5c48d32894101f72fc7aafa51ac2bcd5a14e67f6d154cb03e0e05237d46dc774

Sharing

Copy URL Twitter E-mail

General

Target

5c48d32894101f72fc7aafa51ac2bcd5a14e67f6d154cb03e0e05237d46dc774
Size

4.4MB
MD5

4f7190b10c63826b18f1c71d3478b0ad
SHA1

fc150e75e446901f26881ee64765381aae673a67
SHA256

5c48d32894101f72fc7aafa51ac2bcd5a14e67f6d154cb03e0e05237d46dc774
SHA512

8c64527d68d9736f60b71fa9a9b54e9d92a7c0df6e05b4720c34b14427615c077ed5e27ce5a9a12cbbc1bac721181596c3a09d2ab0beaa136c8d152db561ca22
SSDEEP

49152:OdKTZLQRWeRLHeiyw4alY1rXoAQimndxrgr/5CPIxJQyENjFOC9TgxgcQbIz0FOZ:bQRWeRL+NfyyclUB2UU0a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c48d32894101f72fc7aafa51ac2bcd5a14e67f6d154cb03e0e05237d46dc774

Files

5c48d32894101f72fc7aafa51ac2bcd5a14e67f6d154cb03e0e05237d46dc774
.dll windows:6 windows x64 arch:x64

088dde3e6c939e10ad6e2fb44d4847eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageW
GetLastError
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
GetNativeSystemInfo
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
LocalFree
ReplaceFileW
ExitProcess
GetModuleHandleW
FreeLibrary
CopyFileW
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
EnterCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
Sleep
CreateEventW
GetLogicalDriveStringsW
DisconnectNamedPipe
GetModuleHandleA
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
MultiByteToWideChar
DeleteCriticalSection
WideCharToMultiByte
IsDebuggerPresent
CreateDirectoryW
SetThreadAffinityMask
ReadFile
GetVolumeInformationW
CancelIo
FindFirstFileW
SetPriorityClass
FindNextFileW
GetCurrentProcess
WriteFile
GetModuleHandleExW
TerminateProcess
RemoveDirectoryW
TryEnterCriticalSection
GetModuleFileNameW
WaitForMultipleObjects
SetThreadPriority
SetFilePointer
SetEndOfFile
GetTempPathW
CreateMutexW
FindClose
WaitForSingleObject
CreateFileW
GetFileAttributesW
ReleaseMutex
GetSystemDirectoryW
ResumeThread
UnmapViewOfFile

user32

SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
PostMessageW
AttachThreadInput
GetWindowThreadProcessId
ReleaseDC
GetDC
GetWindowTextW
TranslateMessage
SetFocus
GetMessagePos
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
GetWindowLongW
MapVirtualKeyW
GetWindowRect
IsWindowVisible
SetWindowPos
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
MoveWindow
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
IsWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
DestroyIcon
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
MapWindowPoints
TrackMouseEvent
GetForegroundWindow
GetMessageTime
SetLayeredWindowAttributes
BringWindowToTop
GetClipboardData
LoadIconW
LoadCursorW
DestroyCaret
SetCapture
SetClipboardData
ToUnicode
SetCursor
SetWindowLongW
GetClientRect
UpdateLayeredWindow
DrawIconEx
ShowCaret
GetDesktopWindow
EnableMenuItem
SystemParametersInfoW
GetParent
ReleaseCapture
InvalidateRect
GetAncestor
SetCursorPos
GetCursorPos
BeginPaint
EndPaint
GetMessageW
DefWindowProcW
SendMessageTimeoutW
GetFocus
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
UnregisterClassW
GetWindowLongPtrW
CallWindowProcW
EnumWindows
PeekMessageW
DispatchMessageW
GetWindowPlacement
RegisterClassExW

gdi32

ExcludeClipRect
RestoreDC
CreateBitmap
CombineRgn
SelectObject
CreateRectRgnIndirect
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
GetRegionData
GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW
StretchDIBits
CreateDIBSection
SaveDC
GetObjectW
SetMapperFlags
CreateRectRgn
GetKerningPairsW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

MapGenericMask
AccessCheck
GetNamedSecurityInfoW
OpenProcessToken
DuplicateToken

shell32

ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW
SHCreateShellItem
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetKnownFolderPath
SHParseDisplayName
SHGetPathFromIDListW
Shell_NotifyIconW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoInitialize
DoDragDrop
RevokeDragDrop
OleSetContainedObject
OleCreate
OleInitialize
OleUninitialize
RegisterDragDrop
CoCreateInstance
CoTaskMemFree
CoCreateGuid

oleaut32

SafeArrayAccessData
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
SysAllocString
SafeArrayUnaccessData

msvcp140

_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?classic@locale@std@@SAAEBV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
_Cnd_init_in_situ
_Mtx_current_owns
_Cnd_signal
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_wait
_Query_perf_counter
_Xtime_get_ticks
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Mtx_init_in_situ

wininet

InternetReadFile
InternetSetOptionW
InternetConnectW
InternetCrackUrlW
HttpSendRequestExW
HttpEndRequestW
HttpOpenRequestW
InternetWriteFile
FtpOpenFileW
InternetCloseHandle
InternetSetFilePointer
HttpQueryInfoW
InternetOpenW

ws2_32

getsockopt
htonl
htons
recv
__WSAFDIsSet
accept
inet_ntoa
sendto
setsockopt
ioctlsocket
bind
closesocket
select
getaddrinfo
WSAStartup
inet_addr
send
freeaddrinfo

shlwapi

PathStripToRootW

winmm

timeGetTime
timeBeginPeriod

imm32

ImmNotifyIME
ImmAssociateContextEx
ImmSetCandidateWindow
ImmAssociateContext
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

dxgi

CreateDXGIFactory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_compare
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
longjmp
__RTtypeid
strchr
__current_exception
__RTDynamicCast
memchr
memcmp
memcpy
memmove
__intrinsic_setjmp
__current_exception_context
__C_specific_handler
__std_type_info_destroy_list
_CxxThrowException
memset

api-ms-win-crt-stdio-l1-1-0

freopen_s
__acrt_iob_func
_fileno
__stdio_common_vfprintf
fflush
fwrite
__stdio_common_vsscanf
fseek
ftell
__stdio_common_vswprintf
__stdio_common_vswscanf
fclose
fread

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

iswspace
strcmp
iswdigit
iswalpha
iswupper
iswalnum
towlower
iswlower
towupper
strncmp

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
exit
_fpreset
_endthreadex
_invalid_parameter_noinfo_noreturn
_errno
_initterm_e
_initterm
_cexit
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-math-l1-1-0

expf
exp
cosf
cos
ceilf
ceil
atanf
floorf
atan2f
atan2
fmod
_hypotf
log
asinhf
_hypot
_fdclass
powf
sin
sinf
_finite
sinhf
log10f
pow
sqrt
sqrtf
tan
log2
tanf
acos
logf
round
lround
frexp
tanhf
floor
ldexp
truncf

api-ms-win-crt-time-l1-1-0

_localtime64_s
wcsftime
_ftime64_s

api-ms-win-crt-convert-l1-1-0

_atoi64
atoi
strtod
_strtod_l

api-ms-win-crt-locale-l1-1-0

_create_locale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

ExitDll
GetPluginFactory
InitDll

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

088dde3e6c939e10ad6e2fb44d4847eb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp140

wininet

ws2_32

shlwapi

winmm

imm32

dxgi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 93KB - Virtual size: 98KB

.pdata Size: 141KB - Virtual size: 140KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 93KB - Virtual size: 98KB

.pdata
Size: 141KB - Virtual size: 140KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 39KB