03199ab6f6706d1dbc9e0bc5218024148c2de9a818d20595d59d6a7ae9de2537

Sharing

Copy URL Twitter E-mail

General

Target

03199ab6f6706d1dbc9e0bc5218024148c2de9a818d20595d59d6a7ae9de2537
Size

216KB
MD5

6cff1cd6129343b4c30a0dd59775009e
SHA1

fd75f040314859d4b93270161b165f218f183503
SHA256

03199ab6f6706d1dbc9e0bc5218024148c2de9a818d20595d59d6a7ae9de2537
SHA512

c5a08d24374ff133b6af79ff2137f04c59dcc98eec61b3af643408891c462d5d52c8e7b683ba96e734c405944a9b1f0ed4791bd38b565b825430c503c7df725a
SSDEEP

3072:XzRk6ZvS0KFKAakQXMVRAgGIMh+3ImL2lQBV+UdE+rECWp7hK8yQR:jC6o0pAavXMVfGIcqBV+UdvrEFp7hK8f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03199ab6f6706d1dbc9e0bc5218024148c2de9a818d20595d59d6a7ae9de2537

Files

03199ab6f6706d1dbc9e0bc5218024148c2de9a818d20595d59d6a7ae9de2537
.dll windows:5 windows x86 arch:x86

9ade5c162491aa66e606d88ce5db11b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\workspace\WinToHDD\Output\Win32\Release\intl.pdb

Imports

kernel32

EnumResourceLanguagesW
GetThreadLocale
GetProcAddress
GetLastError
GetLocaleInfoA
GetACP
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
HeapReAlloc
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetCPInfo
WideCharToMultiByte
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
SetHandleCount
GetStartupInfoA
RtlUnwind
CloseHandle
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
SetFilePointer
ReadFile
CreateFileA
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
SetEndOfFile
GetProcessHeap
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
GetModuleHandleA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

_nl_expand_alias
_nl_msg_cat_cntr
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_ngettext
libintl_printf
libintl_set_relocation_prefix
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_version
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
ngettext
textdomain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ade5c162491aa66e606d88ce5db11b9

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 111KB - Virtual size: 110KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB