
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
FreeSid
LookupAccountNameW
SetEntriesInAclW
RegCreateKeyW
RegSetValueExW
CryptGetHashParam

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
InstallPrintProcessor
OpenPrintProcessor
PrintDocumentOnPrintProcessor

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3d94942f471f61f358133e947c37a92

Headers

File Characteristics

Imports

clusapi

wsock32

resutils

kernel32

user32

gdi32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 337KB - Virtual size: 337KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 17KB - Virtual size: 16KB

.edata Size: 68KB - Virtual size: 67KB

.text
Size: 337KB - Virtual size: 337KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 17KB - Virtual size: 16KB

.edata
Size: 68KB - Virtual size: 67KB