eece3ceee2df6821bacc15351d325deb44996e91b6bf4c552f9030a550800f31

Sharing

Copy URL Twitter E-mail

General

Target

eece3ceee2df6821bacc15351d325deb44996e91b6bf4c552f9030a550800f31
Size

572KB
MD5

1fe6dac5505e79b46e0b7eede7e1b2da
SHA1

5f131cef5ab99177e5cf53173287f59922817f83
SHA256

eece3ceee2df6821bacc15351d325deb44996e91b6bf4c552f9030a550800f31
SHA512

6a4fd746e9bfb846c37dd1b7c920f815690d17bc34ad95bac70656aac42b4cec850e02c6007beab9f5b3a4050c7c5316d1be03094a6aaf547ea132a8a12f79cf
SSDEEP

6144:gpy3TTjwAI6vdxni4fz8bR1+ZMTTHQycfTQX4dXBd7e95HSBJZosEJyohB9UBku+:gpy3XzhdxiM+yM32Te4j8koL9UOuJQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eece3ceee2df6821bacc15351d325deb44996e91b6bf4c552f9030a550800f31

Files

eece3ceee2df6821bacc15351d325deb44996e91b6bf4c552f9030a550800f31
.dll windows:5 windows x64 arch:x64

90641da1d36bb70858efedbf74369dc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsBadCodePtr
GlobalLock
GlobalUnlock
TlsSetValue
TlsGetValue
GetLastError
SetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
lstrcmpiA
GetCommandLineW
GetModuleFileNameW
GetSystemTimes
GetSystemTime
CreateFileMappingW
MapViewOfFile
CloseHandle
CreateThread
GetCurrentThreadId
UnmapViewOfFile
Sleep
IsDebuggerPresent
TlsFree
FindFirstFileW
FindNextFileW
FindClose
IsBadReadPtr
SetErrorMode
ResumeThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
GetCurrentProcess
GetTickCount
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetVersionExW
FileTimeToLocalFileTime
GetLocalTime
TlsAlloc
WriteProcessMemory
TerminateProcess
VirtualAllocEx
ExitProcess
VirtualProtect
HeapFree
VirtualFree
VirtualAlloc
SuspendThread
HeapAlloc
GetThreadContext
GetProcessHeap
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
GetFileSize
FreeLibrary
LoadLibraryExW
CreateFileW
ReadFile
GetPrivateProfileStringW
ProcessIdToSessionId
VirtualFreeEx
QueueUserAPC
GetPrivateProfileIntW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetCurrentThread
GetProcAddress
QueryPerformanceCounter
GetModuleHandleW
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
GetModuleHandleExW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
SwitchToThread
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList

user32

EnumWindows
GetWindowLongPtrW
PostMessageW
GetWindowThreadProcessId

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW
DragQueryFileW
SHGetSpecialFolderPathW

ole32

CoCreateInstanceEx
CoUninitialize
CoTaskMemFree
ReleaseStgMedium
CoInitialize

shlwapi

SHGetValueW
PathAppendW
PathCombineW
PathFileExistsW
StrStrIW
StrStrIA
StrStrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

Initialize

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90641da1d36bb70858efedbf74369dc4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

Exports

Exports

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 16KB - Virtual size: 16KB

.pdata Size: 20KB - Virtual size: 20KB

.detourc Size: 28KB - Virtual size: 28KB

.detourd Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 16KB - Virtual size: 16KB

.pdata
Size: 20KB - Virtual size: 20KB

.detourc
Size: 28KB - Virtual size: 28KB

.detourd
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB