2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077

Sharing

Copy URL Twitter E-mail

General

Target

2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077
Size

261KB
MD5

b68043bbee45e24fc0885b8900fb100e
SHA1

6ede2d6a73ac824b80c5efb9e4218c81675d6d00
SHA256

2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077
SHA512

f4b715d4251814e6efbfa88760631bff1bb4bfecdb5c0a1ea1bded8560c7206597bb844691c3c1f0a78dcc5d41c8f2955ce67445bf14cdadaa73658a12e7ab1f
SSDEEP

3072:WeW1AntqCt7AcyNQR67urx5KDahK44DYFjPkuQD9z88roLmH1WN9p2RVBRHHLn6:WeWCt7WyRtFYlXD6PGBwu16p2H3r6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077

Files

2906b36589f8d6d98b3346c5d3bbd9a3e3a1edf01b48cbe1de75e109f96a4077
.dll windows:5 windows x86 arch:x86

1a88e2a58ce4bfe7e09c8cb143420ebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\filedp\Release\filedp32.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpA
CreateThread
lstrcpyW
GetCurrentProcessId
DeleteFileW
CloseHandle
lstrcatW
lstrcmpiW
GetLocalTime
MoveFileW
lstrlenW
CreateFileW
GetModuleFileNameW
ReadFile
GetFileAttributesW
lstrcpynW
OutputDebugStringW
lstrcpyA
CopyFileW
Sleep
GetSystemDirectoryW
GetTickCount
MoveFileExW
SetFilePointer
GetFileSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
CreateFileA
VirtualQuery
CreateProcessW
InitializeCriticalSection
OpenProcess
LoadLibraryW
Process32FirstW
ProcessIdToSessionId
Module32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileAttributesExW
Module32NextW
WriteConsoleW

user32

wsprintfA

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW
ord165

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
wnsprintfW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
wvnsprintfW
SHGetValueW
PathRemoveExtensionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

OpenProcessToken
CreateProcessAsUserW

ole32

CoCreateGuid

Exports

Exports

RunAsUser

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a88e2a58ce4bfe7e09c8cb143420ebb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

shlwapi

userenv

advapi32

ole32

Exports

Exports

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB