a75f10aa8817ffd7e1b1f1bab7742b9b4cd00b86776d8dba91465888e46bf3bd

Sharing

Copy URL

Twitter E-mail

General

Target

a75f10aa8817ffd7e1b1f1bab7742b9b4cd00b86776d8dba91465888e46bf3bd
Size

2.3MB
MD5

dd3ae667b42969df3b88217d8a5521b4
SHA1

732e4bb236a66f4fcd0c40b7997d6d38b23585d7
SHA256

a75f10aa8817ffd7e1b1f1bab7742b9b4cd00b86776d8dba91465888e46bf3bd
SHA512

9c5addf12d2df7b67916f5f0986728c7a150f91b012e9ffe0044d031c90cc3f3ad3078e23ad13f3f2e7ca4e1e03898793c7231671e8fe12e3ddf4729e142cf87
SSDEEP

49152:ng9rtk76+oC4c9oHWgO8YyVOOUE/wFgtL1e9oPSyEuOBOILKtSb:Ypk7xP9o2d/E/igBsGSJOILUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a75f10aa8817ffd7e1b1f1bab7742b9b4cd00b86776d8dba91465888e46bf3bd

Files

a75f10aa8817ffd7e1b1f1bab7742b9b4cd00b86776d8dba91465888e46bf3bd
.dll windows:5 windows x86 arch:x86

3d261575d7c48b3d0d74ff018320f597

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msacm32

acmDriverDetailsW

imm32

ImmRegisterWordW

mscms

GetStandardColorSpaceProfileW
CloseColorProfile

mprapi

MprConfigInterfaceGetHandle
MprAdminMIBEntryDelete
MprConfigInterfaceEnum
MprAdminInterfaceGetInfo

wintrust

CryptCATClose
WintrustAddActionID
WTHelperGetProvCertFromChain
WTHelperCertIsSelfSigned
CryptSIPRemoveSignedDataMsg
CryptCATPersistStore
CryptCATCatalogInfoFromContext

esent

JetSetIndexRange
JetRollback

ole32

CoCreateGuid
HPALETTE_UserMarshal
StgCreateStorageEx
HWND_UserMarshal
HBITMAP_UserSize
CoGetCurrentLogicalThreadId
CoQueryClientBlanket

kernel32

lstrcmpW
CommConfigDialogA
SetThreadPriority
WriteConsoleInputW
SwitchToThread
GetTimeFormatW
GetModuleHandleA
CloseHandle
SetThreadExecutionState
ClearCommBreak
GetUserDefaultUILanguage
GetStdHandle
HeapLock
Process32FirstW
VerLanguageNameA
SetSystemTime
EnterCriticalSection
EndUpdateResourceA
VirtualAlloc
GetSystemTimeAsFileTime
SetThreadLocale
IsBadStringPtrW
FindFirstFileExA
ReleaseSemaphore
VerSetConditionMask
WaitForSingleObject
WaitForSingleObjectEx
TerminateProcess
SetStdHandle
MoveFileWithProgressW
DeleteCriticalSection
WriteProcessMemory
ReadConsoleA
GetModuleFileNameA
GetProfileIntW

shlwapi

SHSkipJunction
StrStrW
StrStrA
StrChrA
PathMatchSpecW
SHIsLowMemoryMachine

winmm

midiStreamProperty
waveOutGetDevCapsW
mmioFlush
GetDriverModuleHandle
waveInOpen
midiOutUnprepareHeader
waveOutWrite
midiInOpen
midiOutShortMsg

comctl32

DestroyPropertySheetPage

oleaut32

LoadTypeLibEx
VarI2FromDate
VariantChangeTypeEx

setupapi

SetupDiEnumDeviceInfo
SetupLogErrorA
CM_Free_Resource_Conflict_Handle
CM_Open_DevNode_Key
SetupDiDestroyClassImageList
SetupGetBackupInformationW
CM_Get_DevNode_Registry_Property_ExW
SetupGetStringFieldW
CM_Get_Sibling_Ex
SetupDiDestroyDeviceInfoList
SetupDiGetClassDescriptionExA
SetupDiSetDeviceInstallParamsA

