c3803cbcc5b7a791237144d465a3a33c7a3f6d6b7bf5cf3032d955ba4a45a0c9

Sharing

Copy URL

Twitter E-mail

General

Target

c3803cbcc5b7a791237144d465a3a33c7a3f6d6b7bf5cf3032d955ba4a45a0c9
Size

229KB
MD5

266989d6ab80a5ed2db2e02204bd9281
SHA1

caa468ead0b06f982cbf5ab31d285a1a2940a744
SHA256

c3803cbcc5b7a791237144d465a3a33c7a3f6d6b7bf5cf3032d955ba4a45a0c9
SHA512

be4713d99cdd338d947f57ba7236b1a2ac18bf1528937f5b548a1f4e23c6ae452a7bf9b6d37194cbf0dc9b115a24bb459c30691a629b11a26ba240afd9b419c4
SSDEEP

3072:amkHdE+02qRIGYrP6OUHgz5dHtSyXQTxaxz2lJE2cWUQlaQMpjlaFKcy5:aJdDkcP6Oygz5dNVQizgyRjsFE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3803cbcc5b7a791237144d465a3a33c7a3f6d6b7bf5cf3032d955ba4a45a0c9

Files

c3803cbcc5b7a791237144d465a3a33c7a3f6d6b7bf5cf3032d955ba4a45a0c9
.dll windows:5 windows x64 arch:x64

567e2d70224143a0962eeb9ddad02d2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
htonl
htons
WSAStringToAddressW
freeaddrinfo
getaddrinfo
WSADuplicateSocketA
WSAGetLastError
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
listen
inet_ntoa
inet_addr
connect
closesocket
bind
accept

crypt32

CertGetCertificateContextProperty
CryptDecodeObjectEx
CryptImportPublicKeyInfo

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetConnectW
InternetCrackUrlW

winhttp

WinHttpOpen
WinHttpQueryOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpConnect
WinHttpReadData
WinHttpCrackUrl

kernel32

FindFirstFileExA
FindClose
GetStringTypeW
LCMapStringW
GetFileType
GetStdHandle
GetACP
HeapReAlloc
HeapAlloc
HeapFree
GetModuleFileNameA
GetModuleHandleExW
TerminateProcess
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetLastError
WriteProcessMemory
CloseHandle
DuplicateHandle
CreateEventW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
OpenThread
SetLastError
SuspendThread
ResumeThread
Sleep
LoadLibraryA
GetVersionExW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FindNextFileA
VirtualProtect
VirtualQuery
LoadLibraryW
GetModuleHandleA
VirtualProtectEx
ExitProcess
SetUnhandledExceptionFilter
CreateRemoteThread
ExitThread
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
LocalFree
WriteFile
GetSystemDirectoryW
CreateFileA
GetVolumeInformationW
GetComputerNameW
GetThreadId
WaitForMultipleObjects
LocalAlloc
GetOverlappedResult
ResetEvent
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetCurrentProcessId
GetCurrentThreadId
SetHandleInformation
SetNamedPipeHandleState
PeekNamedPipe
CreateFileW
CreateNamedPipeW
CreateThread
GetTickCount
GlobalFree
TerminateThread
SetEvent
ReleaseMutex
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
TlsGetValue
TlsAlloc
FlushInstructionCache
CreateMutexW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

user32

GetProcessWindowStation
GetUserObjectInformationA
GetThreadDesktop

advapi32

CryptImportKey
ImpersonateLoggedOnUser
OpenProcessToken
OpenThreadToken
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
AdjustTokenPrivileges
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW

ole32

CoCreateGuid

dnsapi

DnsQuery_W
DnsFree

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

567e2d70224143a0962eeb9ddad02d2e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wininet

winhttp

kernel32

user32

advapi32

ole32

dnsapi

Sections

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 12KB - Virtual size: 26KB

.pdata Size: 8KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 26KB

.pdata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB