ad7c2ba38915b46f2b17eff34319a53f2b156e1c38d5191d656a3f4d9cde0cd5

Sharing

Copy URL Twitter E-mail

General

Target

ad7c2ba38915b46f2b17eff34319a53f2b156e1c38d5191d656a3f4d9cde0cd5
Size

146KB
MD5

31d85dadd85184b87859f5bac48219bf
SHA1

9a3334f62317d049508907e24e2f2eee49cf9cb9
SHA256

ad7c2ba38915b46f2b17eff34319a53f2b156e1c38d5191d656a3f4d9cde0cd5
SHA512

b642876d50de62c9344dc786ed7a79872aa9592c7a832dc8e91b82fda118b898b23b3257950539111468893ecee0ebf547959e3d49c0277e0ef1f19edb7db31e
SSDEEP

1536:hhXMhDTXpsweQ23KUaZiMd9BuV1P9zioK7grjCrLSY1Pz2ePSbCU9zeZsWcdB9d:rCDRP3bm1PVagr6FZtPSmU9b53e3LC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad7c2ba38915b46f2b17eff34319a53f2b156e1c38d5191d656a3f4d9cde0cd5

Files

ad7c2ba38915b46f2b17eff34319a53f2b156e1c38d5191d656a3f4d9cde0cd5
.dll windows:6 windows x64 arch:x64

a811117e0995301f0df8cc47ceec9dea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
lstrcatW
CloseHandle
GetNativeSystemInfo
HeapAlloc
GetWindowsDirectoryW
GetFileSize
ExitProcess
ReadProcessMemory
GetProcessHeap
GetLastError
WideCharToMultiByte
IsWow64Process
VirtualQueryEx
GetModuleHandleW
WriteConsoleW
OpenProcess
CreateFileW
CreateMutexW
GetModuleFileNameW
OutputDebugStringA
ExpandEnvironmentStringsW
GetCurrentProcess
GetModuleFileNameA
GetProcAddress
CopyFileW
GetModuleHandleA
GetConsoleMode
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
GetModuleHandleExW
HeapFree
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP

shlwapi

PathRemoveFileSpecW
StrStrIA

Exports

Exports

T1
T10
T11
T12
T13
T14
T15
T16
T17
T18
T19
T2
T20
T21
T22
T23
T24
T25
T26
T27
T28
T29
T3
T30
T31
T32
T33
T34
T35
T4
T5
T6
T7
T8
T9

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a811117e0995301f0df8cc47ceec9dea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 2KB - Virtual size: 1KB