5ebccfb0103c76348622e13e17e4918485d0e87b39979493b305010e9fcbe6ca

Sharing

Copy URL

Twitter E-mail

General

Target

5ebccfb0103c76348622e13e17e4918485d0e87b39979493b305010e9fcbe6ca
Size

2.5MB
MD5

f08bfcb8843b0b35d31d2c66f0154f44
SHA1

0a3041c29be59d9f72a17712387d806935a5d536
SHA256

5ebccfb0103c76348622e13e17e4918485d0e87b39979493b305010e9fcbe6ca
SHA512

aeddb6db1c6ed120ae2cc8ae4d873ebf5ab6c371d599143d68c6ad55d1ceccb5dc18d67401b6601917b7aecc46f963d410f03c5b45799f374ce4f6179a756d08
SSDEEP

49152:P192IG7xj/7/biDCbrrhb+tWCn4r+e4NTbK/sC1frv3HcYvhjoMvoQj:P72RFjiDCbsK+LTY73fvhMa/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ebccfb0103c76348622e13e17e4918485d0e87b39979493b305010e9fcbe6ca

Files

5ebccfb0103c76348622e13e17e4918485d0e87b39979493b305010e9fcbe6ca
.dll windows:5 windows x86 arch:x86

ffe257ba7e9c2b25c4f1048e7566b86d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

esent

JetEndSession
JetCloseTable

kernel32

TerminateProcess
GetModuleFileNameA
GetSystemTimeAsFileTime
LoadLibraryW
SetSystemTime
WriteProfileStringW
GetModuleHandleA
DeleteCriticalSection
TransactNamedPipe
CloseHandle
GetTimeFormatW
FileTimeToLocalFileTime
WaitForSingleObjectEx
VerLanguageNameA
FreeEnvironmentStringsW
WriteConsoleInputW
SetEndOfFile
CreateFileA
GetCurrentDirectoryW
Process32FirstW
SetStdHandle
PrepareTape
CreateFileW
GetNumaHighestNodeNumber
CommConfigDialogA
GetCPInfoExW
FindFirstChangeNotificationW
GetPriorityClass
GetShortPathNameA
IsWow64Process
WaitForSingleObject
EnterCriticalSection

ws2_32

select

imm32

ImmGetOpenStatus

version

GetFileVersionInfoSizeA

msvfw32

ICOpenFunction

comctl32

DestroyPropertySheetPage

opengl32

glTranslated

msvcrt

fgets
free
putc
clearerr
wcscoll

urlmon

IsAsyncMoniker

lz32

LZOpenFileW
LZInit
GetExpandedNameW

rasapi32

RasGetConnectionStatistics
RasEnumEntriesW

wintrust

WTHelperGetProvSignerFromChain
CryptCATEnumerateCatAttr
FindCertsByIssuer
CryptCATOpen
CryptCATCDFOpen

secur32

QueryCredentialsAttributesW
RevertSecurityContext
GetComputerObjectNameW
QuerySecurityContextToken

shell32

SHGetSpecialFolderPathA
SHFormatDrive
ShellExecuteA
SHAppBarMessage
DuplicateIcon
SHGetMalloc

netapi32

NetGroupSetUsers
NetGroupGetInfo
NetLocalGroupGetMembers
NetLocalGroupAddMembers

winscard

SCardReconnect
SCardListReaderGroupsA
SCardDisconnect

ole32

CreateBindCtx
CoMarshalInterThreadInterfaceInStream
CreateILockBytesOnHGlobal
HICON_UserUnmarshal
MonikerRelativePathTo
HDC_UserFree
OleNoteObjectVisible

rpcrt4

RpcMgmtInqServerPrincNameW
RpcServerInqBindings
RpcErrorStartEnumeration
I_RpcExceptionFilter

