90cef2455b734218be2a81f6be09d962dc2c8f469e2b2cc92d979fc138da3a5c

Sharing

Copy URL Twitter E-mail

General

Target

90cef2455b734218be2a81f6be09d962dc2c8f469e2b2cc92d979fc138da3a5c
Size

2.7MB
MD5

ee93ff425609e9e5e16b68d496fa39a4
SHA1

410e17dfdc82e1fb783cd29de2b4c9043dc276d7
SHA256

90cef2455b734218be2a81f6be09d962dc2c8f469e2b2cc92d979fc138da3a5c
SHA512

fc70c3b7c2169ee29e0889fb3742766cd2b832a32a86e7fcf78e22703b5ee90cccd8f2073adbf9b4c0013183c7483bf4b8c16efedc4956262a75e8c1f2540266
SSDEEP

49152:2K71pPUmpqGmpcyRNEW1y9ZihkrsccJvj2twFS:2K7/ZpmVKbGvqS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90cef2455b734218be2a81f6be09d962dc2c8f469e2b2cc92d979fc138da3a5c

Files

90cef2455b734218be2a81f6be09d962dc2c8f469e2b2cc92d979fc138da3a5c
.dll windows:6 windows x86 arch:x86

fe085eaac6f2d06ab5a102a3d3888644

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

ws2_32

getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
inet_ntoa
gethostbyname
WSAStartup
WSACleanup
gethostname

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
CreateMutexA
Sleep
CloseHandle
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
TerminateProcess
GetCurrentThread
ReadProcessMemory
GetThreadContext
SetThreadContext
ReleaseMutex
WaitForSingleObject
GetNativeSystemInfo
GetModuleHandleA
GetComputerNameA
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
WideCharToMultiByte
InitializeCriticalSection
IsWow64Process
SleepEx
LoadLibraryW
GetSystemDirectoryW
GetLastError
SetLastError
FormatMessageW
MultiByteToWideChar
MoveFileExW
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoW
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetFileAttributesExW
CreateFileW
FindClose
GetCurrentProcess
VirtualFreeEx
VirtualAllocEx
DeleteFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetSystemInfo
WriteConsoleW
GetStringTypeW
GetTimeZoneInformation
SetEnvironmentVariableA
HeapReAlloc
GetModuleHandleW
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentDirectoryW
GetFullPathNameW
SetEndOfFile
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetModuleFileNameW
WriteFile
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
LoadLibraryExW
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RtlUnwind

user32

GetWindowThreadProcessId
FindWindowExA
FindWindowA
SendMessageW
MessageBoxA

advapi32

RegOpenKeyA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ntdll

RtlInitUnicodeString
NtMapViewOfSection
NtCreateSection
NtCreateFile
NtClose
NtUnmapViewOfSection
RtlCompareString
NtQuerySystemInformation
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitAnsiString

wldap32

ord301
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27
ord167
ord142
ord79
ord133
ord147
ord127

Exports

Exports

jklsdhjfioshfjisfjjsdlfj

Sections

.text
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g|W
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe085eaac6f2d06ab5a102a3d3888644

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

advapi32

ntdll

wldap32

Exports

Exports

Sections

.text Size: 480KB - Virtual size: 480KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 32KB - Virtual size: 32KB

.g|W Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 20KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 480KB - Virtual size: 480KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 32KB - Virtual size: 32KB

.g|W
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 4KB