0c57a3417748f4ceade6003ed8f7fa75568d72bb7276506a26934788f462f8fb

Sharing

Copy URL

Twitter E-mail

General

Target

0c57a3417748f4ceade6003ed8f7fa75568d72bb7276506a26934788f462f8fb
Size

385KB
MD5

62bcbeb681d14b0e65e4b5dfec64dfab
SHA1

dded2c2bd0620745bec093587d57bffac7628675
SHA256

0c57a3417748f4ceade6003ed8f7fa75568d72bb7276506a26934788f462f8fb
SHA512

ed63306020f0eaea9185813d90ca788d0c9588bf26e005bb2d1e91ecce7f368061d6d61393991ab21b8fe41c57ab55098297ed709dd8e0aaba85150426c61c75
SSDEEP

6144:hJJS3eW6kyXHxJSUn0mT8Sc/T4F1bpxg8hyf2:vs3eVdXHZv3DEf2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c57a3417748f4ceade6003ed8f7fa75568d72bb7276506a26934788f462f8fb

Files

0c57a3417748f4ceade6003ed8f7fa75568d72bb7276506a26934788f462f8fb
.dll windows:6 windows x86 arch:x86

be497637c9a9dae522a2479346e88d64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord160
ord119
ord114
ord121
ord165
ord116
ord118
ord159
ord32
ord17
ord125
ord48
ord80
ord51
ord103
ord171
ord74
ord145
ord49
ord8

mpr

WNetGetUniversalNameW

kernel32

LoadLibraryExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
GetTempFileNameW
GetTempPathW
GetSystemDirectoryW
GetDriveTypeW
FindResourceW
FormatMessageW
WriteFile
SizeofResource
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
QueryPerformanceCounter
lstrcatW
GetTickCount
SystemTimeToFileTime
ResetEvent
SetEvent
lstrcpynW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleFileNameA
GetFileType
HeapReAlloc
GetProcessHeap
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
LoadResource
SetLastError
GetLastError
LocalFree
LockResource
FreeResource
CreateProcessW
GetModuleHandleW
GetModuleFileNameW
lstrlenW
lstrcpyW
CloseHandle
Sleep
GetProcAddress
GetUserDefaultLCID
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetACP
lstrcmpiW
GetModuleHandleExW
ExitProcess
EncodePointer
DecodePointer
LCMapStringW
GetCurrentProcess
TerminateProcess
GetFileSize
ReadFile
SetFilePointer
FindClose
GetSystemInfo
CreateEventW
LoadLibraryW
GetWindowsDirectoryW
QueryPerformanceFrequency
GetStdHandle

user32

TranslateMessage
PeekMessageW
GetDesktopWindow
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
CharUpperBuffW
WaitForInputIdle
wsprintfW

advapi32

RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

ole32

StringFromGUID2
CoCreateGuid
CreateItemMoniker
GetRunningObjectTable
CoInitialize
CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysReAllocStringLen
SysAllocStringLen
VarUI4FromStr
VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString
SysStringLen

wininet

InternetQueryOptionW
InternetOpenUrlW
InternetCrackUrlW
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetErrorDlg
InternetGetConnectedState
InternetAutodial
InternetConnectW

Exports

Exports

ISLockPermissionsCostAction
ISLockPermissionsInstallAction

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be497637c9a9dae522a2479346e88d64

Headers

DLL Characteristics

File Characteristics

Imports

msi

mpr

kernel32

user32

advapi32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 180KB - Virtual size: 180KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 180KB - Virtual size: 180KB

.reloc
Size: 22KB - Virtual size: 22KB