fcfecb2870f2a821755786c7bf25431eb14e392f80d1dd615796e722f6023d91

Sharing

Copy URL Twitter E-mail

General

Target

fcfecb2870f2a821755786c7bf25431eb14e392f80d1dd615796e722f6023d91
Size

430KB
MD5

e14fad5194448d5ad805ff82a6979507
SHA1

86c4b79e30290357f5b2bdf38572015f9450790a
SHA256

fcfecb2870f2a821755786c7bf25431eb14e392f80d1dd615796e722f6023d91
SHA512

28adb34f5dcc157e56f78d4a1a44e871d0aae715948e19c8d3a779b8af18724807c012a30b54fd6b34fbaefe2c1cf9b416b537fc3fe2cdcb6554f23a664cbd4a
SSDEEP

6144:Qg+KnRsT6sGp3hcIcJfQi2198zJfoKyMAPXbRPHDy71Ac+2V:FjW5yPv1WzJzAPrdo1D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcfecb2870f2a821755786c7bf25431eb14e392f80d1dd615796e722f6023d91

Files

fcfecb2870f2a821755786c7bf25431eb14e392f80d1dd615796e722f6023d91
.dll windows:6 windows x64 arch:x64

af07dd4352a7d8cc23d294d686f198a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

GetCurrentProcess
GetModuleFileNameW
K32GetProcessImageFileNameA
OpenProcess
GetModuleHandleExA
GetLastError
K32GetModuleInformation
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FreeLibrary
WriteFile
GetTempPathW
CreateFileW
GetFileAttributesW
DeleteFileW
CloseHandle
RemoveVectoredExceptionHandler
Thread32Next
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetCurrentThread
AddVectoredExceptionHandler
GetThreadContext
GetThreadId
TerminateThread
SetThreadContext
OpenThread
TerminateProcess
GetModuleHandleA
Module32FirstW
Module32NextW
K32GetModuleBaseNameW
VirtualQuery
ReadFile
GetTickCount64
QueryPerformanceCounter
GetTickCount
WaitForSingleObject
WaitForMultipleObjects
VirtualFree
CreateThread
LocalAlloc
CreateEventW
CancelSynchronousIo
HeapCreate
HeapFree
Thread32First
HeapReAlloc
HeapAlloc
HeapDestroy
VirtualAlloc
GetSystemInfo
WriteConsoleW
Sleep
VirtualProtect
FlushInstructionCache
FlsAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
RtlUnwind
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetCurrentDirectoryW
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
ReadConsoleW
HeapSize

mscoree

CLRCreateInstance

Exports

Exports

Run

Sections

Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 99KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af07dd4352a7d8cc23d294d686f198a5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mscoree

Exports

Exports

Sections

Size: 298KB - Virtual size: 300KB

Size: 99KB - Virtual size: 104KB

Size: 5KB - Virtual size: 1.0MB

Size: 17KB - Virtual size: 20KB

Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 4KB

.SCY Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 4KB

.SCY
Size: 4KB - Virtual size: 4KB