b46be174a59d36d1900d998ea76a3dfcc6b03b34c6b82a439746efeae9473844

Sharing

Copy URL Twitter E-mail

General

Target

b46be174a59d36d1900d998ea76a3dfcc6b03b34c6b82a439746efeae9473844
Size

1.0MB
MD5

57e59419813765ba695c3c012fd1a5b0
SHA1

ad39d88b3acac65be6b5e0b22b2a97300f5f6de8
SHA256

b46be174a59d36d1900d998ea76a3dfcc6b03b34c6b82a439746efeae9473844
SHA512

3665a39de8df6d4ba06d0a7a2967ba340616c5c2499724eeb6b7de8827bee4ad7f32b036fa71e309c5007830e388252ed587e5e0b01acb671209d9470c9c02b1
SSDEEP

12288:MwyZDmXcypRiLkEe5A+8rQ0ryktkbMo+d2eC2FeRBhXO+3ee5/mqB:5yFbypQje5P8rQ0r/WIDdbePtOMeekw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b46be174a59d36d1900d998ea76a3dfcc6b03b34c6b82a439746efeae9473844

Files

b46be174a59d36d1900d998ea76a3dfcc6b03b34c6b82a439746efeae9473844
.dll regsvr32 windows:5 windows x64 arch:x64

5e72dc73fd0adb39ed44fa4780050285

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
lstrlenW
FreeLibrary
GetProcAddress
OpenProcess
LoadLibraryW
GetCurrentThreadId
Sleep
GetLogicalDriveStringsW
GetModuleFileNameW
LocalAlloc
LocalFree
TerminateProcess
WaitForSingleObject
GetProcessHeap
GetVersionExW
OutputDebugStringW
VirtualQuery
GetCurrentProcessId
GetModuleFileNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalLock
GlobalUnlock
lstrcpynW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
MoveFileW
DeleteFileW
CreateFileW
CreateDirectoryW
FindResourceW
CloseHandle
FindClose
ReadFile
WriteFile
SizeofResource
LoadResource
GetLastError
GetCurrentProcess
LockResource
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
WriteConsoleW
GetTimeZoneInformation
RtlUnwind
SetEndOfFile
SetStdHandle
ReadConsoleW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetACP
GetModuleHandleExW
ExitProcess
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
RtlPcToFileHeader
RtlUnwindEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
TryEnterCriticalSection
GetStringTypeW
QueryPerformanceCounter
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore

user32

wsprintfW

advapi32

GetUserNameW
LookupAccountSidW
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathW
DragQueryFileW
ShellExecuteExW

ole32

ReleaseStgMedium

shlwapi

PathFileExistsA
PathFileExistsW
SHDeleteKeyW
PathRemoveFileSpecW
PathRemoveFileSpecA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetProcessImageFileNameW
EnumProcesses

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e72dc73fd0adb39ed44fa4780050285

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

psapi

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 444KB

.rdata Size: 177KB - Virtual size: 176KB

.data Size: 13KB - Virtual size: 20KB

.pdata Size: 24KB - Virtual size: 24KB

.rsrc Size: 362KB - Virtual size: 361KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 444KB - Virtual size: 444KB

.rdata
Size: 177KB - Virtual size: 176KB

.data
Size: 13KB - Virtual size: 20KB

.pdata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 362KB - Virtual size: 361KB

.reloc
Size: 5KB - Virtual size: 5KB