22371c226bbef69fbf13ebdca1ffad6fa5ff6e8704997e580ac500b289b066db

Sharing

Copy URL Twitter E-mail

General

Target

22371c226bbef69fbf13ebdca1ffad6fa5ff6e8704997e580ac500b289b066db
Size

1.7MB
MD5

75f7199c717d4810bd16ee56c4e6f6e6
SHA1

c1fcac41737c9c29453a95351dfdd6bed3b4d09e
SHA256

22371c226bbef69fbf13ebdca1ffad6fa5ff6e8704997e580ac500b289b066db
SHA512

3bcc27c8eb2e2815cce506a2d7ed0d2b1ebb82a119efda758014d53e8602be906f61dc412522696d6f3f89d79d0fc5b853b0ad3119f10dad4ae4c10589cac30f
SSDEEP

49152:96dA/BDNLg3Y0Pb5K5yxFNDAty5ZU3+lLopnSYLe:cC/FFIYo9K5qBAY/1BopS8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22371c226bbef69fbf13ebdca1ffad6fa5ff6e8704997e580ac500b289b066db

Files

22371c226bbef69fbf13ebdca1ffad6fa5ff6e8704997e580ac500b289b066db
.dll windows:5 windows x86 arch:x86

f5d4158633b4546497a82fc78ebf0fce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA

winspool.drv

EnumPrintProcessorsW

msacm32

acmDriverDetailsW

advapi32

SetSecurityDescriptorSacl
QueryServiceObjectSecurity
GetInheritanceSourceW
RegRestoreKeyA
CryptSetHashParam
QueryServiceLockStatusW
CreatePrivateObjectSecurity
RegCloseKey
SetServiceObjectSecurity
SaferCloseLevel
AccessCheckByTypeResultList
RegDeleteValueW
AddAccessDeniedAce
FreeSid
MapGenericMask
CryptSetProvParam
InitiateSystemShutdownA
OpenEventLogA
ObjectDeleteAuditAlarmW

wintrust

CryptCATAdminReleaseContext
CryptCATGetAttrInfo
CryptSIPRemoveSignedDataMsg
CryptSIPCreateIndirectData
WTHelperCertIsSelfSigned

rpcrt4

RpcBindingFromStringBindingW
UuidIsNil
RpcServerUnregisterIfEx
RpcBindingCopy
I_RpcSsDontSerializeContext

winscard

SCardListReaderGroupsA
SCardGetStatusChangeA
g_rgSCardT1Pci

secur32

GetComputerObjectNameW
QuerySecurityContextToken
EncryptMessage
InitSecurityInterfaceW

urlmon

CoInternetIsFeatureEnabled

crypt32

CryptUnregisterDefaultOIDFunction
CryptEnumOIDFunction
CertGetSubjectCertificateFromStore
CertEnumCertificatesInStore

shlwapi

StrChrIW
SHAutoComplete
AssocQueryStringW
StrCmpNA
StrCSpnA
StrChrA
StrStrA

user32

GetMenuContextHelpId
ImpersonateDdeClientWindow
AdjustWindowRectEx
GetSubMenu
CreateDesktopW
ShowOwnedPopups
OpenWindowStationW
InSendMessageEx
ChangeDisplaySettingsA
GetCursorPos
ShowWindow
UnhookWinEvent
mouse_event
DlgDirListComboBoxW
GetUpdateRgn
GetKBCodePage
LoadKeyboardLayoutA
SetScrollInfo
EnumDesktopWindows
DlgDirListW
SetWindowLongW
LoadMenuIndirectA
RegisterClipboardFormatW
UpdateWindow
CreateWindowExA

comctl32

DestroyPropertySheetPage

setupapi

SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiBuildClassInfoList
CM_Enable_DevNode
SetupDiDrawMiniIcon
CM_Free_Resource_Conflict_Handle
SetupDuplicateDiskSpaceListW
SetupCopyOEMInfA
SetupDiGetINFClassW
SetupFindFirstLineW
SetupDiEnumDeviceInfo
SetupDiRemoveDevice

gdi32

RestoreDC
GetWindowOrgEx
SetPolyFillMode
ResetDCW
PathToRegion
GetROP2
AbortDoc
CreateRectRgnIndirect
ScaleWindowExtEx
EnumICMProfilesA
PolyPolygon
GetTextCharacterExtra
SetMetaFileBitsEx

mscms

CloseColorProfile
OpenColorProfileA

netapi32

NetShareCheck
NetSessionGetInfo
NetFileClose
NetGroupGetUsers
NetUserSetGroups

oleaut32

LoadTypeLibEx
VarR4FromStr
VarI2FromDate

kernel32

GetProfileStringA
IsBadStringPtrW
GetTimeFormatW
GetModuleHandleA
CloseHandle
WaitNamedPipeW
TerminateProcess
WaitForSingleObject
CreateEventW
Process32FirstW
HeapLock
WriteConsoleInputW
GetPriorityClass
GetFileAttributesW
GetNumberFormatW
FindFirstChangeNotificationA
WriteConsoleOutputAttribute
WaitForSingleObjectEx
CommConfigDialogA
GetSystemTimeAsFileTime
GetModuleFileNameA
VerLanguageNameA
VirtualAllocEx
WriteProfileSectionA
SetThreadPriority
DeleteCriticalSection
GetMailslotInfo
VirtualAlloc
SystemTimeToTzSpecificLocalTime
EnterCriticalSection
SetStdHandle

opengl32

glEvalCoord2f

ws2_32

select

msvfw32

DrawDibEnd

msvcrt

fgets
free
wcscoll
putc
memcmp

imm32

ImmNotifyIME

winmm

midiStreamOut
auxGetDevCapsW
midiInUnprepareHeader
waveInReset
waveOutGetDevCapsW
GetDriverModuleHandle
midiInClose
timeGetTime
waveInStart

shell32

SHGetMalloc
SHBrowseForFolderW
SHOpenFolderAndSelectItems
SHLoadInProc
SHFormatDrive
DuplicateIcon

mprapi

MprConfigInterfaceEnum
MprConfigTransportSetInfo
MprInfoBlockSet
MprConfigServerDisconnect
MprAdminUserGetInfo

lz32

LZInit
GetExpandedNameW

esent

JetTerm2
JetEndSession

ole32

CoUnmarshalInterface
CLSIDFromString
CoGetMalloc
STGMEDIUM_UserUnmarshal
CoMarshalInterface
CoFileTimeToDosDateTime

rasapi32

RasFreeEapUserIdentityA
RasSetCustomAuthDataW

clusapi

CloseClusterResource
RestoreClusterDatabase

wininet

InternetErrorDlg
InternetCombineUrlA
DeleteUrlCacheEntry

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5d4158633b4546497a82fc78ebf0fce

Headers

DLL Characteristics

File Characteristics

Imports

version

winspool.drv

msacm32

advapi32

wintrust

rpcrt4

winscard

secur32

urlmon

crypt32

shlwapi

user32

comctl32

setupapi

gdi32

mscms

netapi32

oleaut32

kernel32

opengl32

ws2_32

msvfw32

msvcrt

imm32

winmm

shell32

mprapi

lz32

esent

ole32

rasapi32

clusapi

wininet

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.crt0 Size: 8KB - Virtual size: 4KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 44KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.crt0
Size: 8KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 44KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 24KB - Virtual size: 20KB