604f3ce287cda87c05e239a5d8042db29693615334506887b2bf120a38e132a2

Sharing

Copy URL

Twitter E-mail

General

Target

604f3ce287cda87c05e239a5d8042db29693615334506887b2bf120a38e132a2
Size

2.3MB
MD5

f248aeb46c6e5df4b2a6049c3944bf03
SHA1

113d2af21cc074cab210e19bed4410b74800ebbf
SHA256

604f3ce287cda87c05e239a5d8042db29693615334506887b2bf120a38e132a2
SHA512

66cac977a70d4f595fcc667cab3e0d26e0473f7464000a8eb816cc02eb73d897453ac3cb8b6ed2a817b6d24fa39c9c7c376bd23a02c5ad1bb9092f5e9bd05262
SSDEEP

49152:eg9rtk76+oC4c9oHWgO8YyVOOUE/wFgtL1e9oPSyEuOBOILKtSb:Rpk7xP9o2d/E/igBsGSJOILUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
604f3ce287cda87c05e239a5d8042db29693615334506887b2bf120a38e132a2

Files

604f3ce287cda87c05e239a5d8042db29693615334506887b2bf120a38e132a2
.dll windows:5 windows x86 arch:x86

03baf8f38cc69e3d9a1d6757f1320b04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msacm32

acmDriverDetailsW

imm32

ImmRegisterWordW

mscms

GetStandardColorSpaceProfileW
CloseColorProfile

mprapi

MprConfigInterfaceGetHandle
MprAdminMIBEntryDelete
MprConfigInterfaceEnum
MprAdminInterfaceGetInfo

wintrust

CryptCATClose
WintrustAddActionID
WTHelperGetProvCertFromChain
WTHelperCertIsSelfSigned
CryptSIPRemoveSignedDataMsg
CryptCATPersistStore
CryptCATCatalogInfoFromContext

esent

JetSetIndexRange
JetRollback

kernel32

lstrcmpW
CommConfigDialogA
SetThreadPriority
WriteConsoleInputW
SwitchToThread
GetTimeFormatW
GetModuleHandleA
CloseHandle
SetThreadExecutionState
ClearCommBreak
GetUserDefaultUILanguage
GetStdHandle
HeapLock
Process32FirstW
VerLanguageNameA
SetSystemTime
EnterCriticalSection
EndUpdateResourceA
VirtualAlloc
GetSystemTimeAsFileTime
SetThreadLocale
IsBadStringPtrW
FindFirstFileExA
ReleaseSemaphore
VerSetConditionMask
WaitForSingleObject
WaitForSingleObjectEx
TerminateProcess
SetStdHandle
MoveFileWithProgressW
DeleteCriticalSection
WriteProcessMemory
ReadConsoleA
GetModuleFileNameA
GetProfileIntW

ole32

CoCreateGuid
HPALETTE_UserMarshal
StgCreateStorageEx
HWND_UserMarshal
HBITMAP_UserSize
CoGetCurrentLogicalThreadId
CoQueryClientBlanket

shlwapi

SHSkipJunction
StrStrW
StrStrA
StrChrA
PathMatchSpecW
SHIsLowMemoryMachine

winmm

midiStreamProperty
waveOutGetDevCapsW
mmioFlush
GetDriverModuleHandle
waveInOpen
midiOutUnprepareHeader
waveOutWrite
midiInOpen
midiOutShortMsg

comctl32

DestroyPropertySheetPage

oleaut32

LoadTypeLibEx
VarI2FromDate
VariantChangeTypeEx

setupapi

SetupDiEnumDeviceInfo
SetupLogErrorA
CM_Free_Resource_Conflict_Handle
CM_Open_DevNode_Key
SetupDiDestroyClassImageList
SetupGetBackupInformationW
CM_Get_DevNode_Registry_Property_ExW
SetupGetStringFieldW
CM_Get_Sibling_Ex
SetupDiDestroyDeviceInfoList
SetupDiGetClassDescriptionExA
SetupDiSetDeviceInstallParamsA

