df393efbfad90ef095388585898a26fcf973eb2d8a2116520b5164047c093400

Sharing

Copy URL Twitter E-mail

General

Target

df393efbfad90ef095388585898a26fcf973eb2d8a2116520b5164047c093400
Size

3.2MB
MD5

15dc1147cea5b35d1d754a9bb6594d0a
SHA1

5607198f352aa6ff482da5b89164f6f11a488962
SHA256

df393efbfad90ef095388585898a26fcf973eb2d8a2116520b5164047c093400
SHA512

39353f631673e83c31bb84a24c327570ddd2346ebef9ab9aebee1db0130136facd3dcc23e08171e6dcacf3889dd3827450c978510d5b52f95c3e1a252cdabbd4
SSDEEP

98304:WaQgNFFRqJtbrEhTIH0Cokvnbe3jYDEdtdnR:W6LFotbrEhFkvbOdrR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df393efbfad90ef095388585898a26fcf973eb2d8a2116520b5164047c093400

Files

df393efbfad90ef095388585898a26fcf973eb2d8a2116520b5164047c093400
.dll windows:5 windows x86 arch:x86

92e4ff2dfa9addb88d660c2f24ff1699

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

RestoreDC
TextOutW
CombineRgn
GetCurrentPositionEx
GetEnhMetaFileHeader
CombineTransform
EnumMetaFile
SetBrushOrgEx
Ellipse
DeleteColorSpace
SetROP2
GetTextCharacterExtra
BeginPath
SetICMProfileA

setupapi

CM_Get_Res_Des_Data_Ex
CM_Get_Child
SetupInstallFromInfSectionW
SetupDiOpenDeviceInterfaceW
SetupPromptReboot
SetupDiCreateDeviceInfoA
SetupDiOpenClassRegKey
SetupDiGetClassImageList
CM_Connect_MachineW
SetupOpenInfFileA
CM_Get_Sibling
SetupDiSetClassInstallParamsW
CM_Get_DevNode_Registry_PropertyA

winscard

SCardDisconnect
g_rgSCardRawPci
SCardReleaseContext

kernel32

CreateMutexA
GetThreadTimes
GetProcessTimes
FlushViewOfFile
WaitForMultipleObjectsEx
UnregisterWait
GetTapeParameters
GetModuleHandleA
Process32FirstW
CommConfigDialogW
SwitchToFiber
CreatePipe
GetSystemTimeAdjustment
GetModuleFileNameW
GetModuleFileNameA
GetBinaryTypeA
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCommandLineA
LoadLibraryA
InterlockedExchange
FreeLibrary
OutputDebugStringA
GetVersion
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemDirectoryA
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
WriteFile
ExitProcess
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
GetTimeZoneInformation
WideCharToMultiByte
Sleep
HeapFree
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
MulDiv
GetDiskFreeSpaceExA
CreateEventA
FindResourceExA
GetCurrentActCtx
WriteConsoleInputA
VirtualFree
SetMailslotInfo
GetFileTime
GetDriveTypeW
GetCommConfig
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
HeapAlloc
GetDateFormatA
GetTimeFormatA
CreateDirectoryA
SetFileShortNameW
FatalAppExitA
MoveFileW
DefineDosDeviceA
UnregisterWaitEx
EnumResourceLanguagesW
CreateFileA
MoveFileA
GetComputerNameExA
PeekNamedPipe
TryEnterCriticalSection
GetLocaleInfoW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeW

mprapi

MprAdminInterfaceGetHandle
MprAdminPortDisconnect
MprConfigInterfaceEnum
MprAdminUserGetInfo
MprAdminInterfaceTransportAdd

winspool.drv

GetPrinterDriverDirectoryA

crypt32

PFXExportCertStore
CertCompareIntegerBlob
CryptUnprotectData
PFXImportCertStore
CryptHashCertificate
CryptEncodeObject
CertOIDToAlgId
CertFindRDNAttr
CertDuplicateCertificateContext
CertComparePublicKeyInfo

