516a336ed014f08c1081864f4ba4848e11ec6635b6cb9905189ae5f5e89497f9

Sharing

Copy URL

Twitter E-mail

General

Target

516a336ed014f08c1081864f4ba4848e11ec6635b6cb9905189ae5f5e89497f9
Size

1.9MB
MD5

f0025e66fb8a3e6e98f765245a6eb6b8
SHA1

cd1f9d8edb46b3567804bbac4c099e717a337f8f
SHA256

516a336ed014f08c1081864f4ba4848e11ec6635b6cb9905189ae5f5e89497f9
SHA512

b6f6644f4f934a79eecbb8de0c395aabf1e7f8d18cd36a78ac2d9bcd91112d39d35de1f4b8687440e39da306b14c65ecea85a85319293764058b85269e407f5d
SSDEEP

49152:WfCK+NulnGtBMzqCrnCCjR32O9LiQD07zLRVgaOzzaxo0b:Wb+N0GjMDrCJO9HD0MiGC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
516a336ed014f08c1081864f4ba4848e11ec6635b6cb9905189ae5f5e89497f9

Files

516a336ed014f08c1081864f4ba4848e11ec6635b6cb9905189ae5f5e89497f9
.dll windows:5 windows x86 arch:x86

82b88936b4a19d3e1e6e21a3763383b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathAddExtensionW
PathRemoveBlanksW
UrlEscapeW
PathRenameExtensionW

winscard

SCardIntroduceCardTypeW

wininet

RetrieveUrlCacheEntryFileA

opengl32

glPopAttrib

urlmon

CoInternetQueryInfo
RegisterBindStatusCallback

setupapi

SetupDiEnumDeviceInfo

ole32

HWND_UserMarshal
CoWaitForMultipleHandles

esent

JetTerm

shell32

ExtractIconExW
SHSetLocalizedName

kernel32

HeapSize
IsValidLocale
GetLocaleInfoW
FreeEnvironmentStringsA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LocalFlags
FillConsoleOutputCharacterW
WritePrivateProfileStringW
GetEnvironmentStrings
WriteConsoleW
UnregisterWait
GetTimeZoneInformation
FatalAppExitA
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
GetSystemDefaultUILanguage
GlobalDeleteAtom
DuplicateHandle
GetDateFormatA
GetTimeFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocalTime
GetSystemTimeAsFileTime
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
CloseHandle
CreateFileA
LoadLibraryA
InterlockedExchange
FreeLibrary
CompareStringA
CompareStringW
GetVolumePathNameW
SetConsoleCtrlHandler
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
Sleep
GetModuleHandleW
GetProcAddress
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
RtlUnwind
SetEnvironmentVariableA

lz32

GetExpandedNameW

gdi32

CombineRgn
GetTextCharacterExtra
IntersectClipRect
SetBitmapBits
SelectPalette
OffsetRgn

user32

SetClassWord
ToAsciiEx
SetMenuInfo
InvalidateRgn
MessageBoxExW
OpenIcon
GetCaretPos

rasapi32

RasHangUpW

crypt32

CryptMsgUpdate
CryptMsgControl

mprapi

MprConfigServerConnect

winmm

mmioCreateChunk
midiInUnprepareHeader
mixerGetNumDevs

rpcrt4

NdrPointerBufferSize

advapi32

ReadEncryptedFileRaw
QueryServiceConfigW
NotifyBootConfigStatus
FreeEncryptionCertificateHashList

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 932KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 904KB - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82b88936b4a19d3e1e6e21a3763383b8

Headers

File Characteristics

Imports

shlwapi

winscard

wininet

opengl32

urlmon

setupapi

ole32

esent

shell32

kernel32

lz32

gdi32

user32

rasapi32

crypt32

mprapi

winmm

rpcrt4

advapi32

Exports

Exports

Sections

.text Size: 932KB - Virtual size: 930KB

.qdata Size: 904KB - Virtual size: 901KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 44KB - Virtual size: 51KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 932KB - Virtual size: 930KB

.qdata
Size: 904KB - Virtual size: 901KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 44KB - Virtual size: 51KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 16KB - Virtual size: 14KB