1b357efafbcf7d0fc7a94b81654982024255a38d9922a0ce2434b7e0e6287796

Sharing

Copy URL

Twitter E-mail

General

Target

1b357efafbcf7d0fc7a94b81654982024255a38d9922a0ce2434b7e0e6287796
Size

3.5MB
MD5

2d397a2ca2d3bfc9c7a509d04376547b
SHA1

b06110e0feb7592872e380b7e3b8f77d80dd1108
SHA256

1b357efafbcf7d0fc7a94b81654982024255a38d9922a0ce2434b7e0e6287796
SHA512

5fc95606228ef1eadd61b33755f71005dead7c6246b7661d88108c7853c41633b1efca9fbbbb95cf16703300db75363bef700abcc882c37374cc08d109ef31fd
SSDEEP

49152:1lqPEHmICDnMy1xuy+L+nWYmGzYbgbCN2zwRDVIj1d9PTZHIPI:1XrZanWYmG0hE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b357efafbcf7d0fc7a94b81654982024255a38d9922a0ce2434b7e0e6287796

Files

1b357efafbcf7d0fc7a94b81654982024255a38d9922a0ce2434b7e0e6287796
.dll windows:4 windows x64 arch:x64

9270c6df436a72d8a31a1924e93468e8

Headers

File Characteristics

IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExW
RegSetValueExW
DecryptFileW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegDeleteKeyW

kernel32

FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
CreateFileW
CloseHandle
GetLocalTime
SetFilePointer
FileTimeToLocalFileTime
CreateDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
AreFileApisANSI
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
CreateToolhelp32Snapshot
ReadFile
Process32NextW
Process32FirstW
ReadProcessMemory
K32EnumProcessModules
VirtualQueryEx
GetBinaryTypeW
SetLastError
TerminateProcess
CreateProcessW
SetErrorMode
GetEnvironmentVariableW
ExitProcess
GetSystemDirectoryW
CreateThread
CreatePipe
PeekNamedPipe
DisconnectNamedPipe
TerminateThread
FreeConsole
GetConsoleWindow
AllocConsole
lstrlenW
lstrcpyW
HeapSetInformation
SearchPathW
GetStdHandle
GetShortPathNameW
GetConsoleCP
LocalAlloc
DuplicateHandle
GetConsoleMode
SetFilePointerEx
GetTimeFormatW
GetDateFormatW
GetVolumeInformationW
CompareStringW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
lstrcpynW
SetConsoleMode
SetEnvironmentVariableW
FreeEnvironmentStringsW
SetFileAttributesW
SetVolumeLabelW
FillConsoleOutputCharacterW
GetCurrentDirectoryW
FillConsoleOutputAttribute
SetStdHandle
SetCurrentDirectoryW
CopyFileW
GetTempFileNameW
SetConsoleCursorPosition
lstrcmpiW
GetEnvironmentStringsW
lstrcmpW
SetConsoleTitleW
MoveFileW
GetExitCodeProcess
GetStartupInfoW
ReadConsoleW
WriteConsoleW
GetModuleHandleW
GetProcessHeap
FileTimeToSystemTime
GetVersionExW
GetCurrentProcess
HeapFree
QueryPerformanceFrequency
CreateProcessA
RaiseException
LoadLibraryA
GetLastError
InitializeCriticalSectionEx
GetTempPathW
GetCurrentProcessId
GetProcAddress
GetWindowsDirectoryW
Sleep
OpenProcess
K32GetModuleFileNameExA
GetModuleHandleA
SetEnvironmentVariableA
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SystemTimeToTzSpecificLocalTime
GetFileType
GetDriveTypeW
GetACP
GetModuleFileNameW
GetModuleHandleExW
FreeLibraryAndExitThread
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
GlobalFree
GetFileSizeEx
SetConsoleScreenBufferSize
PowerCreateRequest
VirtualQuery
VirtualAlloc
VirtualFree
FlushInstructionCache
VirtualProtect
OpenThread
GetFileTime
SetThreadContext
GetThreadContext
GetSystemDirectoryA
ResumeThread
SuspendThread
GetStringTypeW
GetCPInfo
LCMapStringW
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlTryEnterCriticalSection
RtlSizeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlDeleteCriticalSection
RtlDecodePointer
RtlExitUserThread
RtlInterlockedPushEntrySList
RtlEncodePointer
RtlInitializeSListHead

Sections

rec_0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rec_1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rec_2
Size: 932KB - Virtual size: 932KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rec_3
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rec_4
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rec_5
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rec_6
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9270c6df436a72d8a31a1924e93468e8

Headers

File Characteristics

Imports

advapi32

kernel32

ntdll

Sections

rec_0 Size: 4KB - Virtual size: 4KB

rec_1 Size: 2.2MB - Virtual size: 2.2MB

rec_2 Size: 932KB - Virtual size: 932KB

rec_3 Size: 264KB - Virtual size: 264KB

rec_4 Size: 76KB - Virtual size: 76KB

rec_5 Size: 4KB - Virtual size: 4KB

rec_6 Size: 32KB - Virtual size: 32KB

rec_0
Size: 4KB - Virtual size: 4KB

rec_1
Size: 2.2MB - Virtual size: 2.2MB

rec_2
Size: 932KB - Virtual size: 932KB

rec_3
Size: 264KB - Virtual size: 264KB

rec_4
Size: 76KB - Virtual size: 76KB

rec_5
Size: 4KB - Virtual size: 4KB

rec_6
Size: 32KB - Virtual size: 32KB