f28e02939650c93a3a5eef573ab5f07fc72cc96afe23a84c1e9824ed9e665ee8

Sharing

Copy URL Twitter E-mail

General

Target

f28e02939650c93a3a5eef573ab5f07fc72cc96afe23a84c1e9824ed9e665ee8
Size

355KB
MD5

d1c7325f0dddc29f5f81f4fc7a0402b2
SHA1

4d503306d7fab5f94c43e2b22e9652ac82d09a01
SHA256

f28e02939650c93a3a5eef573ab5f07fc72cc96afe23a84c1e9824ed9e665ee8
SHA512

521d1a723cd5d1b678248c51edd006f4ceaf652a3a80b64297d30fc522704b949420534c58ff25426f93b78a6ad83360328fe5877a86e619db6f9bcf84fae10d
SSDEEP

6144:r83cmPQACq/ggI/JRnSdmeS8cCdhhTcKiObzIfJN4Q0AtHyQL+sP:rocmPVCwKDnomeS8csrCrRN4hAtGsP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f28e02939650c93a3a5eef573ab5f07fc72cc96afe23a84c1e9824ed9e665ee8

Files

f28e02939650c93a3a5eef573ab5f07fc72cc96afe23a84c1e9824ed9e665ee8
.dll windows:6 windows x86 arch:x86

cba6a0c5749a635c20196dd98a67151a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

GetCurrentProcess
GetModuleFileNameW
K32GetProcessImageFileNameA
OpenProcess
GetModuleHandleExA
GetLastError
K32GetModuleInformation
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FreeLibrary
WriteFile
GetTempPathW
CreateFileW
GetFileAttributesW
DeleteFileW
CloseHandle
RemoveVectoredExceptionHandler
Thread32Next
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetCurrentThread
AddVectoredExceptionHandler
GetThreadContext
TerminateThread
FlushInstructionCache
SetThreadContext
OpenThread
TerminateProcess
GetModuleHandleA
Module32FirstW
Module32NextW
K32GetModuleBaseNameW
VirtualQuery
ReadFile
GetTickCount64
QueryPerformanceCounter
GetTickCount
WaitForSingleObject
WaitForMultipleObjects
VirtualFree
CreateThread
LocalAlloc
CreateEventW
CancelSynchronousIo
HeapCreate
HeapFree
Thread32First
HeapReAlloc
HeapAlloc
HeapDestroy
VirtualAlloc
HeapSize
Sleep
VirtualProtect
WriteConsoleW
GetThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetCurrentDirectoryW
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
ReadConsoleW

mscoree

CLRCreateInstance

Exports

Exports

Run

Sections

.text
Size: 259KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cba6a0c5749a635c20196dd98a67151a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mscoree

Exports

Exports

Sections

.text Size: 259KB - Virtual size: 260KB

.rdata Size: 72KB - Virtual size: 76KB

.data Size: 4KB - Virtual size: 1.0MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 16KB

.SCY Size: 3KB - Virtual size: 4KB

.text
Size: 259KB - Virtual size: 260KB

.rdata
Size: 72KB - Virtual size: 76KB

.data
Size: 4KB - Virtual size: 1.0MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 16KB

.SCY
Size: 3KB - Virtual size: 4KB