86dd8ebc5c9e308e336259249776c4ac4e61a8bf383e24dccf6e3e6f44cc5c2d

Sharing

Copy URL

Twitter E-mail

General

Target

86dd8ebc5c9e308e336259249776c4ac4e61a8bf383e24dccf6e3e6f44cc5c2d
Size

1.8MB
MD5

02a41df19d9f9fbc419d9609e28c22a1
SHA1

ce350b4380e2c972f5806801294c7af0673efb9e
SHA256

86dd8ebc5c9e308e336259249776c4ac4e61a8bf383e24dccf6e3e6f44cc5c2d
SHA512

b19c611188349794a1219a5e460bc1ccd58c69f3b812c62030d860b3f48b3b1d0f585c37ee3c45b8fbf708df0baf6932329ba5a78c3f6ab813e2b49c4b7200aa
SSDEEP

49152:K2J5cHK2B5oH0BKGt2aWBz6lZAVsv8lQ:jcHKCoH2t2aCiAVso

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86dd8ebc5c9e308e336259249776c4ac4e61a8bf383e24dccf6e3e6f44cc5c2d

Files

86dd8ebc5c9e308e336259249776c4ac4e61a8bf383e24dccf6e3e6f44cc5c2d
.dll windows:5 windows x86 arch:x86

8d13a7447d23b3148af0805328532d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscms

AssociateColorProfileWithDeviceW
IsColorProfileValid

lz32

LZOpenFileW
GetExpandedNameW

wininet

CommitUrlCacheEntryA
InternetCreateUrlW
InternetCrackUrlW

comctl32

ImageList_GetImageCount

msacm32

acmFormatEnumW

kernel32

GetQueuedCompletionStatus
WriteProfileStringW
WritePrivateProfileSectionA
GetSystemTimeAsFileTime
CreateFileA
SetProcessShutdownParameters
EnumResourceTypesA
CreateFileMappingA
GetModuleFileNameA
GetModuleHandleA
OpenWaitableTimerW
CloseHandle
WriteConsoleInputW
Process32First
LocalReAlloc
FindFirstChangeNotificationA
FoldStringW
WaitForSingleObjectEx
Process32FirstW
SetStdHandle
EnterCriticalSection
GetTimeFormatW
SwitchToFiber
DeleteCriticalSection
FillConsoleOutputCharacterW
LoadLibraryExA
IsWow64Process
FlushViewOfFile
GetTimeFormatA
WaitForSingleObject
TerminateProcess

winspool.drv

EnumPrintProcessorsW

esent

JetCloseTable
JetGetBookmark

shlwapi

StrCmpNA
UrlGetPartW
SHCreateStreamOnFileEx
PathIsDirectoryEmptyW
StrToIntA
StrChrIW

rasapi32

RasGetConnectionStatistics
RasEnumEntriesW

crypt32

PFXExportCertStore
CryptSIPCreateIndirectData
CertGetCertificateChain
CertCreateCertificateContext
CertCompareCertificateName
CryptSIPRemoveSignedDataMsg

shell32

SHGetSpecialFolderPathW
ExtractAssociatedIconExW
DragAcceptFiles
SHGetMalloc
ShellExecuteA
SHCreateShellItem
SHGetPathFromIDListA
SHGetDesktopFolder

rpcrt4

I_RpcTurnOnEEInfoPropagation
RpcBindingServerFromClient
I_RpcGetExtendedError
RpcServerInqBindings
NdrSimpleTypeUnmarshall

gdi32

GetEnhMetaFileDescriptionA
GetFontLanguageInfo
ExtCreatePen
SetTextAlign
SetPixelV
PtInRegion
GetGlyphIndicesW
ExtTextOutA
CreateEllipticRgnIndirect
CreatePolygonRgn
GetMiterLimit
GetEnhMetaFileW

