a9715ca8485f3139e1d1af5aa329970945668bd32b81c3380ea475747841796d

Sharing

Copy URL Twitter E-mail

General

Target

a9715ca8485f3139e1d1af5aa329970945668bd32b81c3380ea475747841796d
Size

610KB
MD5

a6eb816470cec6f27a2da6ae9c2ea379
SHA1

7889b1fea009a051d2fbdbcff34dcddc6c1597ff
SHA256

a9715ca8485f3139e1d1af5aa329970945668bd32b81c3380ea475747841796d
SHA512

41cb62912c8bd0bb99a6f9c7e88694a46d31979a45d637cdd7aa301a8681c738b1ee89ccdb4d1df97cca80fbe6e3c071143281e1ee61d3d0d9ac547205bfd76e
SSDEEP

12288:Koe2SPZRbfDC7JkhIJRAVS3YGlMNlsNTvK+EY0a9:+D6khIJRlYpNlsNTvKda9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9715ca8485f3139e1d1af5aa329970945668bd32b81c3380ea475747841796d

Files

a9715ca8485f3139e1d1af5aa329970945668bd32b81c3380ea475747841796d
.dll windows:5 windows x86 arch:x86

18e48213445e3ee5db03c40151c3640f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathIsDirectoryW
PathAppendW

shell32

SHGetSpecialFolderPathW

rpcrt4

UuidToStringW
UuidCreate

comctl32

ord17

gdiplus

GdipSaveImageToFile
GdipFree
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipDrawImageRectRectI
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdiplusStartup
GdipGetImageWidth
GdipImageRotateFlip
GdipCloneImage
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageEncoders
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipGetImageVerticalResolution
GdipLoadImageFromFile
GdiplusShutdown

kernel32

SetLastError
lstrlenA
WideCharToMultiByte
GetACP
MultiByteToWideChar
GetLocaleInfoA
GetLastError
GetPrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
WritePrivateProfileStringW
GetWindowsDirectoryW
DeleteFileW
InitializeCriticalSection
DeleteCriticalSection
WriteFile
LoadLibraryW
Sleep
CreateFileW
GetTempPathW
GetProcAddress
CloseHandle
CreateThread
CreateDirectoryW
InterlockedDecrement
ExpandEnvironmentStringsA
GetModuleFileNameA
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetFilePointer
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetModuleHandleW
HeapAlloc
HeapFree
DecodePointer
EncodePointer
InterlockedExchange
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
SetEndOfFile
GetProcessHeap
LocalFree
LoadLibraryA
ReadFile

user32

EnableWindow
SetWindowTextW
UpdateWindow
SendMessageW
GetDlgItemTextW
MessageBoxW
PostMessageW
SetTimer
DestroyWindow
SetCursor
TrackPopupMenu
SetCapture
GetSubMenu
LoadCursorW
GetDC
GetWindowPlacement
LoadMenuW
ReleaseDC
SetWindowLongW
GetSysColor
GetActiveWindow
ReleaseCapture
DestroyMenu
SetScrollInfo
CheckMenuItem
LoadImageW
GetKeyState
IsWindowEnabled
GetClientRect
IsDlgButtonChecked
CreateDialogParamW
CreateWindowExW
MapWindowPoints
wsprintfA
SetDlgItemTextW
ScreenToClient
GetWindowRect
ShowWindow
MoveWindow
DialogBoxParamW
SetFocus
wsprintfW
GetDlgItem
EndDialog
SendDlgItemMessageW
LoadStringW

gdi32

SelectObject
DeleteObject
GetStockObject
SetROP2
CreatePen
Rectangle

advapi32

CryptDestroyKey
CryptCreateHash
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptHashData
CryptDestroyHash
CryptAcquireContextW
CryptDecrypt
CryptReleaseContext
CryptDeriveKey

ole32

OleRun
CoInitialize
CLSIDFromProgID
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringByteLen
VariantInit
VariantChangeType
SysFreeString
SysStringByteLen
GetErrorInfo
SysAllocString
VariantClear
SysStringLen

Exports

Exports

KMSCNTOOLCancel
KMSCNTOOLExit
KMSCNTOOLInit
KMSCNTOOLStart
XMLSCNLST_Close
XMLSCNLST_Open
XMLSCNLST_Read
XMLSCN_Add
XMLSCN_Close
XMLSCN_Delete
XMLSCN_GetSize
XMLSCN_Open
XMLSCN_Read
XMLSCN_ReadSet
XMLSCN_Save
XMLSCN_Update
XMLSCN_UpdateSet

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18e48213445e3ee5db03c40151c3640f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

shell32

rpcrt4

comctl32

gdiplus

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 362KB - Virtual size: 361KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 154KB - Virtual size: 153KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 362KB - Virtual size: 361KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 22KB - Virtual size: 22KB