setupapi

SetupGetTargetPathW
SetupPrepareQueueForRestoreW
CM_Is_Dock_Station_Present
SetupDiEnumDeviceInfo
CM_Get_Device_Interface_List_Size_ExW
SetupDiDestroyDeviceInfoList
CM_Reenumerate_DevNode
SetupDiBuildClassInfoListExW
CM_Set_HW_Prof_Flags_ExW
SetupGetInfInformationW
SetupSetNonInteractiveMode
SetupDiGetSelectedDevice
SetupQueueDeleteW

advapi32

SetSecurityDescriptorDacl
NotifyBootConfigStatus
AddAccessDeniedAce
CryptAcquireContextW
SetSecurityDescriptorGroup
SetEntriesInAclA
LookupPrivilegeValueW
DuplicateEncryptionInfoFile
InitializeSecurityDescriptor
ConvertToAutoInheritPrivateObjectSecurity
CreatePrivateObjectSecurityEx
RegCloseKey
FreeEncryptionCertificateHashList
RegSetValueExA
ObjectCloseAuditAlarmW
CryptGenRandom
RegSetValueExW
MapGenericMask
SaferCloseLevel

mscms

GetStandardColorSpaceProfileW
IsColorProfileValid

gdi32

EnumFontFamiliesExA
GetGlyphOutlineW
GetBitmapBits
CreateICW
CopyEnhMetaFileW
GetMiterLimit
CreateEllipticRgnIndirect
StartDocA
GetStockObject
TextOutW
SetPixelV
CreatePolygonRgn
SetMetaFileBitsEx

winmm

mciSendStringW
timeKillEvent
mmioClose
waveOutUnprepareHeader
timeGetDevCaps
GetDriverModuleHandle
waveInReset
midiOutGetDevCapsW

crypt32

CryptSignMessage
PFXExportCertStore
CertCreateCertificateContext
CertGetCertificateChain

msacm32

acmFormatEnumW

oleaut32

VarR8FromI2
LoadTypeLibEx
VariantChangeType

shlwapi

StrChrIW
PathAppendA
StrChrIA
StrCmpNW
StrCmpNA
StrCmpNIA
PathIsUNCA
SHSetValueW
PathIsFileSpecW

user32

keybd_event
ReleaseCapture
GetDlgCtrlID
LoadStringW
EnumThreadWindows
VkKeyScanExW
IsCharUpperW
GetUpdateRgn
GetSubMenu
MapVirtualKeyExA
CreateDesktopA
ToUnicodeEx
AllowSetForegroundWindow
GetClassInfoW
SetWindowPos
ShowWindow
mouse_event
SetProcessWindowStation
DlgDirListComboBoxW
PostMessageW
CreateDialogIndirectParamW
TrackPopupMenuEx
EqualRect
CreateWindowExA
CloseClipboard
CreateAcceleratorTableA
CreatePopupMenu
SetKeyboardState

winspool.drv

EnumPrintProcessorsW

mprapi

MprInfoBlockRemove
MprAdminInterfaceTransportAdd
MprAdminUserSetInfo
MprConfigTransportSetInfo
MprAdminConnectionEnum

wininet

InternetSetOptionA
InternetErrorDlg
CommitUrlCacheEntryA

clusapi

GetNodeClusterState
ClusterResourceEnum

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffe257ba7e9c2b25c4f1048e7566b86d

Headers

DLL Characteristics

File Characteristics

Imports

esent

kernel32

ws2_32

imm32

version

msvfw32

comctl32

opengl32

msvcrt

urlmon

lz32

rasapi32

wintrust

secur32

shell32

netapi32

winscard

ole32

rpcrt4

setupapi

advapi32

mscms

gdi32

winmm

crypt32

msacm32

oleaut32

shlwapi

user32

winspool.drv

mprapi

wininet

clusapi

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.crt0 Size: 8KB - Virtual size: 4KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 84KB - Virtual size: 85KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 40KB - Virtual size: 37KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.crt0
Size: 8KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 84KB - Virtual size: 85KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 40KB - Virtual size: 37KB