45eaa13abaf01d4102773ae717c7c7bc4b8dbb1d888c9b5faaa4a874023567aa

Sharing

Copy URL Twitter E-mail

General

Target

45eaa13abaf01d4102773ae717c7c7bc4b8dbb1d888c9b5faaa4a874023567aa
Size

3.0MB
MD5

ba25fa9cf23867ae7688de94b2fa6e05
SHA1

c6bf56698d6dd2892815d98d3beb25d3f80390ac
SHA256

45eaa13abaf01d4102773ae717c7c7bc4b8dbb1d888c9b5faaa4a874023567aa
SHA512

d90b82862eff1df359eae5e88f15f073d489ee0f5979f0ab9ac6429b8e40f8786b060780203fbda6818b177feceed4dbfefa0eafa943cd9ec5a20a84f95caf80
SSDEEP

49152:8vYzgvuj2CzX+GuQLwyFR5spoCJXEaKcXW0AANmxQxI0ipw3adCcuX4Pzmj66Tr:TsKQGuQd+3lYnrG3gjuXqzmr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45eaa13abaf01d4102773ae717c7c7bc4b8dbb1d888c9b5faaa4a874023567aa

Files

45eaa13abaf01d4102773ae717c7c7bc4b8dbb1d888c9b5faaa4a874023567aa
.dll windows:5 windows x86 arch:x86

aa5b9c2671b1e91d70e984303e0acab9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\XSu\Bm.pdb

Imports

gdi32

GdiSetBatchLimit
PatBlt

crypt32

CryptSIPPutSignedDataMsg

kernel32

QueryPerformanceCounter
SetStdHandle
GetModuleFileNameW
GetBinaryTypeW
OutputDebugStringA
LoadLibraryExA
EnterCriticalSection
GetModuleHandleA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
GetLastError
CompareStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
GetStdHandle
DeleteCriticalSection
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapFree
Sleep
ExitProcess
GetLocaleInfoA
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapAlloc
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
LoadLibraryA
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
CreateFileA

esent

JetRollback

user32

GetUpdateRgn
GetScrollBarInfo

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

Exports

Exports

KrfgooouteBe

Sections

.text
Size: 2.6MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.EXP
Size: 4KB - Virtual size: 503B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa5b9c2671b1e91d70e984303e0acab9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

crypt32

kernel32

esent

user32

setupapi

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.5MB

.EXP Size: 4KB - Virtual size: 503B

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 316KB - Virtual size: 322KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 136KB - Virtual size: 134KB

.text
Size: 2.6MB - Virtual size: 2.5MB

.EXP
Size: 4KB - Virtual size: 503B

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 316KB - Virtual size: 322KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 136KB - Virtual size: 134KB