gdi32

GetTextCharacterExtra
GetWindowOrgEx
SetBitmapBits
FillPath
StretchBlt
LPtoDP
GetStretchBltMode
IntersectClipRect
Polyline
CloseEnhMetaFile
SetStretchBltMode
PathToRegion
GetCurrentObject
GetAspectRatioFilterEx
CreatePatternBrush
PolyPolyline
GetDeviceCaps
GetTextColor
AddFontResourceW

netapi32

NetLocalGroupEnum
NetUserChangePassword
NetShareSetInfo
NetApiBufferSize
NetServerComputerNameDel

opengl32

glGetError

advapi32

AreAnyAccessesGranted
CryptDuplicateHash
DeleteService
StartServiceCtrlDispatcherW
SetNamedSecurityInfoA
CryptSetHashParam
CreateProcessAsUserA
InitiateSystemShutdownA
RegCloseKey
SaferIdentifyLevel
InitializeSid
MapGenericMask
ChangeServiceConfig2W
RegOpenKeyW
AccessCheck
OpenBackupEventLogA
GetFileSecurityW
AddAccessDeniedAce

clusapi

ClusterRegCreateKey
ClusterRegQueryValue

lz32

LZInit
GetExpandedNameW
LZOpenFileW

msvfw32

ICInstall

wininet

GetUrlCacheEntryInfoW
RetrieveUrlCacheEntryStreamA
InternetCombineUrlA

urlmon

CoGetClassObjectFromURL

rasapi32

RasRenameEntryW
RasGetAutodialAddressA

shell32

SHChangeNotify
SHGetFolderLocation
ExtractAssociatedIconExW
SHGetSpecialFolderPathA
SHAppBarMessage
SHGetInstanceExplorer
SHGetSpecialFolderPathW

rpcrt4

IUnknown_AddRef_Proxy
I_RpcServerInqLocalConnAddress
RpcEpUnregister
IUnknown_Release_Proxy
RpcStringFreeA

winspool.drv

ClosePrinter

ws2_32

select

secur32

AcquireCredentialsHandleA
ImpersonateSecurityContext
DeleteSecurityContext
GetUserNameExA

msvcrt

fgets
iswxdigit
wcscoll
putc
wcslen

winscard

SCardLocateCardsW
SCardEndTransaction
SCardConnectW

crypt32

CryptImportPublicKeyInfo
CertAddCRLContextToStore
CertSetEnhancedKeyUsage

version

GetFileVersionInfoSizeA

user32

MonitorFromRect
mouse_event
FillRect
SetScrollRange
SetScrollInfo
AttachThreadInput
ImpersonateDdeClientWindow
ChildWindowFromPointEx
LoadImageA
WinHelpW
GetIconInfo
GetClientRect
MessageBeep
GetFocus
DestroyIcon
GetAsyncKeyState
CreateAcceleratorTableA
CreateWindowExA
GetUpdateRgn
CharNextW
SetMenu
AdjustWindowRectEx
ShowWindow
DragDetect
GetTopWindow
GetClassLongA
InSendMessageEx
UpdateWindow
OffsetRect
ShowOwnedPopups

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d261575d7c48b3d0d74ff018320f597

Headers

DLL Characteristics

File Characteristics

Imports

msacm32

imm32

mscms

mprapi

wintrust

esent

ole32

kernel32

shlwapi

winmm

comctl32

oleaut32

setupapi

gdi32

netapi32

opengl32

advapi32

clusapi

lz32

msvfw32

wininet

urlmon

rasapi32

shell32

rpcrt4

winspool.drv

ws2_32

secur32

msvcrt

winscard

crypt32

version

user32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.crt0 Size: 8KB - Virtual size: 4KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 208KB - Virtual size: 205KB

.rdata Size: 4KB - Virtual size: 896B

.reloc Size: 84KB - Virtual size: 80KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.crt0
Size: 8KB - Virtual size: 4KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 208KB - Virtual size: 205KB

.rdata
Size: 4KB - Virtual size: 896B

.reloc
Size: 84KB - Virtual size: 80KB