f2b45e6ed1de9570f8206494a4dee534ff2d48e44b6a8ceeb1dcd092968cfcb0

Sharing

Copy URL Twitter E-mail

General

Target

f2b45e6ed1de9570f8206494a4dee534ff2d48e44b6a8ceeb1dcd092968cfcb0
Size

572KB
MD5

ef69932bb0ed60377ff36873de95cd49
SHA1

fbd02419a98ed2903c1a9f880e50116f9a7bc71c
SHA256

f2b45e6ed1de9570f8206494a4dee534ff2d48e44b6a8ceeb1dcd092968cfcb0
SHA512

ffa548ed0a10c58f89399f34711cad3f5caad11b35c8457b94fa92053de6cf66c484caaaccc45ca4a7f5d3c6a99067af2851b1a1e535eb720630d474cabdcb7a
SSDEEP

6144:gpy3TTjwAI6vdxni4fz8bR1+ZMTTHQycfTQX4dXBd7e95HSBJZosEJyohB9UBku7:gpy3XzhdxiM+yM32Te4j8koL9UOuJx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2b45e6ed1de9570f8206494a4dee534ff2d48e44b6a8ceeb1dcd092968cfcb0

Files

f2b45e6ed1de9570f8206494a4dee534ff2d48e44b6a8ceeb1dcd092968cfcb0
.dll windows:5 windows x64 arch:x64

90641da1d36bb70858efedbf74369dc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsBadCodePtr
GlobalLock
GlobalUnlock
TlsSetValue
TlsGetValue
GetLastError
SetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
lstrcmpiA
GetCommandLineW
GetModuleFileNameW
GetSystemTimes
GetSystemTime
CreateFileMappingW
MapViewOfFile
CloseHandle
CreateThread
GetCurrentThreadId
UnmapViewOfFile
Sleep
IsDebuggerPresent
TlsFree
FindFirstFileW
FindNextFileW
FindClose
IsBadReadPtr
SetErrorMode
ResumeThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
GetCurrentProcess
GetTickCount
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetVersionExW
FileTimeToLocalFileTime
GetLocalTime
TlsAlloc
WriteProcessMemory
TerminateProcess
VirtualAllocEx
ExitProcess
VirtualProtect
HeapFree
VirtualFree
VirtualAlloc
SuspendThread
HeapAlloc
GetThreadContext
GetProcessHeap
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
GetFileSize
FreeLibrary
LoadLibraryExW
CreateFileW
ReadFile
GetPrivateProfileStringW
ProcessIdToSessionId
VirtualFreeEx
QueueUserAPC
GetPrivateProfileIntW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetCurrentThread
GetProcAddress
QueryPerformanceCounter
GetModuleHandleW
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
GetModuleHandleExW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
SwitchToThread
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList

user32

EnumWindows
GetWindowLongPtrW
PostMessageW
GetWindowThreadProcessId

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW
DragQueryFileW
SHGetSpecialFolderPathW

ole32

CoCreateInstanceEx
CoUninitialize
CoTaskMemFree
ReleaseStgMedium
CoInitialize

shlwapi

SHGetValueW
PathAppendW
PathCombineW
PathFileExistsW
StrStrIW
StrStrIA
StrStrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

Initialize

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90641da1d36bb70858efedbf74369dc4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

Exports

Exports

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 16KB - Virtual size: 16KB

.pdata Size: 20KB - Virtual size: 20KB

.detourc Size: 28KB - Virtual size: 28KB

.detourd Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 16KB - Virtual size: 16KB

.pdata
Size: 20KB - Virtual size: 20KB

.detourc
Size: 28KB - Virtual size: 28KB

.detourd
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB