2aa2f2f7839209643b42a0abfdc9f61bb01a48e7fa6390c7a9f5550eeabbde0d

Sharing

Copy URL

Twitter E-mail

General

Target

2aa2f2f7839209643b42a0abfdc9f61bb01a48e7fa6390c7a9f5550eeabbde0d
Size

3.0MB
MD5

5481efb7a1a498fb205511b7d79328df
SHA1

37851abf026eec8cdcd9d51ecbc200eadeaa226b
SHA256

2aa2f2f7839209643b42a0abfdc9f61bb01a48e7fa6390c7a9f5550eeabbde0d
SHA512

18a0bcdb6e96b76696f16177a9f125d3d2ec1e049c35fa2817396309985bf4eca80ef8714bd0ed1d01f9de71d2789d91f7735d5424fe8c14d4b28d2016639042
SSDEEP

49152:xr1qy95opkgrlsKI5h4a1Z2nyBNRdiZFBw7Bg6v8n4YIO3DcAXf/NAJ6:xr1qyUpkgrltIQaP/iF0QXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aa2f2f7839209643b42a0abfdc9f61bb01a48e7fa6390c7a9f5550eeabbde0d

Files

2aa2f2f7839209643b42a0abfdc9f61bb01a48e7fa6390c7a9f5550eeabbde0d
.dll windows:6 windows x86 arch:x86

8968a2bddbdbda7fed2c3678b9962e8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
SizeofResource
HeapFree
InitializeCriticalSectionEx
GetCurrentThreadId
HeapSize
GetLastError
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
VirtualQuery
RemoveVectoredExceptionHandler
VirtualProtect
AddVectoredExceptionHandler
FreeLibraryAndExitThread
FreeResource
CloseHandle
CreateThread
lstrlenW
VerSetConditionMask
QueryPerformanceFrequency
UnmapViewOfFile
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
MapViewOfFile
ReadProcessMemory
Sleep
WaitForSingleObject
TerminateThread
ExitProcess
DisableThreadLibraryCalls
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
GlobalLock
GlobalFree
GlobalAlloc
OpenFileMappingW

user32

SetWindowPos
GetDC
DestroyWindow
GetMessageExtraInfo
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetWindowLongW
GetParent
FindWindowW
EnumWindows
SendMessageW
MessageBoxW
MonitorFromWindow
GetWindowThreadProcessId
CallWindowProcW
GetCursorPos
ShowWindow
GetCapture
GetMonitorInfoW
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCursor
SetWindowLongW
GetClientRect
EnumDisplayMonitors
CreateWindowExW
UnregisterClassW
ScreenToClient
SetWindowTextW
RegisterClassExW
OpenClipboard
SetCursorPos
CloseClipboard
IsWindowUnicode
ReleaseCapture
LoadCursorW
SetCapture
EmptyClipboard
GetClipboardData
SetClipboardData
WindowFromPoint
IsIconic
SetForegroundWindow
ReleaseDC

gdi32

GetDeviceCaps

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmSetCandidateWindow

shlwapi

StrCpyW

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Random_device@std@@YAIXZ

d3d9

Direct3DCreate9

vcruntime140

memset
__current_exception
_CxxThrowException
__std_type_info_destroy_list
memmove
_except_handler4_common
__current_exception_context
wcsstr
__std_exception_copy
memcpy
memchr
__std_exception_destroy
strstr
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

ftell
fflush
__acrt_iob_func
fseek
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fclose
fwrite
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
_wfopen
__stdio_common_vsprintf
fread
__stdio_common_vsscanf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

wmemcpy_s
strncmp
strncpy
strnlen
wcsnlen

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_callnewh
calloc

api-ms-win-crt-convert-l1-1-0

strtol
wcstol

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
exit
system
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_errno

api-ms-win-crt-math-l1-1-0

ceil
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_libm_sse2_acos_precise
_CIfmod
ldexp
_libm_sse2_sin_precise

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.X&l
Size: 600KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8968a2bddbdbda7fed2c3678b9962e8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

imm32

shlwapi

msvcp140

d3d9

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 500KB - Virtual size: 499KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 512B - Virtual size: 7KB

.X&l Size: 600KB - Virtual size: 599KB

.reloc Size: 18KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 500KB - Virtual size: 499KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 512B - Virtual size: 7KB

.X&l
Size: 600KB - Virtual size: 599KB

.reloc
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB