89666d98814eb8af3e0e10a577499282c51de95dd060d7f185e0c3852327c652

Sharing

Copy URL Twitter E-mail

General

Target

89666d98814eb8af3e0e10a577499282c51de95dd060d7f185e0c3852327c652
Size

25KB
MD5

0d3b33c29c3130cf8e3c5c366b85e7af
SHA1

491a278666b77505a6d94711d9db5f0553b9c721
SHA256

89666d98814eb8af3e0e10a577499282c51de95dd060d7f185e0c3852327c652
SHA512

c6d22aa7177913b66c6700650216f424bfd96084c459a42553c38bd6dc38197dcced9d5dace218934bea5a05682f41dc099690d74f2281abc46923b364571c96
SSDEEP

768:NdMOxnw9seChptTsK0UkuJbVi12TUjTillAV:NdHtTmuJbVi12KiDAV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89666d98814eb8af3e0e10a577499282c51de95dd060d7f185e0c3852327c652

Files

89666d98814eb8af3e0e10a577499282c51de95dd060d7f185e0c3852327c652
.dll windows:6 windows x86 arch:x86

901666a698e4ce3e224c559404a52c30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryW
ReadFile
VirtualProtect
GetCurrentProcess
CreateFileW
Sleep
GetLastError
DisableThreadLibraryCalls
CloseHandle
K32GetModuleInformation
CreateThread
GetProcAddress
GetFileSize
ExitProcess
GetModuleHandleW
CopyFileW
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter

user32

MessageBoxW
GetActiveWindow

msvcp140

??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

vcruntime140

__current_exception_context
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
_CxxThrowException
memcpy
memset
_except_handler4_common
__current_exception
memmove

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_cexit
_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table
_initialize_onexit_table
_register_onexit_function

Exports

Exports

GetPluginDescription
GetPluginName
LoadPlugin
UnloadPlugin

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

901666a698e4ce3e224c559404a52c30

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 956B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 956B