8fbec198fb0e790900822362c14cc7793a67ac38845d555a8b641f2e0e6c9d09

Sharing

Copy URL Twitter E-mail

General

Target

8fbec198fb0e790900822362c14cc7793a67ac38845d555a8b641f2e0e6c9d09
Size

2.7MB
MD5

566cbafe8ba0454c9ddc4208f00ce9e1
SHA1

7ecbe43b9891357ee20d08616279b797b7fa6fe5
SHA256

8fbec198fb0e790900822362c14cc7793a67ac38845d555a8b641f2e0e6c9d09
SHA512

189e9632f2cb35c88b059566a0eeaaa7c632ff89c23678bdea943210b38e13b400790bfe67e40903c644c406fdb23a2ceff2a926bac172ce2dc657aa157636f6
SSDEEP

49152:hPMCG+hHM5VtYlexgSXN4a1mOSiJ3IINm+3Ksd4yOCUT1ZVrZpdrzU056E:hA+hsftoeSNomOR9VmnsdXUTZndP0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fbec198fb0e790900822362c14cc7793a67ac38845d555a8b641f2e0e6c9d09

Files

8fbec198fb0e790900822362c14cc7793a67ac38845d555a8b641f2e0e6c9d09
.dll windows:5 windows x86 arch:x86

ed72f4bde579ae28f34a93eba7f83aeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

mmioClose
waveInStart
waveOutUnprepareHeader
waveInReset
mciSendStringW
midiOutUnprepareHeader
timeKillEvent
timeGetDevCaps
mmioGetInfo

shell32

SHGetUnreadMailCountW
SHGetSpecialFolderPathA
SHChangeNotify
SHGetFolderPathAndSubDirW
DuplicateIcon
SHGetMalloc

mscms

IsColorProfileValid
GetStandardColorSpaceProfileW

advapi32

GetWindowsAccountDomainSid
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetThreadToken
FreeEncryptionCertificateHashList
SaferCloseLevel
RegSetValueExW
RegCloseKey
ConvertToAutoInheritPrivateObjectSecurity
MapGenericMask
CreatePrivateObjectSecurityEx
InitiateSystemShutdownA
AddAccessDeniedAce
CryptAcquireContextW
CryptGenRandom
RegGetKeySecurity
ObjectCloseAuditAlarmW
SetSecurityDescriptorDacl
DuplicateEncryptionInfoFile

shlwapi

StrFormatByteSizeW
PathRemoveBlanksW
StrChrIA
StrChrIW
StrChrA
PathIsUNCA
StrCmpNW
PathIsFileSpecW
StrCmpNA

msvcrt

wcscoll
putc
fgets
clearerr
ferror

urlmon

IsAsyncMoniker

user32

ShowWindow
SetWindowPos
GetClipboardFormatNameA
CreateWindowExA
GetClassInfoW
EnumThreadWindows
MapVirtualKeyExA
ToUnicodeEx
DlgDirListComboBoxW
RegisterWindowMessageW
ScrollWindow
LoadStringW
TrackPopupMenuEx
keybd_event
AllowSetForegroundWindow
SendNotifyMessageA
CreateDialogIndirectParamW
GetMenuItemInfoW
GetSubMenu
ValidateRgn
mouse_event
GetUpdateRgn
PostMessageW
ReleaseCapture
RegisterClassW
PostThreadMessageW
SetProcessWindowStation

clusapi

ClusterResourceEnum
GetNodeClusterState

kernel32

SetStdHandle
IsDBCSLeadByte
WaitForSingleObject
FindAtomA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetModuleHandleA
EnterCriticalSection
WaitForSingleObjectEx
GetCurrentDirectoryW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetCPInfoExW
GetLongPathNameW
SetDefaultCommConfigW
WriteConsoleInputW
Process32FirstW
GetShortPathNameA
TerminateProcess
GetPriorityClass
WriteProfileStringW
CommConfigDialogA
FindFirstChangeNotificationA
TransactNamedPipe
GetTimeFormatW
CloseHandle
EnumCalendarInfoW
GlobalAddAtomA
CreateMutexA
HeapLock
VerLanguageNameA

wininet

RetrieveUrlCacheEntryStreamA
InternetErrorDlg
InternetSetOptionA

ole32

CreateILockBytesOnHGlobal
HDC_UserFree
CoMarshalInterface
OleGetClipboard
CoMarshalInterThreadInterfaceInStream
OleLoad
StringFromCLSID

winspool.drv

EnumPrintProcessorsW

setupapi

SetupDiGetClassDescriptionExW
SetupDiGetSelectedDevice
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupCopyOEMInfA
SetupDiEnumDeviceInfo
SetupDiOpenClassRegKey
SetupDiGetClassImageListExW
CM_Free_Log_Conf_Handle
SetupDiGetINFClassW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsExW
SetupDiSelectBestCompatDrv

netapi32

NetLocalGroupAddMembers
NetApiBufferReallocate
NetGroupGetInfo
NetLocalGroupGetMembers

oleaut32

VarR8FromI2
LoadTypeLibEx
VarI2FromDate

wintrust

CryptCATOpen
IsCatalogFile
WintrustLoadFunctionPointers
CryptCATCDFOpen
WTHelperGetProvSignerFromChain

rpcrt4

NdrConformantStringUnmarshall
NdrConformantArrayMarshall
RpcErrorStartEnumeration
RpcMgmtEnableIdleCleanup
NdrCorrelationInitialize

lz32

LZInit
LZOpenFileW
GetExpandedNameW

gdi32

CreatePolygonRgn
SetViewportExtEx
CreateEllipticRgnIndirect
RestoreDC
CreateDCW
EnumFontFamiliesExA
CreateICW
LineDDA
GetGlyphOutlineW
GetBitmapBits
SetMetaFileBitsEx
TextOutW
StartDocA

imm32

ImmGetCompositionWindow

rasapi32

RasGetConnectionStatistics
RasFreeEapUserIdentityA

crypt32

CryptSignMessage
CertEnumCertificatesInStore
CertFreeCRLContext
CertGetSubjectCertificateFromStore

ws2_32

select

msacm32

acmFormatEnumW

opengl32

glMultMatrixf

comctl32

DestroyPropertySheetPage

secur32

GetComputerObjectNameW
QueryCredentialsAttributesW
RevertSecurityContext
QuerySecurityContextToken

msvfw32

ICOpenFunction

mprapi

MprConfigInterfaceEnum
MprAdminInterfaceTransportAdd
MprConfigTransportSetInfo
MprAdminConnectionEnum
MprConfigTransportCreate

esent

JetEndSession
JetCloseTable

winscard

SCardEstablishContext
SCardListReaderGroupsA
SCardTransmit

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed72f4bde579ae28f34a93eba7f83aeb

Headers

DLL Characteristics

File Characteristics

Imports

winmm

shell32

mscms

advapi32

shlwapi

msvcrt

urlmon

user32

clusapi

kernel32

wininet

ole32

winspool.drv

setupapi

netapi32

oleaut32

wintrust

rpcrt4

lz32

gdi32

imm32

rasapi32

crypt32

ws2_32

msacm32

opengl32

comctl32

secur32

msvfw32

mprapi

esent

winscard

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.crt0 Size: 8KB - Virtual size: 5KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.crt0
Size: 8KB - Virtual size: 5KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 36KB - Virtual size: 33KB