20d65de899e864d9e1279f07adfa411eaa966f224d8d7b82a7b1b3e1fc4934ca

Sharing

Copy URL Twitter E-mail

General

Target

20d65de899e864d9e1279f07adfa411eaa966f224d8d7b82a7b1b3e1fc4934ca
Size

8.0MB
MD5

fb0b543661435da0836c01390660ab77
SHA1

bd8573dca96bce5fa12e3f085887b1b0e53cfc73
SHA256

20d65de899e864d9e1279f07adfa411eaa966f224d8d7b82a7b1b3e1fc4934ca
SHA512

04681b4e99d1e4f33da6a79017f30022a39c6fef62c062d10c2cd18eb52870f880ec5057c44a63f82bf5c2116037042efc508e3546d67b704205f029a7f277c9
SSDEEP

98304:+nNetec4lYljfsC7J0eR0CYmBAUZLuilOuGDomcclnx4DpbMkcz0PBMi:dteFKwmViiYuKdcclnCDprcz0P6i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20d65de899e864d9e1279f07adfa411eaa966f224d8d7b82a7b1b3e1fc4934ca

Office document contains embedded OLE objects 1 IoCs

Detected embedded OLE objects in Office documents.

resource	yara_rule
sample	office_ole_embedded

Files

20d65de899e864d9e1279f07adfa411eaa966f224d8d7b82a7b1b3e1fc4934ca
.dll windows:5 windows x86 arch:x86

518a40eaf0e37816e3df81d491e759c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send
recv
ioctlsocket
closesocket
WSACreateEvent
WSADuplicateSocketA
WSAGetLastError
getsockopt
WSAEnumNetworkEvents
WSACleanup
WSASetLastError
WSAEventSelect
WSASetEvent
WSACloseEvent
WSAAddressToStringA
WSASocketA
WSAStartup
WSAStringToAddressA

ntdll

RtlInitString
RtlNtStatusToDosError
RtlGetNtProductType
RtlGetVersion
RtlGetNativeSystemInformation
NtCreateFile
NtQueryInformationProcess
NtFreeVirtualMemory
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtCreateSection
NtMapViewOfSection
NtQueryInformationFile
NtQueryDirectoryFile
NtReadFile
NtSetInformationFile
NtTerminateProcess
NtWriteFile
LdrGetDllHandle
LdrGetProcedureAddress
NtOpenProcessToken
RtlInitUnicodeString
RtlUnwind

kernel32

PeekConsoleInputA
PeekNamedPipe
AttachConsole
AllocConsole
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
CreateEventA
IsDBCSLeadByteEx
LoadLibraryA
GetConsoleOutputCP
GetExitCodeProcess
GetWindowsDirectoryW
GetSystemDirectoryW
DebugBreak
GetSystemInfo
ExpandEnvironmentStringsW
GetEnvironmentVariableW
InitializeCriticalSection
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetEnvironmentVariableA
InterlockedCompareExchange
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
SetConsoleMode
GetFileInformationByHandleEx
OutputDebugStringA
HeapSize
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapReAlloc
ReadConsoleInputA
GetACP
ReadConsoleW
ReadFile
GetConsoleCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetProcAddress
LockResource
LoadResource
FindResourceW
QueryPerformanceCounter
QueryPerformanceFrequency
GetLastError
SetLastError
FreeLibrary
LocalFree
RaiseException
CreateThread
GetSystemTimeAsFileTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
ResumeThread
SetEvent
SetEndOfFile
SetFilePointerEx
CloseHandle
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventW
LoadLibraryExA
LoadLibraryExW
GetModuleHandleExW
CreateProcessW
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
FormatMessageW
GetCurrentProcessId
GetCurrentThreadId
GetStdHandle
WriteFile
GetDynamicTimeZoneInformation
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
GetDateFormatW
WaitForMultipleObjects
HeapCreate
HeapDestroy
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetNumberOfConsoleInputEvents
GetTimeZoneInformation
HeapAlloc
HeapFree
GetModuleFileNameA
ExitProcess
ExitThread
WaitForSingleObject
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
DeviceIoControl
EncodePointer
DecodePointer
DuplicateHandle
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
QueueUserWorkItem
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA

advapi32

RegLoadMUIStringW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventA
RegisterEventSourceW
DeregisterEventSource

user32

MsgWaitForMultipleObjectsEx
PostMessageA
MessageBoxW
PeekMessageA

Exports

Exports

VrCreateSpeedupContext
VrCreateSpeedupContextWith
VrReleaseSpeedupContext
VrScanMessageWithContext
_libiconv_version

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

518a40eaf0e37816e3df81d491e759c2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

ntdll

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 128KB - Virtual size: 146KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 73KB - Virtual size: 73KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 128KB - Virtual size: 146KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 73KB - Virtual size: 73KB