2f8f7333de3b08d7e7a7da2208b1c6a708e537677939be7a68f8a734fa7cee11

Sharing

Copy URL

Twitter E-mail

General

Target

2f8f7333de3b08d7e7a7da2208b1c6a708e537677939be7a68f8a734fa7cee11
Size

2.3MB
MD5

bca063350ed47a1c067822d1db20fc78
SHA1

3c03c9e1c2460cb707dca105ca63a0aa87456f8d
SHA256

2f8f7333de3b08d7e7a7da2208b1c6a708e537677939be7a68f8a734fa7cee11
SHA512

c06174f208a18090a3f71e47c703efcb3e0c7456cf03042948a11cbed2b9f4963ceeee10720ab94962d07280761dafa37bf0440f5bd119dbc0cc26ac42742f68
SSDEEP

49152:fg9rtk76+oC4c9oHWgO8YyVOOUE/wFgtL1e9oPSyEuOBOILKtSb:Apk7xP9o2d/E/igBsGSJOILUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f8f7333de3b08d7e7a7da2208b1c6a708e537677939be7a68f8a734fa7cee11

Files

2f8f7333de3b08d7e7a7da2208b1c6a708e537677939be7a68f8a734fa7cee11
.dll windows:5 windows x86 arch:x86

30e8e871b599c813bcd7d278ef474d7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msacm32

acmDriverDetailsW

imm32

ImmRegisterWordW

mscms

GetStandardColorSpaceProfileW
CloseColorProfile

mprapi

MprConfigInterfaceGetHandle
MprAdminMIBEntryDelete
MprConfigInterfaceEnum
MprAdminInterfaceGetInfo

wintrust

CryptCATClose
WintrustAddActionID
WTHelperGetProvCertFromChain
WTHelperCertIsSelfSigned
CryptSIPRemoveSignedDataMsg
CryptCATPersistStore
CryptCATCatalogInfoFromContext

esent

JetSetIndexRange
JetRollback

ole32

CoCreateGuid
HPALETTE_UserMarshal
StgCreateStorageEx
HWND_UserMarshal
HBITMAP_UserSize
CoGetCurrentLogicalThreadId
CoQueryClientBlanket

kernel32

lstrcmpW
CommConfigDialogA
SetThreadPriority
WriteConsoleInputW
SwitchToThread
GetTimeFormatW
GetModuleHandleA
CloseHandle
SetThreadExecutionState
ClearCommBreak
GetUserDefaultUILanguage
GetStdHandle
HeapLock
Process32FirstW
VerLanguageNameA
SetSystemTime
EnterCriticalSection
EndUpdateResourceA
VirtualAlloc
GetSystemTimeAsFileTime
SetThreadLocale
IsBadStringPtrW
FindFirstFileExA
ReleaseSemaphore
VerSetConditionMask
WaitForSingleObject
WaitForSingleObjectEx
TerminateProcess
SetStdHandle
MoveFileWithProgressW
DeleteCriticalSection
WriteProcessMemory
ReadConsoleA
GetModuleFileNameA
GetProfileIntW

shlwapi

SHSkipJunction
StrStrW
StrStrA
StrChrA
PathMatchSpecW
SHIsLowMemoryMachine

winmm

midiStreamProperty
waveOutGetDevCapsW
mmioFlush
GetDriverModuleHandle
waveInOpen
midiOutUnprepareHeader
waveOutWrite
midiInOpen
midiOutShortMsg

comctl32

DestroyPropertySheetPage

oleaut32

LoadTypeLibEx
VarI2FromDate
VariantChangeTypeEx

setupapi

SetupDiEnumDeviceInfo
SetupLogErrorA
CM_Free_Resource_Conflict_Handle
CM_Open_DevNode_Key
SetupDiDestroyClassImageList
SetupGetBackupInformationW
CM_Get_DevNode_Registry_Property_ExW
SetupGetStringFieldW
CM_Get_Sibling_Ex
SetupDiDestroyDeviceInfoList
SetupDiGetClassDescriptionExA
SetupDiSetDeviceInstallParamsA

