08dc4fbadccc768d9e628b770d900fd9e0e5b9e7d3a65b5889e3a3bfa61dee8c

Sharing

Copy URL Twitter E-mail

General

Target

08dc4fbadccc768d9e628b770d900fd9e0e5b9e7d3a65b5889e3a3bfa61dee8c
Size

2.0MB
MD5

16d7acd79d310f5c66779834632cec84
SHA1

bb54e1ff0f50d3f2a47a2e745ddb0fadceec462c
SHA256

08dc4fbadccc768d9e628b770d900fd9e0e5b9e7d3a65b5889e3a3bfa61dee8c
SHA512

35a90ee930930efa55d3ed65f6f46f401cda69df47dbfc59317e4963145e68e0b297141b436c6473aa2121ad8a0713e02ace70f9d2e3931da26cebaa9296169d
SSDEEP

49152:WOHbKW94CiaaVYH9/1TJCRzy+3lhOsfK:W6KW94VaaVG9nCRjTOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08dc4fbadccc768d9e628b770d900fd9e0e5b9e7d3a65b5889e3a3bfa61dee8c

Files

08dc4fbadccc768d9e628b770d900fd9e0e5b9e7d3a65b5889e3a3bfa61dee8c
.dll windows:5 windows x86 arch:x86

f4510b96d0f513c8dcec70aeee299494

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvfw32

ICImageDecompress

imm32

ImmIsIME

shell32

ShellExecuteExW
DragAcceptFiles
SHLoadNonloadedIconOverlayIdentifiers

opengl32

glTranslated

clusapi

OpenCluster
ClusterResourceEnum

setupapi

CM_Get_Sibling
SetupGetFieldCount
SetupDiGetClassImageList
SetupDiDestroyClassImageList
SetupSetFileQueueAlternatePlatformW
CM_Get_DevNode_Custom_PropertyW
SetupDiGetWizardPage
SetupGetFileQueueCount
CM_Setup_DevNode
SetupGetIntField
CM_Get_DevNode_Registry_PropertyA
SetupGetFileCompressionInfoW
SetupFindNextLine

shlwapi

StrSpnW
PathFindOnPathW
UrlGetLocationW
SHSkipJunction
StrToIntW
PathRenameExtensionW
StrCSpnW
UrlGetPartA
StrRChrIA
PathIsUNCA

winscard

g_rgSCardRawPci
SCardDisconnect
SCardReleaseContext

mscms

IsColorProfileValid

lz32

LZOpenFileW
LZClose

kernel32

LCMapStringA
BuildCommDCBW
SetComputerNameExW
BeginUpdateResourceA
GetSystemWow64DirectoryA
GetProcessAffinityMask
FindResourceExA
SetMailslotInfo
GetEnvironmentStringsW
GetModuleHandleA
Process32FirstW
GetConsoleFontSize
MulDiv
GetStringTypeW
GetTapeParameters
WaitForMultipleObjectsEx
GetCommTimeouts
SetConsoleScreenBufferSize
TryEnterCriticalSection
CreateFileMappingA
GetLargestConsoleWindowSize
OutputDebugStringA
IsDBCSLeadByteEx
CreatePipe
GetModuleFileNameW
GetModuleFileNameA
GetBinaryTypeA
HeapAlloc
GetLastError
MoveFileA
GetDriveTypeW
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
MultiByteToWideChar
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OpenMutexA
CompareStringA
CompareStringW
FatalAppExitA
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
ReadFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
GetCommandLineA
GetTimeZoneInformation
SetFilePointer
SetStdHandle
GetConsoleCP
FlushFileBuffers
HeapSize
GetLocaleInfoW
FreeEnvironmentStringsA
CreateEventA
FreeEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
WriteConsoleInputW
CreateDirectoryA
GetFileTime
GetProcessId
Process32Next
IsBadStringPtrW
VerLanguageNameA
IsDebuggerPresent
GetConsoleMode
GetCPInfo
GetEnvironmentStrings