gdi32

GetTextCharacterExtra
GetWindowOrgEx
SetBitmapBits
FillPath
StretchBlt
LPtoDP
GetStretchBltMode
IntersectClipRect
Polyline
CloseEnhMetaFile
SetStretchBltMode
PathToRegion
GetCurrentObject
GetAspectRatioFilterEx
CreatePatternBrush
PolyPolyline
GetDeviceCaps
GetTextColor
AddFontResourceW

netapi32

NetLocalGroupEnum
NetUserChangePassword
NetShareSetInfo
NetApiBufferSize
NetServerComputerNameDel

opengl32

glGetError

advapi32

AreAnyAccessesGranted
CryptDuplicateHash
DeleteService
StartServiceCtrlDispatcherW
SetNamedSecurityInfoA
CryptSetHashParam
CreateProcessAsUserA
InitiateSystemShutdownA
RegCloseKey
SaferIdentifyLevel
InitializeSid
MapGenericMask
ChangeServiceConfig2W
RegOpenKeyW
AccessCheck
OpenBackupEventLogA
GetFileSecurityW
AddAccessDeniedAce

clusapi

ClusterRegCreateKey
ClusterRegQueryValue

secur32

AcquireCredentialsHandleA
ImpersonateSecurityContext
DeleteSecurityContext
GetUserNameExA

msvfw32

ICInstall

wininet

GetUrlCacheEntryInfoW
RetrieveUrlCacheEntryStreamA
InternetCombineUrlA

urlmon

CoGetClassObjectFromURL

rasapi32

RasRenameEntryW
RasGetAutodialAddressA

shell32

SHChangeNotify
SHGetFolderLocation
ExtractAssociatedIconExW
SHGetSpecialFolderPathA
SHAppBarMessage
SHGetInstanceExplorer
SHGetSpecialFolderPathW

rpcrt4

IUnknown_AddRef_Proxy
I_RpcServerInqLocalConnAddress
RpcEpUnregister
IUnknown_Release_Proxy
RpcStringFreeA

winspool.drv

ClosePrinter

ws2_32

select

lz32

LZInit
GetExpandedNameW
LZOpenFileW

msvcrt

fgets
iswxdigit
wcscoll
putc
wcslen

winscard

SCardLocateCardsW
SCardEndTransaction
SCardConnectW

crypt32

CryptImportPublicKeyInfo
CertAddCRLContextToStore
CertSetEnhancedKeyUsage

version

GetFileVersionInfoSizeA

user32

MonitorFromRect
mouse_event
FillRect
SetScrollRange
SetScrollInfo
AttachThreadInput
ImpersonateDdeClientWindow
ChildWindowFromPointEx
LoadImageA
WinHelpW
GetIconInfo
GetClientRect
MessageBeep
GetFocus
DestroyIcon
GetAsyncKeyState
CreateAcceleratorTableA
CreateWindowExA
GetUpdateRgn
CharNextW
SetMenu
AdjustWindowRectEx
ShowWindow
DragDetect
GetTopWindow
GetClassLongA
InSendMessageEx
UpdateWindow
OffsetRect
ShowOwnedPopups

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03baf8f38cc69e3d9a1d6757f1320b04

Headers

DLL Characteristics

File Characteristics

Imports

msacm32

imm32

mscms

mprapi

wintrust

esent

kernel32

ole32

shlwapi

winmm

comctl32

oleaut32

setupapi

gdi32

netapi32

opengl32

advapi32

clusapi

secur32

msvfw32

wininet

urlmon

rasapi32

shell32

rpcrt4

winspool.drv

ws2_32

lz32

msvcrt

winscard

crypt32

version

user32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.crt0 Size: 8KB - Virtual size: 4KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 208KB - Virtual size: 205KB

.rdata Size: 4KB - Virtual size: 896B

.reloc Size: 84KB - Virtual size: 80KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.crt0
Size: 8KB - Virtual size: 4KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 208KB - Virtual size: 205KB

.rdata
Size: 4KB - Virtual size: 896B

.reloc
Size: 84KB - Virtual size: 80KB