d52db7af10ae0cdfa9aa326d2929571180b96771e08c0d735208c7b283d5726b

Sharing

Copy URL Twitter E-mail

General

Target

d52db7af10ae0cdfa9aa326d2929571180b96771e08c0d735208c7b283d5726b
Size

2.4MB
MD5

bda09d2438895eba991e6ea2f84f7969
SHA1

9d6263ce83f171a7ba1468fdd6aa192111a1177d
SHA256

d52db7af10ae0cdfa9aa326d2929571180b96771e08c0d735208c7b283d5726b
SHA512

f09a317a027ad1f72518d8cc62c6bd757e99a28f7da7400955438a4c0924a850c7f37f888e83c2c42d3a5844a3fdcf5d9f8e437c793b2b1dce016af6fca3a4e2
SSDEEP

49152:3DY64Sw5Mjr+faCo2PV2YADDkJWa1h1PT8ICc7fLqxdEUhW4j:3yPW0aCbwYADba1h14QnCrh3j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d52db7af10ae0cdfa9aa326d2929571180b96771e08c0d735208c7b283d5726b

Files

d52db7af10ae0cdfa9aa326d2929571180b96771e08c0d735208c7b283d5726b
.dll windows:5 windows x86 arch:x86

ebfbb9cee9ecebf46189a491633d56df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mprapi

MprConfigTransportSetInfo
MprConfigInterfaceEnum
MprConfigServerDisconnect
MprAdminUserGetInfo
MprConfigServerConnect

opengl32

glEvalCoord2f

user32

SetScrollInfo
TabbedTextOutA
SetClassLongA
UpdateWindow
GetUpdateRgn
CreateDesktopW
UnregisterClassA
LoadMenuIndirectA
GetMenuStringA
OpenWindowStationW
CreateWindowExA
AdjustWindowRectEx
ShowWindow
GetKBCodePage
CharPrevW
SetPropW
EmptyClipboard
InvalidateRgn
ExcludeUpdateRgn
InSendMessageEx
ImpersonateDdeClientWindow
GetSubMenu
mouse_event
GetCursorPos
SetWindowLongW

winscard

g_rgSCardT1Pci
SCardGetStatusChangeA
SCardLocateCardsW

comctl32

DestroyPropertySheetPage

msvfw32

ICInstall

shlwapi

StrChrA
AssocQueryStringW
StrStrA
StrStrW
StrChrIW
StrCSpnA

rasapi32

RasSetCustomAuthDataW
RasHangUpW

urlmon

CoGetClassObjectFromURL

imm32

ImmNotifyIME

winmm

mmioGetInfo
waveInReset
waveOutGetDevCapsW
waveOutGetNumDevs
midiOutPrepareHeader
waveInStart
midiInMessage
GetDriverModuleHandle
midiStreamOut

gdi32

GetTextExtentExPointW
GetCharWidthW
SetMetaFileBitsEx
Rectangle
CloseEnhMetaFile
GetROP2
GetWindowOrgEx
CreateRectRgnIndirect
PathToRegion
PolyPolyline
GetTextCharacterExtra
UnrealizeObject

oleaut32

VarI2FromDate
DispInvoke
LoadTypeLibEx

esent

JetGetBookmark
JetTerm2

secur32

ApplyControlToken
ImpersonateSecurityContext
GetComputerObjectNameW
QueryContextAttributesA

lz32

LZOpenFileW
GetExpandedNameW
LZInit

crypt32

CryptSIPRemoveSignedDataMsg
CryptSIPCreateIndirectData
CertEnumCertificatesInStore
CryptUnregisterOIDFunction
CertGetSubjectCertificateFromStore
CryptUnregisterDefaultOIDFunction

mscms

CloseColorProfile

wintrust

CryptCATGetAttrInfo
WTHelperCertIsSelfSigned
WintrustAddActionID
CryptCATAdminReleaseCatalogContext

msvcrt

memcmp
putc
free
fgets
wcscoll

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiRemoveDevice
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiInstallDriverFiles
CM_Free_Resource_Conflict_Handle
CM_Get_Next_Res_Des_Ex
CM_Disconnect_Machine
SetupDiDestroyClassImageList
SetupFindFirstLineW

winspool.drv

ClosePrinter

shell32

ExtractIconA
CommandLineToArgvW
Shell_NotifyIconA
SHLoadInProc
SHGetMalloc
SHFormatDrive
ExtractIconExA

kernel32

GetNumberFormatW
WaitNamedPipeW
EnterCriticalSection
Process32FirstW
IsBadStringPtrW
VirtualAlloc
CommConfigDialogA
CreateMutexW
SetStdHandle
GetACP
DeleteCriticalSection
SystemTimeToTzSpecificLocalTime
FindNextFileA
TerminateProcess
ReadConsoleA
VerLanguageNameA
WriteProfileSectionA
CloseHandle
GetTimeFormatW
GetModuleHandleA
CreateEventW
GetModuleFileNameA
WaitForSingleObjectEx
GetVolumeNameForVolumeMountPointW
LCMapStringW
GetSystemTimeAsFileTime
SetThreadPriority
WriteConsoleInputW
WriteConsoleOutputAttribute
WaitForSingleObject

ole32

CLSIDFromString
CoMarshalHresult
CoFileTimeToDosDateTime
CoGetMalloc
CreateDataAdviseHolder
MonikerCommonPrefixWith
StgCreateDocfile

ws2_32

select

netapi32

NetShareCheck
NetGroupGetUsers
NetSessionGetInfo
NetShareDelSticky
NetUserSetGroups

clusapi

ClusterResourceOpenEnum
ClusterRegOpenKey

wininet

InternetErrorDlg
InternetTimeToSystemTimeW
InternetQueryOptionW

msacm32

acmDriverDetailsW

rpcrt4

NdrSimpleStructBufferSize
UuidIsNil
NdrConformantStringUnmarshall
RpcBindingFromStringBindingW
RpcErrorGetNextRecord

advapi32

RegDeleteKeyW
RegOverridePredefKey
SetServiceObjectSecurity
AddAccessAllowedAceEx
ObjectDeleteAuditAlarmW
RegOpenKeyW
CreatePrivateObjectSecurity
InitiateSystemShutdownA
OpenBackupEventLogA
RegCloseKey
RegConnectRegistryA
PrivilegeCheck
OpenEventLogA
SetSecurityDescriptorSacl
AccessCheckByTypeResultList
GetTrusteeNameW
RegRestoreKeyA
CryptSetHashParam

version

GetFileVersionInfoW

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebfbb9cee9ecebf46189a491633d56df

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

opengl32

user32

winscard

comctl32

msvfw32

shlwapi

rasapi32

urlmon

imm32

winmm

gdi32

oleaut32

esent

secur32

lz32

crypt32

mscms

wintrust

msvcrt

setupapi

winspool.drv

shell32

kernel32

ole32

ws2_32

netapi32

clusapi

wininet

msacm32

rpcrt4

advapi32

version

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.crt0 Size: 8KB - Virtual size: 5KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 60KB - Virtual size: 61KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.crt0
Size: 8KB - Virtual size: 5KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 60KB - Virtual size: 61KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 32KB - Virtual size: 28KB