5c1af84e7c5343b64b599914e82b295662ca3e0c537596d2751e83d6d24a1b4e

Sharing

Copy URL Twitter E-mail

General

Target

5c1af84e7c5343b64b599914e82b295662ca3e0c537596d2751e83d6d24a1b4e
Size

2.8MB
MD5

bdeddbe1d92e70b54d227f372b2d68b9
SHA1

40d537cc4a5ff7340b52d4da436e2f9b032de8c2
SHA256

5c1af84e7c5343b64b599914e82b295662ca3e0c537596d2751e83d6d24a1b4e
SHA512

537320b60e7eac7d344e24257a4c13b6253a41209f3cfcb09d5dfa8816a266e78a2a91129b62cccfba34d2884093d92adf6613799e7610806343e256c3ba7465
SSDEEP

49152:XS3uamTfcSiYbYtk+oh8R5IeTafHTeBQ+AqHSOR8Zu4vgqngyIwqX:XMRm7bi04U8nImy6RAqHSOR1qgxX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c1af84e7c5343b64b599914e82b295662ca3e0c537596d2751e83d6d24a1b4e

Files

5c1af84e7c5343b64b599914e82b295662ca3e0c537596d2751e83d6d24a1b4e
.dll windows:5 windows x86 arch:x86

4291c5bd0636ffb94ac3dc4872c854ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscms

GetColorProfileHeader
DisassociateColorProfileFromDeviceW

lz32

LZOpenFileW
LZCopy
GetExpandedNameW

msacm32

acmStreamUnprepareHeader

netapi32

NetLocalGroupGetInfo
NetShareEnumSticky
NetUserGetGroups
NetLocalGroupGetMembers
NetSessionEnum

shell32

SHOpenFolderAndSelectItems
DuplicateIcon
DragFinish

advapi32

ChangeServiceConfigW
CryptExportKey
GetOldestEventLogRecord
DuplicateTokenEx
GetUserNameW
CryptGenKey
ClearEventLogA
RegSetValueA
AllocateLocallyUniqueId
SetKernelObjectSecurity
OpenServiceW
SaferComputeTokenFromLevel
GetLengthSid
RegSaveKeyA
OpenBackupEventLogW
RegNotifyChangeKeyValue
SetSecurityDescriptorControl
GetSidIdentifierAuthority
GetServiceDisplayNameW

setupapi

CM_Connect_MachineW
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverA
CM_Get_Next_Log_Conf
SetupDiEnumDeviceInterfaces
SetupGetInfInformationW
CM_Get_Device_Interface_ListW
CM_Get_Device_ID_List_Size_ExW
SetupDiEnumDeviceInfo
SetupGetLineByIndexW
SetupDiClassNameFromGuidExW
CM_Free_Resource_Conflict_Handle

rasapi32

RasEnumConnectionsA
RasEnumAutodialAddressesW

version

VerQueryValueW
GetFileVersionInfoSizeA

opengl32

glTranslatef

crypt32

CryptSignMessage
CryptRegisterDefaultOIDFunction
CryptMsgClose
CertDuplicateStore
CryptSignAndEncodeCertificate
PFXImportCertStore
CertVerifyValidityNesting
CertAddStoreToCollection
CertCreateContext

oleaut32

BSTR_UserMarshal
VarR4FromStr
VarI2FromR4
VarR4FromDate

rpcrt4

RpcEpResolveBinding
RpcBindingSetAuthInfoExA
NdrUserMarshalBufferSize
RpcMgmtSetCancelTimeout
I_RpcServerRegisterForwardFunction

shlwapi

StrStrIA
StrFormatByteSizeA
StrCpyNW
AssocIsDangerous
SHGetValueW
StrStrW
StrChrIA
PathIsUNCServerShareW
PathFileExistsA
wvnsprintfW

ole32

RegisterDragDrop
CoFreeLibrary
CoInitializeSecurity
CoUnmarshalInterface
GetHGlobalFromStream
HICON_UserUnmarshal

