8ef491a06e8ceac0fcb794199e60dbd45833a31bd82629c679d8de06f0c8e73b

Sharing

Copy URL Twitter E-mail

General

Target

8ef491a06e8ceac0fcb794199e60dbd45833a31bd82629c679d8de06f0c8e73b
Size

2.7MB
MD5

e718c37e9f5eb755c37d9288c01742c3
SHA1

34c6f4e8b92d4c80bfd60bddbfc1d25ce83a481a
SHA256

8ef491a06e8ceac0fcb794199e60dbd45833a31bd82629c679d8de06f0c8e73b
SHA512

f2025d90cff64e107dd9c1ec11854f904b5e8f20cce6ecd136c324e1367e8dbe4a4c97f307715017fd4f036b45633cc99a23e0f18365ff464059d2efa0eff1e1
SSDEEP

49152:s2Ks2sE4iEHa6aPsv1lyHwKaXDGlfgA3WJfLPISpV:sHHsE4Fn1lZKaTAgAGPI4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ef491a06e8ceac0fcb794199e60dbd45833a31bd82629c679d8de06f0c8e73b

Files

8ef491a06e8ceac0fcb794199e60dbd45833a31bd82629c679d8de06f0c8e73b
.dll windows:5 windows x86 arch:x86

4df45a9e437230cf044ee42b3c5e0be5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

BSTR_UserUnmarshal
SafeArrayLock
LoadTypeLibEx

wintrust

CryptCATHandleFromStore
CryptCATAdminEnumCatalogFromHash
IsCatalogFile
CryptCATCDFClose

advapi32

MakeSelfRelativeSD
GetKernelObjectSecurity
GetCurrentHwProfileA
AccessCheckByTypeResultList
RegRestoreKeyW
GetFileSecurityA
OpenSCManagerW
BackupEventLogW
RegCloseKey
CryptDeriveKey
GetNumberOfEventLogRecords
CryptVerifySignatureA
GetSecurityDescriptorSacl
OpenServiceA
CryptDestroyHash
StartServiceCtrlDispatcherA
LookupPrivilegeNameA

shell32

DuplicateIcon
SHGetMalloc
SHGetSpecialFolderPathA
CommandLineToArgvW
DoEnvironmentSubstW
Shell_NotifyIconW
SHEnumerateUnreadMailAccountsW

kernel32

Process32FirstW
GetTimeFormatA
IsWow64Process
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteConsoleOutputA
SetSystemTime
GlobalGetAtomNameA
GetLongPathNameW
CreateFileA
CallNamedPipeA
VerLanguageNameA
FormatMessageW
EndUpdateResourceA
QueryDepthSList
EnterCriticalSection
LoadLibraryExA
GetModuleHandleA
GetTimeFormatW
CloseHandle
GetModuleFileNameA
EnumSystemCodePagesW
LocalLock
WaitForSingleObjectEx
QueueUserAPC
DeleteCriticalSection
UnregisterWaitEx
SetStdHandle
SetTimerQueueTimer
SetFileAttributesA
GetDiskFreeSpaceA
WaitForSingleObject
SetLastError
GlobalDeleteAtom

shlwapi

PathIsDirectoryA
SHRegSetUSValueW
StrRChrW
StrStrA
StrToIntA
PathIsPrefixA
SHQueryInfoKeyW

rpcrt4

NdrAllocate
RpcGetAuthorizationContextForClient
RpcServerUseProtseqExW
NdrClientCall2
RpcServerTestCancel

rasapi32

RasGetSubEntryPropertiesA
RasGetCustomAuthDataW

opengl32

glPixelStorei

secur32

InitializeSecurityContextA
SetContextAttributesW
EnumerateSecurityPackagesW
ImpersonateSecurityContext

user32

GetWindowThreadProcessId
CreateWindowExA
VkKeyScanExW
ClipCursor
GetUpdateRgn
GetMonitorInfoA
SetThreadDesktop
AllowSetForegroundWindow
GetClipboardFormatNameA
GetKeyNameTextA
InsertMenuItemW
IsCharLowerW
GetKeyboardLayoutList
CreateIcon
OemKeyScan
ShowWindow
CharNextExA
DlgDirListA
CharNextW
HideCaret
OpenInputDesktop
InSendMessage
FreeDDElParam
RegisterDeviceNotificationA
ScrollWindowEx
IsHungAppWindow
DrawStateW
InSendMessageEx

msvfw32

ICCompressorFree

winscard

SCardSetCardTypeProviderNameW
SCardReleaseContext

winmm

midiStreamOut
midiOutGetDevCapsW
waveInGetNumDevs
mmioRead
mmioWrite
midiInUnprepareHeader
waveOutSetPitch
waveInGetPosition
OpenDriver

mprapi

MprInfoBlockAdd
MprAdminMIBEntryGetFirst
MprAdminServerConnect
MprConfigBufferFree
MprConfigGetGuidName

esent

JetUpdate
JetPrepareUpdate

urlmon

URLOpenBlockingStreamA

ws2_32

select

version

VerQueryValueW

ole32

CreateStreamOnHGlobal
HGLOBAL_UserUnmarshal
CreatePointerMoniker
HMENU_UserFree
StgIsStorageILockBytes
OleFlushClipboard
OleConvertIStorageToOLESTREAMEx

msacm32

acmDriverAddW

imm32

ImmSetConversionStatus

winspool.drv

AddMonitorW

netapi32

NetLocalGroupAdd
NetGroupAddUser
NetSessionGetInfo
NetSessionEnum
NetLocalGroupAddMembers

wininet

InternetErrorDlg
InternetCrackUrlA
InternetGetConnectedState

comctl32

ImageList_AddMasked

lz32

LZSeek
GetExpandedNameW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassInstallParamsW
SetupInstallFromInfSectionW
CM_Get_Device_ID_Size_Ex
SetupDiSelectBestCompatDrv
CM_Open_Class_KeyW
CM_Get_HW_Prof_Flags_ExW
SetupDiOpenDeviceInterfaceA
SetupDiGetDeviceRegistryPropertyW
CM_Get_Child_Ex
CM_Set_DevNode_Registry_PropertyW

clusapi

RestoreClusterDatabase
ClusterResourceEnum

msvcrt

isprint
putc
fgets
wcscoll
isupper

gdi32

BeginPath
GetMetaFileBitsEx
CreateRectRgnIndirect
PolyPolygon
CreateICA
SetColorSpace
ExtEscape
AbortDoc
GetStockObject
RectVisible
CreatePen
GetMetaFileA
GetViewportOrgEx

mscms

GetColorProfileElement
InstallColorProfileW

crypt32

CryptVerifyCertificateSignature
CryptHashCertificate
CryptVerifyDetachedMessageSignature
CryptVerifyMessageSignature
CryptMsgVerifyCountersignatureEncodedEx

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4df45a9e437230cf044ee42b3c5e0be5

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

wintrust

advapi32

shell32

kernel32

shlwapi

rpcrt4

rasapi32

opengl32

secur32

user32

msvfw32

winscard

winmm

mprapi

esent

urlmon

ws2_32

version

ole32

msacm32

imm32

winspool.drv

netapi32

wininet

comctl32

lz32

setupapi

clusapi

msvcrt

gdi32

mscms

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.qdata Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 72KB - Virtual size: 70KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.qdata
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 72KB - Virtual size: 70KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 36KB - Virtual size: 33KB