208be6f72138504fa331707e7deebaa96707fc92ca045bced84a702c300c571b

Sharing

Copy URL

Twitter E-mail

General

Target

208be6f72138504fa331707e7deebaa96707fc92ca045bced84a702c300c571b
Size

2.0MB
MD5

926e93d912d690f5c61c5c4716c1e87e
SHA1

c71fa0b9ded1c82aa9e3f1b3f50393eb3f790c96
SHA256

208be6f72138504fa331707e7deebaa96707fc92ca045bced84a702c300c571b
SHA512

cf9b9ee61a41aaa69e99be979d2e607acd30917cea419df33762edd3fd284cdd693e8615166cef4a36660d3c3089ce984815ef308cebb226962ee6c714141e3b
SSDEEP

24576:un9owynxsYTVjcSeNwoh7tJ5R95B20YDT1kFTFsQUXzr5dTD6AUCHuCopOQkjbpa:unyxzpc2oh7no0Sx+sBdTOGwpOQe5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
208be6f72138504fa331707e7deebaa96707fc92ca045bced84a702c300c571b

Files

208be6f72138504fa331707e7deebaa96707fc92ca045bced84a702c300c571b
.dll windows:5 windows x86 arch:x86

a17d5dc7c17a896044c88f0427c4020d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHQueryInfoKeyW
SHRegSetUSValueW
SHCreateShellPalette
PathIsDirectoryA
PathIsRootA

winmm

waveInGetNumDevs
mmioAscend
mmioRead
midiOutGetDevCapsW
midiStreamOut
midiInAddBuffer
mmioWrite
OpenDriver
midiInUnprepareHeader

wininet

InternetCrackUrlA
InternetGetConnectedState
InternetErrorDlg

esent

JetCommitTransaction
JetPrepareUpdate

winspool.drv

AddMonitorW

imm32

ImmSetConversionStatus

powrprof

WriteGlobalPwrPolicy

urlmon

URLOpenBlockingStreamA

msacm32

acmDriverAddW

opengl32

glPixelStorei

wintrust

CryptCATCDFEnumMembers
CryptCATCDFClose
IsCatalogFile
CryptCATHandleFromStore

gdi32

RectVisible
BeginPath
GetMetaFileBitsEx
Rectangle
Ellipse
SelectClipRgn
ExtEscape
SetColorSpace
GetViewportOrgEx
PolyPolygon
SetBkColor
AbortDoc
GetStockObject
CreateICA
CreateRectRgnIndirect
GetMetaFileA
CreatePen

advapi32

RegRestoreKeyW
CryptDeriveKey
LookupPrivilegeNameA
OpenServiceA
CryptDestroyHash
StartServiceCtrlDispatcherA
GetSecurityDescriptorSacl
GetCurrentHwProfileA
CryptReleaseContext
AccessCheckByTypeResultList
GetFileSecurityA
RegCloseKey
BackupEventLogW
MakeSelfRelativeSD
GetNumberOfEventLogRecords
OpenSCManagerW
CryptVerifySignatureA
GetKernelObjectSecurity

rasapi32

RasGetCustomAuthDataW
RasEnumEntriesW

secur32

EnumerateSecurityPackagesW
SetContextAttributesW
ImpersonateSecurityContext
InitializeSecurityContextA

user32

GetCursorPos
DestroyMenu
GetKeyboardLayout
ClipCursor
DlgDirListA
CharNextExA
RegisterDeviceNotificationA
GetUpdateRgn
IsCharLowerW
UnregisterClassA
InSendMessage
DrawStateW
GetClipboardFormatNameA
IsWindowUnicode
ShowWindow
OemKeyScan
GetKeyboardLayoutList
ScrollWindowEx
IsHungAppWindow
InsertMenuItemW
OpenInputDesktop
HideCaret
GetKeyNameTextA
CreateIcon
InSendMessageEx
UnregisterDeviceNotification
VkKeyScanExW
GetMonitorInfoA
FreeDDElParam
CharNextW
GetKeyboardLayoutNameW
CreateWindowExA

