b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af

Sharing

Copy URL

Twitter E-mail

General

Target

b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af
Size

1.9MB
MD5

440e0bb23f5d42ed089a8387d85390b0
SHA1

71ec9c94f216353234d4e2da3f9f2cbe93b9f479
SHA256

b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af
SHA512

3d951496dc7c208acbbd8794bb0b412cf93f65c08f69a9a28332f313b0d342d2b7bf1c5ba3b10dba1457ebb2aedbfb9f43989e35e292b5ac59110826717aafe0
SSDEEP

49152:J7bfBmwdze9YO8bbIAv1IoDLepDuDCyxXbPMkTu:tBBz6Y5bbIQIpDDgXFT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af

Files

b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af
.dll windows:5 windows x86 arch:x86

fdc3832da68fe4203fb5925e92a57b2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

secur32

AcquireCredentialsHandleA
MakeSignature
InitializeSecurityContextA
QueryContextAttributesA

ole32

PropVariantCopy
CoLockObjectExternal
CoFreeLibrary
OleLoadFromStream
OleMetafilePictFromIconAndLabel
StgCreatePropStg
CoQueryProxyBlanket

urlmon

CoInternetSetFeatureEnabled
IsAsyncMoniker

winmm

mixerGetID
midiOutGetDevCapsW
PlaySoundW
waveOutGetDevCapsW
GetDriverModuleHandle
waveInGetPosition
mmioDescend
waveInClose
midiOutMessage

setupapi

CM_Locate_DevNode_ExW
SetupDiGetDeviceInfoListDetailA
CM_Disable_DevNode
SetupDiGetClassImageListExW
CM_Get_Device_ID_List_SizeW
SetupDiGetINFClassW
CM_Open_Class_KeyW
CM_Get_Device_ID_Size_Ex
SetupDiGetDeviceRegistryPropertyA
SetupGetLineTextW
SetupFindNextMatchLineW
SetupDiGetClassInstallParamsW
SetupDiEnumDeviceInfo

comctl32

ImageList_AddMasked

wininet

InternetSetCookieA
InternetTimeFromSystemTimeA
HttpSendRequestW

wintrust

IsCatalogFile
WintrustLoadFunctionPointers
CryptCATAdminRemoveCatalog
CryptCATAdminEnumCatalogFromHash

user32

SwapMouseButton
ShowWindow
VkKeyScanExW
CallMsgFilterA
SetLayeredWindowAttributes
GetWindowContextHelpId
CreateWindowExW
FreeDDElParam
GetDlgItem
InflateRect
GetClipboardFormatNameA
PostMessageW
SendMessageCallbackA
SetTimer
MessageBoxExW
CopyImage
CreateWindowExA
GetSystemMetrics
IsCharLowerW
ExcludeUpdateRgn
ToAsciiEx
GetClipCursor
SetMenuDefaultItem
LoadKeyboardLayoutW
ToUnicodeEx
EndMenu
keybd_event
TabbedTextOutA
GetUpdateRgn
LockWindowUpdate

winspool.drv

DeletePrinterDriverExW

rpcrt4

NdrAllocate
RpcBindingInqAuthClientW
NdrAsyncServerCall
RpcStringBindingParseA
I_RpcGetExtendedError

imm32

ImmGetCandidateListW

opengl32

glEvalCoord1f

crypt32

CryptMsgDuplicate
CertAlgIdToOID
CertFindChainInStore
CryptBinaryToStringA
PFXVerifyPassword
PFXExportCertStore

kernel32

GetTimeFormatW
GetModuleHandleA
IsWow64Process
GenerateConsoleCtrlEvent
MoveFileA
GetConsoleOutputCP
FillConsoleOutputCharacterA
GetStartupInfoW
GetSystemDefaultUILanguage
UnregisterWait
CreateProcessW
TlsFree
EnterCriticalSection
Process32FirstW
SetStdHandle
OpenWaitableTimerW
GetFileTime
CloseHandle
CallNamedPipeW
WaitForSingleObject
SetCriticalSectionSpinCount
EnumSystemCodePagesA
SetLocaleInfoW
CreateEventA
GetPriorityClass
CreateFileMappingA
CallNamedPipeA
QueryDepthSList
WaitForSingleObjectEx
LocalLock
OpenMutexW
SetMailslotInfo
DuplicateHandle
SetUserGeoID
CreateHardLinkW
GetModuleFileNameA
ReplaceFileA

shell32

ExtractIconW
SHGetPathFromIDListW
ExtractAssociatedIconA
SHChangeNotify
SHGetMalloc
ShellExecuteExA
SHGetSpecialFolderPathW
SHGetFileInfoA
SHBrowseForFolderW

lz32

LZClose
LZSeek
GetExpandedNameW

advapi32

StartServiceCtrlDispatcherA
RegEnumKeyA
RegNotifyChangeKeyValue
RegConnectRegistryA
LookupAccountNameW
CryptContextAddRef
QueryServiceStatusEx
GetKernelObjectSecurity
QueryServiceConfig2W
GetEffectiveRightsFromAclW
BuildTrusteeWithSidW
SetEntriesInAclW
AreAnyAccessesGranted
BuildTrusteeWithNameW
OpenSCManagerA
CreatePrivateObjectSecurityEx
AccessCheckByType
RegisterEventSourceA
GetServiceKeyNameA

shlwapi

PathIsURLW
PathCreateFromUrlA
StrDupA
StrStrIA
SHSetValueA
PathGetCharTypeA

clusapi

CloseCluster
RestoreClusterDatabase

mscms

GetStandardColorSpaceProfileW
OpenColorProfileA

netapi32

NetQueryDisplayInformation
NetGroupAddUser
NetGroupGetInfo
NetUserSetGroups
NetSessionGetInfo

ws2_32

select

gdi32

SetDIBitsToDevice
GetTextMetricsA
PolyPolygon
GetDeviceGammaRamp
Polygon
ScaleWindowExtEx
GetObjectA
GetMetaFileA
SetMiterLimit
GetCharWidthFloatA
SetColorSpace
GetMapMode
GetDCOrgEx
CreateDiscardableBitmap
SelectObject

msvfw32

DrawDibStop

oleaut32

GetActiveObject
LoadTypeLibEx
CreateTypeLi

winscard

SCardListCardsA
SCardForgetCardTypeW
SCardListInterfacesA

msacm32

acmFormatEnumW

mprapi

MprAdminMIBEntrySet
MprConfigInterfaceDelete
MprConfigTransportCreate
MprAdminConnectionEnum
MprAdminInterfaceCreate

msvcrt

memset
wcscoll
fgets
strtol
putc
toupper

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

rasapi32

RasGetSubEntryPropertiesA
RasGetConnectStatusW

esent

JetInit2
JetEscrowUpdate

Sections

.text
Size: 1020KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 760KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdc3832da68fe4203fb5925e92a57b2b

Headers

DLL Characteristics

File Characteristics

Imports

secur32

ole32

urlmon

winmm

setupapi

comctl32

wininet

wintrust

user32

winspool.drv

rpcrt4

imm32

opengl32

crypt32

kernel32

shell32

lz32

advapi32

shlwapi

clusapi

mscms

netapi32

ws2_32

gdi32

msvfw32

oleaut32

winscard

msacm32

mprapi

msvcrt

version

rasapi32

esent

Sections

.text Size: 1020KB - Virtual size: 1017KB

.qdata Size: 760KB - Virtual size: 756KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 96KB - Virtual size: 97KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 1020KB - Virtual size: 1017KB

.qdata
Size: 760KB - Virtual size: 756KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 96KB - Virtual size: 97KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 40KB - Virtual size: 39KB