msvfw32

DrawDibStart

msvcrt

putc
wcscoll
getchar
fgets
towlower

opengl32

glTranslated

winscard

SCardListCardsW
SCardListCardsA
SCardEstablishContext

imm32

ImmGetOpenStatus

winmm

GetDriverModuleHandle
midiStreamPosition
mmioCreateChunk
waveOutUnprepareHeader
midiOutGetDevCapsW
mixerGetNumDevs
mmioClose
waveOutGetVolume

oleaut32

VariantChangeType
VarBstrCmp
LoadTypeLibEx

secur32

ApplyControlToken
FreeCredentialsHandle
AcceptSecurityContext
QuerySecurityContextToken

ws2_32

select

urlmon

CoInternetCreateZoneManager

netapi32

NetLocalGroupAddMembers
NetShareEnum
NetGroupGetInfo
NetGroupSetUsers

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassInstallParamsW
SetupDiDestroyDeviceInfoList
SetupCloseInfFile
SetupDiGetClassImageIndex
CM_Is_Dock_Station_Present
CM_Set_HW_Prof_Flags_ExW
CM_Get_First_Log_Conf_Ex
CM_Get_Res_Des_Data_Size_Ex
SetupDiRegisterCoDeviceInstallers
SetupQueryInfFileInformationW
SetupDiRemoveDevice
SetupPrepareQueueForRestoreW

version

VerFindFileW

ole32

CreatePointerMoniker
OleConvertIStorageToOLESTREAMEx
ReleaseStgMedium
OleNoteObjectVisible
CreateBindCtx
OleGetAutoConvert
CoUnmarshalInterface

user32

IsCharUpperW
CreateWindowExW
GetKeyboardLayout
mouse_event
EqualRect
VkKeyScanExW
RegisterWindowMessageA
PostMessageW
GetDlgCtrlID
TrackPopupMenuEx
GetWindowTextLengthA
ShowWindow
IsWinEventHookInstalled
SetWindowPos
LoadStringW
SetKeyboardState
GetUpdateRgn
ToUnicodeEx
LoadIconA
HiliteMenuItem
CreateWindowExA
MessageBoxW
CloseClipboard
TrackPopupMenu
OffsetRect
keybd_event
CountClipboardFormats
GetWindowPlacement

wintrust

CryptCATEnumerateCatAttr
WinVerifyTrust
OpenPersonalTrustDBDialog
CryptCATOpen

mprapi

MprAdminMIBEntryDelete
MprAdminUserSetInfo
MprInfoBlockRemove
MprAdminInterfaceTransportAdd
MprAdminConnectionEnum

clusapi

GetNodeClusterState
ClusterResourceEnum

advapi32

InitializeSecurityDescriptor
RegDeleteKeyW
ObjectOpenAuditAlarmW
CryptGenRandom
SetNamedSecurityInfoW
MapGenericMask
LookupAccountSidA
RegisterEventSourceA
RegSetValueExW
FreeEncryptionCertificateHashList
ConvertToAutoInheritPrivateObjectSecurity
DeleteService
GetSidLengthRequired
CryptVerifySignatureA
DuplicateEncryptionInfoFile
ObjectPrivilegeAuditAlarmA
LookupPrivilegeValueW
RegCloseKey
RegSaveKeyA

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d13a7447d23b3148af0805328532d0b

Headers

DLL Characteristics

File Characteristics

Imports

mscms

lz32

wininet

comctl32

msacm32

kernel32

winspool.drv

esent

shlwapi

rasapi32

crypt32

shell32

rpcrt4

gdi32

msvfw32

msvcrt

opengl32

winscard

imm32

winmm

oleaut32

secur32

ws2_32

urlmon

netapi32

setupapi

version

ole32

user32

wintrust

mprapi

clusapi

advapi32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.crt0 Size: 8KB - Virtual size: 4KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 48KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.crt0
Size: 8KB - Virtual size: 4KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 24KB - Virtual size: 22KB