f794dd23878fbae2472178d00867302be69df5e5986f2f3991c4a15150a339b5

Sharing

Copy URL Twitter E-mail

General

Target

f794dd23878fbae2472178d00867302be69df5e5986f2f3991c4a15150a339b5
Size

14.6MB
MD5

695809c7c8072186396d78c3d823b10d
SHA1

b8a1aa709eb25864ca9e4eeb3d2d229566cbfe8b
SHA256

f794dd23878fbae2472178d00867302be69df5e5986f2f3991c4a15150a339b5
SHA512

2a4db3df0978eb920fdfed609f8f5d727225714916dbe8d7755681c9f4be68dff42c6787d86fb68713cd19d4b80f755119bd7b1fd7bbef8b6997ef6741d05e1c
SSDEEP

393216:Xx1zTpM/vmwvxgexmR4RZ9H77lFccZXo6mBu:u/+wvxhxnJHXlFccZYVU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f794dd23878fbae2472178d00867302be69df5e5986f2f3991c4a15150a339b5

Files

f794dd23878fbae2472178d00867302be69df5e5986f2f3991c4a15150a339b5
.dll windows:6 windows x64 arch:x64

fbf43a5dc52f24384882367ec449eb99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Process32NextW
Process32FirstW
CloseHandle
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetDriveTypeA
SetFileTime
FindClose
CreateFileW
GetFileAttributesW
GetCurrentDirectoryW
GetFileSize
GetFileTime
RemoveDirectoryW
FileTimeToSystemTime
CopyFileW
SystemTimeToTzSpecificLocalTime
MoveFileW
ReadFile
WriteProcessMemory
SetHandleInformation
lstrlenW
TerminateProcess
K32GetModuleFileNameExW
CreatePipe
WaitForSingleObject
LocalAlloc
GetLogicalDrives
GetModuleHandleA
OpenProcess
LoadLibraryA
GlobalAlloc
GlobalFree
VirtualAllocEx
LocalFree
ReadProcessMemory
GetCurrentProcessId
VirtualFreeEx
lstrcmpW
GetProcessTimes
CreateToolhelp32Snapshot
GetNativeSystemInfo
IsWow64Process
lstrcatW
lstrcpyW
WriteFile
GetConsoleWindow
AllocConsole
FreeConsole
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
CreateProcessW
Sleep
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
VirtualProtect
GetTickCount
WideCharToMultiByte
SetEndOfFile
WriteConsoleW
HeapSize
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
FlushFileBuffers
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
HeapAlloc
HeapFree
GetModuleFileNameW
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
GetLastError
SetLastError
MultiByteToWideChar
GetTempPathW
SetErrorMode
SetCurrentDirectoryW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetFilePointerEx
GetFileSizeEx
SetFileAttributesW
GetFileAttributesExW
MoveFileExW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiberEx
ConvertFiberToThread
GetModuleHandleW
GetFileType
GetStdHandle
GetACP
GetEnvironmentVariableW
GetSystemTimeAsFileTime
QueryPerformanceCounter
FormatMessageA
GetSystemDirectoryA
CreateFiberEx
DeleteFiber
SwitchToFiber
GetSystemTime
SystemTimeToFileTime
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
GetVersionExW
GetVersionExA
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetSystemTimeAsFileTime
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
GetVersion

user32

GetUserObjectInformationW
MessageBoxW
ShowWindow
GetProcessWindowStation
GetSystemMetrics
CharUpperBuffW

advapi32

GetSecurityInfo
RegisterEventSourceW
DeregisterEventSource
GetUserNameW
RegisterServiceCtrlHandlerW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SetServiceStatus
LogonUserW
OpenProcessToken
CreateProcessAsUserW
LookupAccountSidW
GetTokenInformation
ReportEventW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear

ws2_32

gethostbyaddr
WSAGetLastError
WSASetLastError
getnameinfo
htonl
inet_ntop
ioctlsocket
ntohl
inet_ntoa
getsockname
getsockopt
recvfrom
sendto
accept
__WSAFDIsSet
bind
closesocket
gethostbyname
select
listen
inet_addr
send
socket
connect
gethostname
recv
htons
setsockopt
WSAStartup
WSACleanup
shutdown
getservbyport
ntohs
getservbyname

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

iphlpapi

GetExtendedUdpTable
SendARP
GetNetworkParams
GetExtendedTcpTable
GetAdaptersAddresses

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

mpr

WNetOpenEnumW
WNetCancelConnection2W
WNetCloseEnum
WNetAddConnection2W
WNetEnumResourceW

netapi32

NetUseAdd
NetUseEnum
NetApiBufferFree
NetUseDel

bcrypt

BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptDeriveKeyPBKDF2
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey

Exports

Exports

AsyncLoadDB
ServiceMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 764KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.7%4
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.#px
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.)j=
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 216B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fbf43a5dc52f24384882367ec449eb99

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

wtsapi32

iphlpapi

userenv

mpr

netapi32

bcrypt

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 764KB - Virtual size: 764KB

.data Size: 100KB - Virtual size: 100KB

.pdata Size: 124KB - Virtual size: 124KB

_RDATA Size: 4KB - Virtual size: 4KB

.7%4 Size: 4.0MB - Virtual size: 4.0MB

.#px Size: 4KB - Virtual size: 4KB

.)j= Size: 7.6MB - Virtual size: 7.6MB

.reloc Size: 216B - Virtual size: 216B

.l1 Size: 17KB - Virtual size: 17KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 764KB - Virtual size: 764KB

.data
Size: 100KB - Virtual size: 100KB

.pdata
Size: 124KB - Virtual size: 124KB

_RDATA
Size: 4KB - Virtual size: 4KB

.7%4
Size: 4.0MB - Virtual size: 4.0MB

.#px
Size: 4KB - Virtual size: 4KB

.)j=
Size: 7.6MB - Virtual size: 7.6MB

.reloc
Size: 216B - Virtual size: 216B

.l1
Size: 17KB - Virtual size: 17KB