d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48

Sharing

Copy URL

Twitter E-mail

General

Target

d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48
Size

1.1MB
MD5

7e2cfd1c2513740295d6b7fabaf95ea4
SHA1

ae8ebe15b685ac84d8f47cc5b4bf0d4f1a6c9572
SHA256

d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48
SHA512

784ca0c0998a5eb55fc3d635242ee19f0670025b2218ad37816d2c8b18e777c4a4586ae503bc97d96d1822afdd53dc91f9b6f267197f757f9b30a73cc370aa2e
SSDEEP

12288:nmNDiDQ21Elifgbhc5ZbqWDyALUvNi8KaEIgAteiDqd+Ci6T1l84A79hbi:Mek2CBhcbL8vEnynZC1Tz8r79hbi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48

Files

d432923facfd4345e0a484faa3ce4d2f303cb979a2da221b1a8f5217fb774b48
.dll windows:6 windows x86 arch:x86

6e31f7ef3a3092fdc488764688222205

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Are\901\Guess-hope\gentle\sky.pdb

Imports

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
ReadConsoleW
DecodePointer
QueryPerformanceCounter
GetSystemTime
DeleteCriticalSection
GetFileSize
VirtualProtectEx
LoadResource
GetWindowsDirectoryA
CloseHandle
GetDateFormatA
GetVersionExA
GetSystemDirectoryA
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
CreateFileA
GetTempPathA
OpenProcess
GetModuleHandleA
SetEndOfFile
VirtualProtect
ReadFile
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EncodePointer
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
RtlUnwind
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
HeapAlloc
HeapValidate
GetSystemInfo
ExitProcess
GetCurrentThread
GetStdHandle
GetFileType
WriteFile
OutputDebugStringW
WriteConsoleW
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
CreateFileW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString

winmm

waveInStop
timeBeginPeriod
waveInOpen
waveInStart
waveInAddBuffer
timeEndPeriod
waveInClose

crypt32

CertVerifyCertificateChainPolicy
CryptHashCertificate
CryptImportPublicKeyInfo
CertFindCertificateInStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCreateSelfSignCertificate
CertGetCertificateChain
CertAddEncodedCertificateToStore
CryptDecodeObject
CertDeleteCertificateFromStore
CertCreateCertificateContext

rpcrt4

UuidCreate
RpcMgmtSetServerStackSize
UuidFromStringA
NdrServerCall2
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIf
I_RpcBindingIsClientLocal
RpcRaiseException

avifil32

AVIBuildFilterA
AVIFileOpenA
AVIFileEndRecord
AVIFileInit
AVIFileExit
AVIFileGetStream

Exports

Exports

Fineschool
Heartwhite
Replyclothe

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e31f7ef3a3092fdc488764688222205

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

winmm

crypt32

rpcrt4

avifil32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 10KB - Virtual size: 4.0MB

.idata Size: 4KB - Virtual size: 4KB

.gfids Size: 1024B - Virtual size: 524B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 10KB - Virtual size: 4.0MB

.idata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 1024B - Virtual size: 524B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 20KB - Virtual size: 20KB