ed58d5de3a29c1bc32a0d9b4140dbe79c511c25073277114a236946151da6fbe

Sharing

Copy URL Twitter E-mail

General

Target

ed58d5de3a29c1bc32a0d9b4140dbe79c511c25073277114a236946151da6fbe
Size

2.7MB
MD5

a5190b46c83a8f3a20374dfc1c950c76
SHA1

738500ea1bba9b56a0d477f2f58b87bbf9d8a156
SHA256

ed58d5de3a29c1bc32a0d9b4140dbe79c511c25073277114a236946151da6fbe
SHA512

d1f807943dcc3c9ee787823064e466f3c28b2c6b7ed4ceea1bf15a54e5f2fff9e1c6b4ca54e65da4dc96f972ba112ed597f7e05b5ca0ed9bfb7a288d72c9869d
SSDEEP

49152:klr0dqNARfHW1evMBUF+B6/MMpPU9fVaTVg1gMGyG/BTD4EXpOvfwmENFPbjPnll:k900NARfHW1GMOF+vcy2W1gMG5gEcEjp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed58d5de3a29c1bc32a0d9b4140dbe79c511c25073277114a236946151da6fbe

Files

ed58d5de3a29c1bc32a0d9b4140dbe79c511c25073277114a236946151da6fbe
.dll windows:5 windows x86 arch:x86

e8c2adc8508ea1186295e15f36dff2ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegEnumKeyW
AccessCheckByType
NotifyBootConfigStatus
SetSecurityDescriptorDacl

esent

JetSeek

setupapi

SetupDiEnumDeviceInfo

mprapi

MprConfigGetFriendlyName

gdi32

StrokeAndFillPath
GetTextExtentExPointI
PlayEnhMetaFileRecord
GetTextCharacterExtra
SelectObject
GetEnhMetaFilePaletteEntries

crypt32

CryptSIPRetrieveSubjectGuidForCatalogFile
CertAddEncodedCRLToStore

shlwapi

UrlIsOpaqueW
PathIsSameRootW
UrlEscapeW
PathBuildRootA
SHRegSetUSValueW

kernel32

GetTimeZoneInformation
CompareStringA
CompareStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetLogicalDriveStringsA
ReleaseMutex
GlobalFindAtomA
OpenSemaphoreW
SetThreadAffinityMask
GlobalFree
DefineDosDeviceA
UnlockFile
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
GlobalDeleteAtom
DuplicateHandle
GetSystemDefaultUILanguage
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoA
GetLocaleInfoW
HeapSize
GetCommandLineA
CloseHandle
CreateFileA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetModuleFileNameA
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RtlUnwind
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
HeapAlloc
VirtualAlloc
HeapReAlloc
Sleep
GetModuleHandleW
GetProcAddress
ExitProcess
SetFilePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
SetEnvironmentVariableA

winmm

mixerGetNumDevs
midiOutUnprepareHeader
timeKillEvent

ole32

CoWaitForMultipleHandles
CoQueryClientBlanket

user32

DialogBoxParamA
GetClassInfoW
MsgWaitForMultipleObjects
SetMessageExtraInfo
GetLastActivePopup
DrawAnimatedRects
GetClipboardFormatNameW

urlmon

CopyStgMedium
FaultInIEFeature

rasapi32

RasHangUpW

wininet

FtpFindFirstFileA

winscard

SCardConnectA

opengl32

glTexImage2D

lz32

GetExpandedNameW

rpcrt4

NdrPointerBufferSize

shell32

SHGetPathFromIDListA

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8c2adc8508ea1186295e15f36dff2ec

Headers

File Characteristics

Imports

advapi32

esent

setupapi

mprapi

gdi32

crypt32

shlwapi

kernel32

winmm

ole32

user32

urlmon

rasapi32

wininet

winscard

opengl32

lz32

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.qdata Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 248KB - Virtual size: 257KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 132KB - Virtual size: 129KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.qdata
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 248KB - Virtual size: 257KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 132KB - Virtual size: 129KB