b61b29c1ff1abc9c810fafe462427085159036f6997b2cd2e545f4364b35cfff

Sharing

Copy URL Twitter E-mail

General

Target

b61b29c1ff1abc9c810fafe462427085159036f6997b2cd2e545f4364b35cfff
Size

328KB
MD5

b47f2168a912fa198062a4532bdd3fff
SHA1

64bb3eb1460ad25cdd517db71deb0681446bdccf
SHA256

b61b29c1ff1abc9c810fafe462427085159036f6997b2cd2e545f4364b35cfff
SHA512

abe3df26e5ccb282db0308aace075fdb3700e510a4b5c84d7c185abe0e34f7f467137d532023162fca6c3caffe66bd24bf1a12e012c487b10b56cffc65e360f6
SSDEEP

6144:nPLaCTut88PPXCN1kWGYnQX+8ZXV2ZIfyCe4J:n2CTIPPXktAXtVeG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b61b29c1ff1abc9c810fafe462427085159036f6997b2cd2e545f4364b35cfff

Files

b61b29c1ff1abc9c810fafe462427085159036f6997b2cd2e545f4364b35cfff
.dll windows:4 windows x86 arch:x86

177f31417ec6493b2a67308074591f07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDriveTypeA
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
IsBadWritePtr
QueryPerformanceCounter
GetSystemTime
CloseHandle
CreateFileA
GetVersionExA
GetLastError
DeviceIoControl
IsBadReadPtr
Sleep
SetEvent
GetVersion
lstrcmpiA
GlobalFree
ResetEvent
WaitForSingleObject
GlobalAlloc
CreateEventA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
FlushViewOfFile
WideCharToMultiByte
CreateMutexA
ReleaseMutex
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
GetFileSize
GetTempPathA
UnmapViewOfFile
DefineDosDeviceA
QueryDosDeviceA
GetTimeZoneInformation
GetLocalTime
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
InterlockedDecrement
InterlockedIncrement
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetCurrentProcessId
HeapReAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
ExitProcess
VirtualAlloc
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
LCMapStringA
LCMapStringW
ReadFile
SetFilePointer
GetFullPathNameW
GetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetUnhandledExceptionFilter
IsBadCodePtr
FlushFileBuffers
SetStdHandle
GetCurrentDirectoryW
GetTickCount

advapi32

RegEnumKeyExA
InitializeSecurityDescriptor
RegQueryValueExA
RegCreateKeyExA
GetUserNameA
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA

shapeshifter

ord5
ord1

sscompact

SSDeleteEnvironment
SSCompact
SSGetEnvironment

wsock32

getsockname
send
connect
WSAGetLastError
recv
closesocket
setsockopt
bind
WSAStartup

user32

GetSystemMetrics

Exports

Exports

?CheckTrial@@YAXXZ
?GetRegistrationInformation@@YGXPAD@Z
?SetRegistrationKey@@YGPADXZ
DeleteSSEnvironment
DumpSS
DumpSSMOS
GetSSEnvironment
ShapeShifter
ShapeShifterMOS

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

177f31417ec6493b2a67308074591f07

Headers

File Characteristics

Imports

kernel32

advapi32

shapeshifter

sscompact

wsock32

user32

Exports

Exports

Sections

.text Size: 264KB - Virtual size: 262KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 36KB - Virtual size: 40KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 264KB - Virtual size: 262KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 36KB - Virtual size: 40KB

.reloc
Size: 16KB - Virtual size: 14KB