78f5b6e2275be8e3765ac4f6fd6b96e19d1a67d319e6743cf75edb07f199f3f2

Sharing

Copy URL Twitter E-mail

General

Target

78f5b6e2275be8e3765ac4f6fd6b96e19d1a67d319e6743cf75edb07f199f3f2
Size

432KB
MD5

f6f8e40818b752993f8008892f8b8478
SHA1

93a1a958f54a0fcd94f6b0452f42b78224f7434e
SHA256

78f5b6e2275be8e3765ac4f6fd6b96e19d1a67d319e6743cf75edb07f199f3f2
SHA512

479f56c77c6805a4734f14361f2e26ba579e4757d4fd06eb321f70d2efa5171038d13e1f5e7ed49f4152ba50bd38d5e2e41702e09777b085c83b2685274f7cbb
SSDEEP

12288:jfQGvbbHYABGd56lDy6gfQGvbbHYABGd56lDy6X04F4:j3Kd56ljg3Kd56ljj4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78f5b6e2275be8e3765ac4f6fd6b96e19d1a67d319e6743cf75edb07f199f3f2

Files

78f5b6e2275be8e3765ac4f6fd6b96e19d1a67d319e6743cf75edb07f199f3f2
.dll windows:5 windows x86 arch:x86

4aef5265c05078cdbae7c1470119739a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\MdLabel.pdb

Imports

kernel32

SizeofResource
GetExitCodeProcess
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
lstrlenW
RaiseException
GetPrivateProfileIntW
GetLastError
GetProcAddress
MoveFileW
GetLocalTime
Process32FirstW
LockResource
CreateEventW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
SetFileAttributesW
ExpandEnvironmentStringsW
ReadFile
FindResourceExW
SetLastError
Sleep
FlushFileBuffers
DeviceIoControl
GetVersionExW
CreateFileA
LoadLibraryW
FreeLibrary
WritePrivateProfileStringW
OpenProcess
LoadLibraryA
GetVersion
TerminateProcess
InitializeCriticalSection
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
CompareStringA
WideCharToMultiByte
WriteFile
GetPrivateProfileStringW
GetTickCount
GetModuleHandleW
OutputDebugStringW
WaitForSingleObject
GetCurrentProcess
LoadResource
FindResourceW
lstrlenA
FreeResource
SetFilePointer
GetFileSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetModuleHandleA
LCMapStringA
GetConsoleMode
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
GetTimeZoneInformation
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

CharUpperA
SendMessageW
FindWindowW
CharUpperW
IsWindow

advapi32

SetTokenInformation
GetTokenInformation
CreateProcessAsUserW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegOpenCurrentUser
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExW
AllocateAndInitializeSid

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

SafeArrayDestroy
SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
VarBstrCat
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement

wininet

InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetAttemptConnect
InternetConnectW
InternetSetOptionW
InternetCrackUrlW
InternetOpenW
HttpQueryInfoW
InternetSetOptionA

rpcrt4

UuidCreate

Exports

Exports

StartTask

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aef5265c05078cdbae7c1470119739a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

rpcrt4

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 10KB - Virtual size: 10KB