d455e4a25002af046b97ab76485480e694d4f2b8a494d62f94d1eb1fe767ed07

Sharing

Copy URL Twitter E-mail

General

Target

d455e4a25002af046b97ab76485480e694d4f2b8a494d62f94d1eb1fe767ed07
Size

1.9MB
MD5

9aa56a7e812f7567be412d53f606cf30
SHA1

5ead14b146d62f27f23a396bdd871ba0ef7c221b
SHA256

d455e4a25002af046b97ab76485480e694d4f2b8a494d62f94d1eb1fe767ed07
SHA512

26ed5617c0a8c2054c5ec5b444786618060ff658cb2071bc997b28a2ef9d1e4dd309520346b1304fd669c0c279db13605c119cabb67f0ede6c77c53d5861bfc7
SSDEEP

49152:PJrqoA/wXZ4nvwG/wUm5gzbqW0QsRU0o1kIzTup:FVhZQvIMxsRUp4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d455e4a25002af046b97ab76485480e694d4f2b8a494d62f94d1eb1fe767ed07

Files

d455e4a25002af046b97ab76485480e694d4f2b8a494d62f94d1eb1fe767ed07
.dll windows:5 windows x86 arch:x86

14f8eb74200631c43b535515b67bc628

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA

mprapi

MprInfoBlockSet
MprAdminUserGetInfo
MprConfigInterfaceEnum
MprConfigTransportSetInfo
MprConfigServerDisconnect

rpcrt4

RpcServerUnregisterIfEx
RpcBindingFromStringBindingW
UuidIsNil
RpcBindingCopy
I_RpcSsDontSerializeContext

msvcrt

wcscoll
fgets
putc
memcmp
free

shell32

SHGetMalloc
Shell_NotifyIconA
SHAddToRecentDocs
SHFormatDrive
SHOpenFolderAndSelectItems
SHLoadInProc

ole32

CoGetMalloc
CoFileTimeToDosDateTime
CLSIDFromString
STGMEDIUM_UserUnmarshal
CoGetClassObject
CoMarshalInterface
MonikerCommonPrefixWith

netapi32

NetGroupGetUsers
NetShareCheck
NetSessionGetInfo
NetFileClose
NetUserSetGroups

oleaut32

VarI2FromDate
VarR4FromStr
LoadTypeLibEx

winmm

midiStreamOut
waveInStart
timeGetTime
GetDriverModuleHandle
auxGetDevCapsW
midiInClose
midiInUnprepareHeader
waveOutGetDevCapsW
waveInReset

wininet

DeleteUrlCacheEntry
InternetCombineUrlA
InternetErrorDlg

msvfw32

ICInstall

mscms

CloseColorProfile
InstallColorProfileW

winscard

SCardGetStatusChangeA
g_rgSCardT1Pci
SCardListReaderGroupsA

shlwapi

StrCmpNA
UrlIsW
StrStrA
AssocQueryStringW
StrChrIW
StrChrA
StrCSpnA

comctl32

DestroyPropertySheetPage

crypt32

CryptSIPCreateIndirectData
CertEnumCertificatesInStore
CryptUnregisterDefaultOIDFunction
CryptEnumOIDFunction
CertGetSubjectCertificateFromStore
CryptSIPRemoveSignedDataMsg

clusapi

RestoreClusterDatabase
GetClusterFromResource

ws2_32

select

msacm32

acmDriverDetailsW

kernel32

IsBadStringPtrW
EnterCriticalSection
FindFirstChangeNotificationA
GetPriorityClass
WriteConsoleOutputAttribute
WriteConsoleInputW
CommConfigDialogA
SystemTimeToTzSpecificLocalTime
GetModuleFileNameA
Process32FirstW
WriteProfileSectionA
VirtualAllocEx
DeleteCriticalSection
WaitForSingleObjectEx
GetNumberFormatW
WaitNamedPipeW
CreateMutexW
VirtualAlloc
SetStdHandle
WriteFile
VerLanguageNameA
GetMailslotInfo
GetProfileStringA
CreateEventW
WaitForSingleObject
GetTimeFormatW
CloseHandle
SetThreadPriority
GetSystemTimeAsFileTime
TerminateProcess
GetModuleHandleA

user32

ImpersonateDdeClientWindow
LoadKeyboardLayoutA
GetSubMenu
SetScrollInfo
CreateWindowExA
GetMenuContextHelpId
GetKBCodePage
TabbedTextOutA
ShowWindow
EmptyClipboard
SetWindowLongW
CreateDesktopW
mouse_event
ShowOwnedPopups
AdjustWindowRectEx
DefMDIChildProcW
CharPrevW
GetCursorPos
LoadMenuIndirectA
EnumDesktopWindows
GetUpdateRgn
UpdateWindow
DlgDirListComboBoxW
InSendMessageEx
OpenWindowStationW

secur32

GetComputerObjectNameW
EncryptMessage
QuerySecurityContextToken

rasapi32

RasFreeEapUserIdentityA
RasSetCustomAuthDataW

opengl32

glEvalCoord2f

winspool.drv

ClosePrinter

imm32

ImmNotifyIME

gdi32

PathToRegion
ScaleWindowExtEx
AbortDoc
PolyPolygon
GetROP2
GetWindowOrgEx
UnrealizeObject
SetMetaFileBitsEx
GetTextCharacterExtra
CreateRectRgnIndirect
CreateEllipticRgnIndirect
EnumICMProfilesA

urlmon

CoInternetIsFeatureEnabled

esent

JetTerm2
JetEndSession

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATGetMemberInfo
CryptCATGetAttrInfo
WTHelperCertIsSelfSigned

setupapi

SetupDiCreateDeviceInfoList
SetupDiRemoveDevice
CM_Free_Resource_Conflict_Handle
SetupDiBuildClassInfoList
SetupFindFirstLineW
SetupDiGetINFClassW
SetupDiGetDeviceInterfaceDetailA
SetupDuplicateDiskSpaceListW
SetupDiGetClassImageIndex
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDecompressOrCopyFileW
SetupDiEnumDeviceInfo

lz32

GetExpandedNameW
LZInit

advapi32

AddAccessAllowedAceEx
FreeSid
AccessCheckByTypeResultList
ObjectDeleteAuditAlarmW
QueryServiceLockStatusW
CreatePrivateObjectSecurity
QueryServiceObjectSecurity
CryptSetHashParam
RegCloseKey
InitiateSystemShutdownA
AddAccessDeniedAce
SetServiceObjectSecurity
RegRestoreKeyA
SetSecurityDescriptorSacl
OpenEventLogA
MapGenericMask
SaferCloseLevel
CryptSetProvParam
OpenBackupEventLogA

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 1.8MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14f8eb74200631c43b535515b67bc628

Headers

DLL Characteristics

File Characteristics

Imports

version

mprapi

rpcrt4

msvcrt

shell32

ole32

netapi32

oleaut32

winmm

wininet

msvfw32

mscms

winscard

shlwapi

comctl32

crypt32

clusapi

ws2_32

msacm32

kernel32

user32

secur32

rasapi32

opengl32

winspool.drv

imm32

gdi32

urlmon

esent

wintrust

setupapi

lz32

advapi32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.7MB

.crt0 Size: 8KB - Virtual size: 4KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 64KB - Virtual size: 64KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 1.8MB - Virtual size: 1.7MB

.crt0
Size: 8KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 32KB - Virtual size: 28KB