f1355d15946d4674a27c09f04bb652243306ac9a074cabbadc790a7329fbe6e7

Sharing

Copy URL Twitter E-mail

General

Target

f1355d15946d4674a27c09f04bb652243306ac9a074cabbadc790a7329fbe6e7
Size

2.4MB
MD5

551ee719da861bd73b4e99bdd88075fe
SHA1

3be31527d3dbebb0ec53c46f3186ca3f250f0596
SHA256

f1355d15946d4674a27c09f04bb652243306ac9a074cabbadc790a7329fbe6e7
SHA512

8e9383a857312351a4d267a32e5e334c6f2222ad07691e1b05f738f426c32c798c5ba727fd9e36c8b7940ae735369e6ece2e8f990f91e440b46a3a2114b95aa1
SSDEEP

49152:VKNG77bUqcsNmOtQfzJiOsLMgsAe1psz42iJ3zxdyW:V4GTKsNmOO9iJMgsAeIz3yld

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1355d15946d4674a27c09f04bb652243306ac9a074cabbadc790a7329fbe6e7

Files

f1355d15946d4674a27c09f04bb652243306ac9a074cabbadc790a7329fbe6e7
.dll windows:5 windows x86 arch:x86

819fa31fc58b15ff7dd083538c6dfdaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

CreateURLMoniker

shell32

SHLoadNonloadedIconOverlayIdentifiers
ShellExecuteExA
SHGetFileInfoA
ExtractAssociatedIconExW
DuplicateIcon

advapi32

RegNotifyChangeKeyValue
CryptGenRandom
AbortSystemShutdownW
CryptEnumProviderTypesW
GetServiceDisplayNameW
ImpersonateSelf
RegQueryInfoKeyW
DuplicateTokenEx
DestroyPrivateObjectSecurity
IsValidAcl
CreateProcessAsUserA
GetTrusteeNameW
OpenServiceW
ClearEventLogA
BuildTrusteeWithSidW
RegisterEventSourceA
ReportEventW
GetOldestEventLogRecord
ReportEventA

wininet

ReadUrlCacheEntryStream
HttpAddRequestHeadersW
HttpSendRequestW

netapi32

NetLocalGroupGetInfo
NetGroupGetUsers
NetSessionDel
NetServerTransportAddEx
NetLocalGroupDelMember

crypt32

PFXImportCertStore
PFXVerifyPassword
CryptSignMessage
CryptMsgGetParam
CertGetPublicKeyLength
CryptRegisterDefaultOIDFunction
CertFreeCRLContext
CertAddEncodedCertificateToStore

kernel32

SetProcessShutdownParameters
GetUserDefaultUILanguage
WaitForSingleObject
GetLogicalDrives
UnregisterWait
LocalLock
SetHandleInformation
DeleteFiber
GetConsoleCursorInfo
GenerateConsoleCtrlEvent
SetErrorMode
OpenSemaphoreA
EnterCriticalSection
VirtualUnlock
ReadConsoleA
Process32FirstW
SetComputerNameA
SetFilePointer
LoadLibraryExW
SetStdHandle
GetModuleHandleA
GetModuleFileNameA
CloseHandle
GetModuleFileNameW
GetBinaryTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetCPInfo
CreateFileA
GetLocaleInfoW
GetCommandLineA
WriteConsoleW
GlobalFree
WriteConsoleA
HeapSize
GetTimeZoneInformation
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
ReadFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
ExitProcess
InterlockedIncrement
IsValidCodePage
InterlockedDecrement
GetACP
GetOEMCP
GetFileType
CallNamedPipeA
OpenMutexW
TlsFree
WritePrivateProfileStructA
SetConsoleCP
SetConsoleOutputCP
CreateNamedPipeW
CancelIo
CreateEventW
CompareStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapFree
FatalAppExitA
GetModuleHandleW
GetProcAddress
GetConsoleOutputCP
GetTickCount
TlsGetValue
TlsAlloc
TlsSetValue
SetLastError
GetCurrentThreadId
GetLastError
GetStringTypeW
GetStringTypeA
DeleteCriticalSection
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCurrentThread
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
LeaveCriticalSection
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CompareStringW
FreeEnvironmentStringsA
SetEnvironmentVariableA