wininet

InternetErrorDlg
SetUrlCacheEntryInfoW
HttpSendRequestExW

advapi32

CreateServiceA
SetNamedSecurityInfoW
StartServiceA
CryptEncrypt
AddAuditAccessObjectAce
CryptEnumProvidersW
GetFileSecurityW
AllocateAndInitializeSid
DuplicateEncryptionInfoFile
LogonUserA
EqualDomainSid
StartServiceCtrlDispatcherA
CreateServiceW
RegOpenCurrentUser
StartServiceW
RegQueryValueExA
GetExplicitEntriesFromAclW
CryptHashData
GetOldestEventLogRecord
CryptReleaseContext
ReportEventA

rpcrt4

NdrUserMarshalMarshall
RpcBindingFromStringBindingW
NdrConvert2
RpcBindingSetAuthInfoW
NdrAsyncServerCall

gdi32

SetROP2
SetICMProfileA
AddFontResourceExW
SetDCBrushColor
Ellipse
RestoreDC
DeleteDC
StartDocW
CombineRgn
GetCharABCWidthsFloatA
SetBrushOrgEx
DeleteColorSpace
CreateDIBitmap
BeginPath

urlmon

CopyBindInfo

netapi32

NetGroupDel
NetLocalGroupAddMember
NetLocalGroupGetMembers
NetGetAnyDCName
NetUserGetGroups

comctl32

ImageList_ReplaceIcon

oleaut32

VarBoolFromDate
VarBoolFromStr
VarR8FromUI1
VarR8FromUI4

secur32

AcquireCredentialsHandleA
DeleteSecurityContext
EnumerateSecurityPackagesW
GetUserNameExA

msacm32

acmFormatTagEnumW

user32

DlgDirListA
IsWindowVisible
OemToCharBuffA
wvsprintfW
GetDlgItemTextW
ShowWindow
CreateIconFromResourceEx
CopyAcceleratorTableA
GetCursorInfo
GetProcessWindowStation
CopyRect
UnhookWinEvent
LoadCursorA
SetMenuItemInfoW
GetForegroundWindow
CreateAcceleratorTableW
CreateWindowExW
GetWindowDC
GetLastInputInfo
FindWindowW
InvalidateRgn
MapVirtualKeyW
IsWindow
CreateCursor
VkKeyScanExA
MapWindowPoints
SetSysColors
DrawStateA

crypt32

CertCompareIntegerBlob
CertCreateSelfSignCertificate
CertOIDToAlgId
CryptMsgClose
CertGetCRLFromStore
CryptSIPRemoveSignedDataMsg
CryptHashPublicKeyInfo
CertVerifyTimeValidity
CertAlgIdToOID
CertSetCTLContextProperty

ole32

OleCreate
HDC_UserUnmarshal
OleCreateFromData
HDC_UserFree
WriteClassStm
StgOpenStorage

rasapi32

RasSetCredentialsW
RasGetAutodialAddressA

winspool.drv

GetPrinterDriverDirectoryW

esent

JetSeek
JetSetIndexRange

ws2_32

WSACleanup

mprapi

MprAdminMIBServerConnect
MprAdminInterfaceTransportAdd
MprAdminInterfaceSetInfo
MprConfigInterfaceGetInfo
MprConfigTransportGetHandle

winmm

midiOutShortMsg
mmioRead
midiOutLongMsg
waveOutGetDevCapsW
waveInGetNumDevs
mciGetErrorStringW
waveInStart
mmioSeek

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 796KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4510b96d0f513c8dcec70aeee299494

Headers

DLL Characteristics

File Characteristics

Imports

msvfw32

imm32

shell32

opengl32

clusapi

setupapi

shlwapi

winscard

mscms

lz32

kernel32

wininet

advapi32

rpcrt4

gdi32

urlmon

netapi32

comctl32

oleaut32

secur32

msacm32

user32

crypt32

ole32

rasapi32

winspool.drv

esent

ws2_32

mprapi

winmm

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.qdata Size: 796KB - Virtual size: 792KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 48KB - Virtual size: 51KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.qdata
Size: 796KB - Virtual size: 792KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 48KB - Virtual size: 51KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 16KB - Virtual size: 15KB