wintrust

CryptCATEnumerateAttr

imm32

ImmEscapeW

esent

JetMakeKey
JetMove

clusapi

ClusterRegCloseKey
ClusterResourceEnum

winspool.drv

SetPortW

urlmon

CreateURLMoniker

winmm

mmioRead
timeKillEvent
waveInClose
auxGetNumDevs
waveInGetDevCapsW
mmioClose
waveOutWrite
waveOutOpen

comctl32

ImageList_Destroy

kernel32

VirtualFree
HeapDestroy
WriteFile
HeapAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetConsoleCtrlHandler
ReadFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
HeapReAlloc
GetDateFormatA
GetTimeFormatA
FreeLibrary
Sleep
FatalAppExitA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
IsDebuggerPresent
InterlockedExchange
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
HeapSize
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetEnvironmentStringsW
SetHandleCount
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThread
GetLastError
GetCurrentThreadId
SetLastError
TlsFree
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
ExitProcess
FreeEnvironmentStringsA
WaitNamedPipeA
GetUserGeoID
GetLogicalDrives
ClearCommBreak
EnterCriticalSection
WritePrivateProfileStructA
SetProcessShutdownParameters
GetDefaultCommConfigA
Process32FirstW
HeapCreate
TlsSetValue
DeleteFiber
GetSystemTimeAdjustment
ReadConsoleA
IsBadStringPtrA
GetTimeZoneInformation
GetTempFileNameA
LoadLibraryExW
IsWow64Process
ExpandEnvironmentStringsW
OpenMutexW
HeapFree
SetStdHandle
SetFilePointer
GenerateConsoleCtrlEvent
GlobalHandle
IsValidCodePage
WriteFileEx
PostQueuedCompletionStatus
FileTimeToDosDateTime
GetModuleHandleA
GetModuleFileNameA
CloseHandle
GetModuleFileNameW
GetBinaryTypeA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
SetHandleInformation

mprapi

MprConfigInterfaceDelete
MprAdminMIBServerDisconnect
MprAdminInterfaceTransportSetInfo
MprAdminInterfaceSetCredentials
MprAdminConnectionGetInfo

msvfw32

ICDraw

user32

GetDoubleClickTime
DrawFrameControl
ScreenToClient
GetLastInputInfo
VkKeyScanA
ValidateRgn
ShowScrollBar
GetCursor
CreateDialogParamW
EnumDisplayMonitors
DlgDirSelectComboBoxExA
VkKeyScanExW
ShowWindow
OpenInputDesktop
GetThreadDesktop
EnableScrollBar
IsCharUpperW
CreateWindowExA
IsClipboardFormatAvailable
SetCaretPos
WaitMessage
GrayStringW
GetUpdateRgn
InSendMessage
CloseClipboard
GetOpenClipboardWindow
DestroyCaret
DlgDirSelectExA

ws2_32

select

wininet

HttpSendRequestW
FindFirstUrlCacheGroup
InternetQueryOptionW

secur32

QuerySecurityPackageInfoW
QueryContextAttributesW
QueryCredentialsAttributesW
FreeContextBuffer

gdi32

GetROP2
GetMapMode
GetBkMode
GetObjectW
SetTextAlign
InvertRgn
StartPage
GetGlyphOutlineW
GetDIBits
GetCurrentObject
GetBoundsRect
SetBkMode
GetTextExtentPointW

winscard

SCardGetCardTypeProviderNameW
SCardIntroduceCardTypeW
SCardReleaseContext

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4291c5bd0636ffb94ac3dc4872c854ed

Headers

DLL Characteristics

File Characteristics

Imports

mscms

lz32

msacm32

netapi32

shell32

advapi32

setupapi

rasapi32

version

opengl32

crypt32

oleaut32

rpcrt4

shlwapi

ole32

wintrust

imm32

esent

clusapi

winspool.drv

urlmon

winmm

comctl32

kernel32

mprapi

msvfw32

user32

ws2_32

wininet

secur32

gdi32

winscard

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.qdata Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 220KB - Virtual size: 227KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.qdata
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 220KB - Virtual size: 227KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 44KB - Virtual size: 43KB