gdi32

GetTextCharacterExtra
GetWindowOrgEx
SetBitmapBits
FillPath
StretchBlt
LPtoDP
GetStretchBltMode
IntersectClipRect
Polyline
CloseEnhMetaFile
SetStretchBltMode
PathToRegion
GetCurrentObject
GetAspectRatioFilterEx
CreatePatternBrush
PolyPolyline
GetDeviceCaps
GetTextColor
AddFontResourceW

urlmon

CoGetClassObjectFromURL

opengl32

glGetError

advapi32

AreAnyAccessesGranted
CryptDuplicateHash
DeleteService
StartServiceCtrlDispatcherW
SetNamedSecurityInfoA
CryptSetHashParam
CreateProcessAsUserA
InitiateSystemShutdownA
RegCloseKey
SaferIdentifyLevel
InitializeSid
MapGenericMask
ChangeServiceConfig2W
RegOpenKeyW
AccessCheck
OpenBackupEventLogA
GetFileSecurityW
AddAccessDeniedAce

clusapi

ClusterRegCreateKey
ClusterRegQueryValue

secur32

AcquireCredentialsHandleA
ImpersonateSecurityContext
DeleteSecurityContext
GetUserNameExA

msvfw32

ICInstall

wininet

GetUrlCacheEntryInfoW
RetrieveUrlCacheEntryStreamA
InternetCombineUrlA

netapi32

NetLocalGroupEnum
NetUserChangePassword
NetShareSetInfo
NetApiBufferSize
NetServerComputerNameDel

rasapi32

RasRenameEntryW
RasGetAutodialAddressA

shell32

SHChangeNotify
SHGetFolderLocation
ExtractAssociatedIconExW
SHGetSpecialFolderPathA
SHAppBarMessage
SHGetInstanceExplorer
SHGetSpecialFolderPathW

rpcrt4

IUnknown_AddRef_Proxy
I_RpcServerInqLocalConnAddress
RpcEpUnregister
IUnknown_Release_Proxy
RpcStringFreeA

winspool.drv

ClosePrinter

ws2_32

select

lz32

LZInit
GetExpandedNameW
LZOpenFileW

msvcrt

fgets
iswxdigit
wcscoll
putc
wcslen

winscard

SCardLocateCardsW
SCardEndTransaction
SCardConnectW

crypt32

CryptImportPublicKeyInfo
CertAddCRLContextToStore
CertSetEnhancedKeyUsage

version

GetFileVersionInfoSizeA

user32

MonitorFromRect
mouse_event
FillRect
SetScrollRange
SetScrollInfo
AttachThreadInput
ImpersonateDdeClientWindow
ChildWindowFromPointEx
LoadImageA
WinHelpW
GetIconInfo
GetClientRect
MessageBeep
GetFocus
DestroyIcon
GetAsyncKeyState
CreateAcceleratorTableA
CreateWindowExA
GetUpdateRgn
CharNextW
SetMenu
AdjustWindowRectEx
ShowWindow
DragDetect
GetTopWindow
GetClassLongA
InSendMessageEx
UpdateWindow
OffsetRect
ShowOwnedPopups

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30e8e871b599c813bcd7d278ef474d7d

Headers

DLL Characteristics

File Characteristics

Imports

msacm32

imm32

mscms

mprapi

wintrust

esent

ole32

kernel32

shlwapi

winmm

comctl32

oleaut32

setupapi

gdi32

urlmon

opengl32

advapi32

clusapi

secur32

msvfw32

wininet

netapi32

rasapi32

shell32

rpcrt4

winspool.drv

ws2_32

lz32

msvcrt

winscard

crypt32

version

user32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.crt0 Size: 8KB - Virtual size: 4KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 208KB - Virtual size: 205KB

.rdata Size: 4KB - Virtual size: 896B

.reloc Size: 84KB - Virtual size: 80KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.crt0
Size: 8KB - Virtual size: 4KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 208KB - Virtual size: 205KB

.rdata
Size: 4KB - Virtual size: 896B

.reloc
Size: 84KB - Virtual size: 80KB