8c77aa911c05450b81f50c9fbe921514f69f61b1f9e9ad1dd8b557a586f78ace

Sharing

Copy URL Twitter E-mail

General

Target

8c77aa911c05450b81f50c9fbe921514f69f61b1f9e9ad1dd8b557a586f78ace
Size

2.5MB
MD5

aa86efe05c4da57c109370f3c027ef8e
SHA1

1f6096532ec58aa15d1a542fff25ca7058e91a83
SHA256

8c77aa911c05450b81f50c9fbe921514f69f61b1f9e9ad1dd8b557a586f78ace
SHA512

4358724fbf966f33850e1fabfa67ff5de6019c5019ccf5b7aa3fb42eae4df78fc3960c0e8932d261d1eec3ca6927602e748934c0d3235c01af377a178757b078
SSDEEP

49152:Y192IG7xj/7/biDCbrrhb+tWCn4r+e4NTbK/sC1frv3HcYvhjoMvoQ0:Y72RFjiDCbsK+LTY73fvhMa/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c77aa911c05450b81f50c9fbe921514f69f61b1f9e9ad1dd8b557a586f78ace

Files

8c77aa911c05450b81f50c9fbe921514f69f61b1f9e9ad1dd8b557a586f78ace
.dll windows:5 windows x86 arch:x86

d6e7f92c581617c9bc1585b9dba1b2fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
NotifyBootConfigStatus
AddAccessDeniedAce
CryptAcquireContextW
SetSecurityDescriptorGroup
SetEntriesInAclA
LookupPrivilegeValueW
DuplicateEncryptionInfoFile
InitializeSecurityDescriptor
ConvertToAutoInheritPrivateObjectSecurity
CreatePrivateObjectSecurityEx
RegCloseKey
FreeEncryptionCertificateHashList
RegSetValueExA
ObjectCloseAuditAlarmW
CryptGenRandom
RegSetValueExW
MapGenericMask
SaferCloseLevel

kernel32

TerminateProcess
GetModuleFileNameA
GetSystemTimeAsFileTime
LoadLibraryW
SetSystemTime
WriteProfileStringW
GetModuleHandleA
DeleteCriticalSection
TransactNamedPipe
CloseHandle
GetTimeFormatW
FileTimeToLocalFileTime
WaitForSingleObjectEx
VerLanguageNameA
FreeEnvironmentStringsW
WriteConsoleInputW
SetEndOfFile
CreateFileA
GetCurrentDirectoryW
Process32FirstW
SetStdHandle
PrepareTape
CreateFileW
GetNumaHighestNodeNumber
CommConfigDialogA
GetCPInfoExW
FindFirstChangeNotificationW
GetPriorityClass
GetShortPathNameA
IsWow64Process
WaitForSingleObject
EnterCriticalSection

ws2_32

select

imm32

ImmGetOpenStatus

version

GetFileVersionInfoSizeA

msvfw32

ICOpenFunction

comctl32

DestroyPropertySheetPage

opengl32

glTranslated

shell32

SHGetSpecialFolderPathA
SHFormatDrive
ShellExecuteA
SHAppBarMessage
DuplicateIcon
SHGetMalloc

urlmon

IsAsyncMoniker

lz32

LZOpenFileW
LZInit
GetExpandedNameW

rasapi32

RasGetConnectionStatistics
RasEnumEntriesW

wintrust

WTHelperGetProvSignerFromChain
CryptCATEnumerateCatAttr
FindCertsByIssuer
CryptCATOpen
CryptCATCDFOpen

secur32

QueryCredentialsAttributesW
RevertSecurityContext
GetComputerObjectNameW
QuerySecurityContextToken

msvcrt

fgets
free
putc
clearerr
wcscoll

netapi32

NetGroupSetUsers
NetGroupGetInfo
NetLocalGroupGetMembers
NetLocalGroupAddMembers

winscard

SCardReconnect
SCardListReaderGroupsA
SCardDisconnect

ole32

CreateBindCtx
CoMarshalInterThreadInterfaceInStream
CreateILockBytesOnHGlobal
HICON_UserUnmarshal
MonikerRelativePathTo
HDC_UserFree
OleNoteObjectVisible

rpcrt4

RpcMgmtInqServerPrincNameW
RpcServerInqBindings
RpcErrorStartEnumeration
I_RpcExceptionFilter

setupapi

SetupGetTargetPathW
SetupPrepareQueueForRestoreW
CM_Is_Dock_Station_Present
SetupDiEnumDeviceInfo
CM_Get_Device_Interface_List_Size_ExW
SetupDiDestroyDeviceInfoList
CM_Reenumerate_DevNode
SetupDiBuildClassInfoListExW
CM_Set_HW_Prof_Flags_ExW
SetupGetInfInformationW
SetupSetNonInteractiveMode
SetupDiGetSelectedDevice
SetupQueueDeleteW

esent

JetEndSession
JetCloseTable

mscms

GetStandardColorSpaceProfileW
IsColorProfileValid

gdi32

EnumFontFamiliesExA
GetGlyphOutlineW
GetBitmapBits
CreateICW
CopyEnhMetaFileW
GetMiterLimit
CreateEllipticRgnIndirect
StartDocA
GetStockObject
TextOutW
SetPixelV
CreatePolygonRgn
SetMetaFileBitsEx

winmm

mciSendStringW
timeKillEvent
mmioClose
waveOutUnprepareHeader
timeGetDevCaps
GetDriverModuleHandle
waveInReset
midiOutGetDevCapsW

crypt32

CryptSignMessage
PFXExportCertStore
CertCreateCertificateContext
CertGetCertificateChain

msacm32

acmFormatEnumW

oleaut32

VarR8FromI2
LoadTypeLibEx
VariantChangeType

shlwapi

StrChrIW
PathAppendA
StrChrIA
StrCmpNW
StrCmpNA
StrCmpNIA
PathIsUNCA
SHSetValueW
PathIsFileSpecW

user32

keybd_event
ReleaseCapture
GetDlgCtrlID
LoadStringW
EnumThreadWindows
VkKeyScanExW
IsCharUpperW
GetUpdateRgn
GetSubMenu
MapVirtualKeyExA
CreateDesktopA
ToUnicodeEx
AllowSetForegroundWindow
GetClassInfoW
SetWindowPos
ShowWindow
mouse_event
SetProcessWindowStation
DlgDirListComboBoxW
PostMessageW
CreateDialogIndirectParamW
TrackPopupMenuEx
EqualRect
CreateWindowExA
CloseClipboard
CreateAcceleratorTableA
CreatePopupMenu
SetKeyboardState

winspool.drv

EnumPrintProcessorsW

mprapi

MprInfoBlockRemove
MprAdminInterfaceTransportAdd
MprAdminUserSetInfo
MprConfigTransportSetInfo
MprAdminConnectionEnum

wininet

InternetSetOptionA
InternetErrorDlg
CommitUrlCacheEntryA

clusapi

GetNodeClusterState
ClusterResourceEnum

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6e7f92c581617c9bc1585b9dba1b2fa

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

imm32

version

msvfw32

comctl32

opengl32

shell32

urlmon

lz32

rasapi32

wintrust

secur32

msvcrt

netapi32

winscard

ole32

rpcrt4

setupapi

esent

mscms

gdi32

winmm

crypt32

msacm32

oleaut32

shlwapi

user32

winspool.drv

mprapi

wininet

clusapi

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.crt0 Size: 8KB - Virtual size: 4KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 84KB - Virtual size: 85KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 40KB - Virtual size: 37KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.crt0
Size: 8KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 84KB - Virtual size: 85KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 40KB - Virtual size: 37KB