crypt32

CryptMsgVerifyCountersignatureEncoded
CryptVerifyMessageSignature
CryptVerifyCertificateSignature
CryptVerifyDetachedMessageSignature
CryptHashCertificate

mscms

InstallColorProfileW
GetColorProfileElement

kernel32

LocalLock
Thread32Next
SetStdHandle
VerLanguageNameA
CallNamedPipeA
EnumSystemCodePagesW
CreateDirectoryExW
DeleteCriticalSection
UnhandledExceptionFilter
OpenThread
GetBinaryTypeW
SetSystemTime
GlobalDeleteAtom
EndUpdateResourceA
Process32FirstW
WriteConsoleOutputA
GetEnvironmentStringsW
IsWow64Process
WaitForSingleObjectEx
QueueUserAPC
CreateActCtxW
CreateFileA
EnterCriticalSection
FormatMessageW
GetTimeFormatA
GetLongPathNameW
GlobalGetAtomNameA
SetLastError
GetModuleHandleA
GetTimeFormatW
CloseHandle
GetModuleFileNameA
WaitForSingleObject
UnregisterWaitEx

comctl32

ImageList_AddMasked

setupapi

CM_Get_HW_Prof_Flags_ExW
SetupDiDeleteDeviceInterfaceRegKey
CM_Get_Device_ID_Size_Ex
SetupDiSelectBestCompatDrv
SetupGetFileQueueCount
SetupInstallFromInfSectionW
SetupDiGetClassDescriptionExA
SetupDiGetClassInstallParamsW
SetupDiOpenDeviceInterfaceA
SetupDiGetDeviceRegistryPropertyW
CM_Open_Class_KeyW
CM_Set_DevNode_Registry_PropertyW
SetupDiEnumDeviceInfo

version

VerQueryValueW

lz32

LZSeek
GetExpandedNameW

rpcrt4

NdrAsyncClientCall
RpcServerTestCancel
NdrClientCall2
NdrAllocate
RpcServerUseProtseqExW

ole32

HMENU_UserFree
OleFlushClipboard
StgIsStorageILockBytes
CreatePointerMoniker
CoLockObjectExternal
CreateStreamOnHGlobal
OleConvertIStorageToOLESTREAMEx

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
DoEnvironmentSubstW
ExtractAssociatedIconA
SHEnumerateUnreadMailAccountsW
SHGetSpecialFolderPathA
SHGetMalloc
SHBrowseForFolderW

netapi32

NetSessionEnum
NetGroupAddUser
NetGroupSetUsers
NetLocalGroupAddMembers
NetShareCheck

msvfw32

ICCompressorFree

winscard

SCardReleaseContext
SCardSetCardTypeProviderNameW

mprapi

MprInfoBlockAdd
MprConfigGetGuidName
MprConfigBufferFree
MprAdminMIBEntryGetFirst
MprAdminInterfaceDelete

clusapi

ClusterResourceEnum
RestoreClusterDatabase

msvcrt

wcscoll
memset
fgets
setvbuf
putc
isupper

oleaut32

BSTR_UserUnmarshal
SafeArrayLock
LoadTypeLibEx

ws2_32

select

Sections

.text
Size: 1016KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 756KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a17d5dc7c17a896044c88f0427c4020d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

winmm

wininet

esent

winspool.drv

imm32

powrprof

urlmon

msacm32

opengl32

wintrust

gdi32

advapi32

rasapi32

secur32

user32

crypt32

mscms

kernel32

comctl32

setupapi

version

lz32

rpcrt4

ole32

shell32

netapi32

msvfw32

winscard

mprapi

clusapi

msvcrt

oleaut32

ws2_32

Sections

.text Size: 1016KB - Virtual size: 1013KB

.qdata Size: 756KB - Virtual size: 752KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 184KB - Virtual size: 185KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 76KB - Virtual size: 72KB

.text
Size: 1016KB - Virtual size: 1013KB

.qdata
Size: 756KB - Virtual size: 752KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 184KB - Virtual size: 185KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 76KB - Virtual size: 72KB