ws2_32

select

user32

CreateDialogIndirectParamA
GetDoubleClickTime
wsprintfW
DialogBoxIndirectParamA
EnableScrollBar
WaitMessage
SetClassLongW
DestroyCaret
SetWindowTextA
DlgDirSelectExA
GetCursor
SetCaretPos
IsCharUpperA
InSendMessage
ShowWindow
VkKeyScanExW
GrayStringW
UnionRect
DlgDirSelectComboBoxExA
GetUpdateRgn
OpenDesktopW
SendMessageA
GetMenuItemInfoW
GetKeyboardLayoutList
CreateWindowExA
MessageBoxA
CloseClipboard

version

VerFindFileW

secur32

AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW
GetComputerObjectNameW

rasapi32

RasGetEntryPropertiesW
RasEnumConnectionsA

msacm32

acmStreamOpen

gdi32

GetROP2
SetTextAlign
SetPixel
GetCurrentObject
SetDCBrushColor
CreateDIBPatternBrushPt
RealizePalette
GetTextColor
GetBoundsRect
GetGlyphOutlineW
SetBkMode
CreatePen

wintrust

CryptCATEnumerateAttr

msvfw32

DrawDibStop

imm32

ImmDisableTextFrameService

rpcrt4

I_RpcGetExtendedError
RpcMgmtSetCancelTimeout
RpcEpResolveBinding
IUnknown_AddRef_Proxy
RpcBindingSetAuthInfoExA

winscard

SCardReleaseContext
SCardIntroduceCardTypeW
SCardGetCardTypeProviderNameW

winspool.drv

GetPrinterDriverW

shlwapi

PathAddBackslashA
StrRetToBufW
PathCombineA
StrChrIA
StrRChrA
PathFileExistsA
StrStrIA
wvnsprintfW
AssocIsDangerous

lz32

LZCopy
GetExpandedNameW
LZOpenFileW

esent

JetMakeKey
JetInit

mscms

OpenColorProfileA
AssociateColorProfileWithDeviceW

winmm

mciGetErrorStringW
mixerSetControlDetails
mmioOpenW
waveOutWrite
mmioAscend
mciGetErrorStringA
timeKillEvent
mmioSeek
waveInClose

mprapi

MprConfigTransportGetHandle
MprAdminInterfaceGetInfo
MprAdminInterfaceSetCredentials
MprAdminConnectionGetInfo
MprConfigInterfaceTransportGetHandle

ole32

CoUninitialize
CreatePointerMoniker
PropVariantCopy
HICON_UserMarshal
StgOpenStorageOnILockBytes
CoQueryProxyBlanket

comctl32

ImageList_Destroy

opengl32

glTranslatef

clusapi

OpenCluster
ClusterRegCloseKey

oleaut32

VarBstrFromCy
SafeArrayPtrOfIndex
VarBoolFromCy
BSTR_UserMarshal

setupapi

SetupDiGetClassImageListExW
CM_Set_HW_Prof_Flags_ExW
SetupGetStringFieldW
CM_Query_Resource_Conflict_List
SetupUninstallOEMInfW
CM_Get_Device_ID_List_Size_ExW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInfoListDetailA
CM_Get_Child_Ex
CM_Locate_DevNode_ExW
CM_Get_Child
SetupDiEnumDeviceInfo
SetupDiSetDriverInstallParamsW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 992KB - Virtual size: 989KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

819fa31fc58b15ff7dd083538c6dfdaa

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

shell32

advapi32

wininet

netapi32

crypt32

kernel32

ws2_32

user32

version

secur32

rasapi32

msacm32

gdi32

wintrust

msvfw32

imm32

rpcrt4

winscard

winspool.drv

shlwapi

lz32

esent

mscms

winmm

mprapi

ole32

comctl32

opengl32

clusapi

oleaut32

setupapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.qdata Size: 992KB - Virtual size: 989KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 56KB - Virtual size: 63KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.qdata
Size: 992KB - Virtual size: 989KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 56KB - Virtual size: 63KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 20KB - Virtual size: 18KB