netapi32

NetUserAdd
NetLocalGroupAddMember
NetShareDel
NetApiBufferFree
NetLocalGroupGetMembers

ole32

CoInitializeSecurity
CLIPFORMAT_UserMarshal
DoDragDrop
OleGetIconOfClass
OleCreateDefaultHandler
OleSetMenuDescriptor

ws2_32

gethostbyaddr

rasapi32

RasEnumAutodialAddressesW
RasGetAutodialAddressW

opengl32

glTranslated

shell32

ExtractIconA
ShellExecuteExW

msacm32

acmFormatTagEnumW

wininet

HttpSendRequestExA
InternetSetCookieW
InternetQueryOptionW

imm32

ImmGetOpenStatus

msvfw32

ICImageDecompress

lz32

LZRead

urlmon

CoInternetIsFeatureZoneElevationEnabled

winmm

waveInGetNumDevs
midiInPrepareHeader
mixerGetControlDetailsA
mmioClose
mmioAscend
waveInReset
timeSetEvent
waveOutPrepareHeader
midiStreamRestart

shlwapi

PathUnmakeSystemFolderW
StrSpnW
StrToIntW
StrCpyNW
UrlGetPartA
StrToIntA
UrlGetLocationW
SHSkipJunction
StrCSpnW
StrRStrIW
SHRegOpenUSKeyA
PathCombineA

secur32

InitSecurityInterfaceW
EnumerateSecurityPackagesW
GetComputerObjectNameW
FreeCredentialsHandle

rpcrt4

NdrStubCall2
RpcImpersonateClient
RpcAsyncAbortCall
I_RpcNsBindingSetEntryNameW
NdrSimpleTypeUnmarshall

advapi32

CryptSignHashW
CryptReleaseContext
ChangeServiceConfigW
RegQueryValueExA
SetNamedSecurityInfoW
CreateServiceA
DeleteAce
CreateServiceW
CryptEnumProviderTypesW
GetExplicitEntriesFromAclW
SetEntriesInAclA
LogonUserA
SaferCreateLevel
GetSecurityInfo
CryptEncrypt
FindFirstFreeAce
ClearEventLogA
SetThreadToken
GetNamedSecurityInfoA
LookupPrivilegeNameA
AddAuditAccessObjectAce

clusapi

OpenClusterResource
ClusterResourceControl

user32

MapVirtualKeyExA
MapVirtualKeyA
ShowWindow
DefDlgProcW
GetWindowDC
GetDlgItemTextW
DefWindowProcW
CopyAcceleratorTableA
MonitorFromWindow
IsWindowVisible
IsCharAlphaW
PostThreadMessageA
SendNotifyMessageA
GetNextDlgGroupItem
GetWindowThreadProcessId
LoadImageA
GetInputState
GetClassInfoExW
GetDialogBaseUnits
SetMenuItemInfoW
InSendMessageEx
OffsetRect
GetPropW
UnhookWinEvent
CreateIconFromResourceEx
ClipCursor
IsWinEventHookInstalled
MapWindowPoints

comctl32

ImageList_DrawEx

esent

JetPrepareUpdate
JetIndexRecordCount

oleaut32

VarDateFromCy
VarBoolFromStr
VarR4FromCy
VarR8FromUI4

mscms

GetColorProfileHeader
DisassociateColorProfileFromDeviceW

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92e4ff2dfa9addb88d660c2f24ff1699

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

setupapi

winscard

kernel32

mprapi

winspool.drv

crypt32

netapi32

ole32

ws2_32

rasapi32

opengl32

shell32

msacm32

wininet

imm32

msvfw32

lz32

urlmon

winmm

shlwapi

secur32

rpcrt4

advapi32

clusapi

user32

comctl32

esent

oleaut32

mscms

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.qdata Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 252KB - Virtual size: 258KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 52KB - Virtual size: 49KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.qdata
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 252KB - Virtual size: 258KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 52KB - Virtual size: 49KB