fb78dd5b1f10d6a8a9c1687c0d331cf3468ab68dd1c9c65fea2c6f3b82c13fd0

Sharing

Copy URL Twitter E-mail

General

Target

fb78dd5b1f10d6a8a9c1687c0d331cf3468ab68dd1c9c65fea2c6f3b82c13fd0
Size

989KB
MD5

00d23828b69e974f15dbaa7e4ec5cb66
SHA1

c42f61cde0235e050148999da26d4b52a58d1afd
SHA256

fb78dd5b1f10d6a8a9c1687c0d331cf3468ab68dd1c9c65fea2c6f3b82c13fd0
SHA512

dcc8fca67cb0390c4344ae6c06dfe9f4f916e398969badb2c4145ea741b85080924405e41d15d335e66247b3e27fc9b104beaf57a2b7a6f4f13f0ed3786c5886
SSDEEP

12288:0WJDTXOlDz0cgO0v74zdRXL9cfmD6lv7va1AyUx3vFZVo:/xqlDLgO9LM4ODi1pC/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb78dd5b1f10d6a8a9c1687c0d331cf3468ab68dd1c9c65fea2c6f3b82c13fd0

Files

fb78dd5b1f10d6a8a9c1687c0d331cf3468ab68dd1c9c65fea2c6f3b82c13fd0
.dll windows:6 windows x64 arch:x64

2440b8282fca5a18d080a2bf98907466

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
DeleteCriticalSection
GetSystemInfo
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
GetLastError
OpenProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetLogicalDriveStringsW
GetModuleFileNameW
GetEnvironmentVariableW
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLocalTime
ReadFile
CreatePipe
CreateProcessW
SetEnvironmentVariableA
LoadLibraryW
CreateFileW
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
ReadConsoleW
CreateDirectoryW
FindNextFileW
FindFirstFileExW
GetFileAttributesExW
SetFilePointerEx
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
DeleteFileW
GetProcessHeap
HeapSize
AreFileApisANSI
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetStringTypeW
HeapFree
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateProcessA
GetCommandLineA
GetCPInfo
HeapAlloc
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
GetModuleHandleW
GetProcAddress
CreateSemaphoreW
CreateThread
ExitThread
LoadLibraryExW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
SetEndOfFile

user32

RegisterClassExW
CreateWindowExW
DispatchMessageW
LoadCursorW
MessageBoxW
DestroyWindow
DefWindowProcW
SendMessageW
GetMessageW
GetSystemMetrics
TranslateMessage

shell32

ShellExecuteExW

ole32

CoCreateGuid

ws2_32

send
recv
WSACleanup
WSAAsyncSelect
inet_addr
WSAStartup
connect
closesocket
WSAGetLastError
inet_ntoa
setsockopt
accept
bind
listen
shutdown
htonl
recvfrom
sendto
ntohl
gethostbyname
socket
WSAIoctl
htons

wininet

InternetOpenUrlW
InternetOpenW
InternetReadFile

urlmon

URLDownloadToFileA

psapi

GetProcessImageFileNameW

Exports

Exports

clinkStart
clinkStop
getListenState
setIPWriteLocalFile
setPortConflictAlert
setSourceCode

Sections

.text
Size: 711KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2440b8282fca5a18d080a2bf98907466

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

ws2_32

wininet

urlmon

psapi

Exports

Exports

Sections

.text Size: 711KB - Virtual size: 711KB

.rdata Size: 187KB - Virtual size: 187KB

.data Size: 15KB - Virtual size: 45KB

.pdata Size: 52KB - Virtual size: 51KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 711KB - Virtual size: 711KB

.rdata
Size: 187KB - Virtual size: 187KB

.data
Size: 15KB - Virtual size: 45KB

.pdata
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB