a9d6d0d93727ca1ceffbdf1360cb6010N

Sharing

Copy URL Twitter E-mail

General

Target

a9d6d0d93727ca1ceffbdf1360cb6010N
Size

563KB
MD5

a9d6d0d93727ca1ceffbdf1360cb6010
SHA1

e1f90f011b50bc2085c46f4abec2b016182c5691
SHA256

cf999df294822377a95870217a54764545334143e10a2c4b279df902ab38eb68
SHA512

990a734a1e2a4a144540266538f1245dfaf05bf82a756a4d56dee218323d98e3733bc2b59a40469b9e9b0b4bed9f1be92efe989d5b2136dab2861837079b5a39
SSDEEP

6144:9yLdK/SomW31y5gwr2YUwEPqGzfeXZdNS:sJg3Q5gwrxUbPJK4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9d6d0d93727ca1ceffbdf1360cb6010N

Files

a9d6d0d93727ca1ceffbdf1360cb6010N
.dll windows:6 windows x86 arch:x86

6039e9d0f945d4f162f1a914231dcdf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

PathAddBackslashW
ord219
PathFindFileNameW
PathRemoveFileSpecW

kernel32

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetCurrentThread
GetThreadSelectorEntry
GetProcAddress
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
VirtualProtectEx
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetThreadContext
SuspendThread
ResumeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
CloseHandle
GetSystemInfo
LoadLibraryW
GetModuleHandleW
LocalAlloc
LocalSize
LocalFree
GetLongPathNameW
GetLastError
MapViewOfFile
UnmapViewOfFile
lstrcmpiW
EnumSystemLocalesW
lstrlenW
CreateFileMappingA
GetModuleFileNameW
GetCommandLineW
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
VerLanguageNameW
InterlockedIncrement
InterlockedDecrement
SetLastError
InitializeCriticalSectionAndSpinCount
IsBadStringPtrW
lstrcatA
lstrcmpW
GetModuleHandleA
GetSystemDirectoryW
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapReAlloc
FreeLibrary
InterlockedExchange
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateFileW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
lstrcpyW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
HeapSize
RaiseException
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetProcessHeap
GetConsoleMode
GetConsoleCP
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
HeapFree
HeapAlloc
RtlUnwind
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
AreFileApisANSI
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryExW
WriteFile
DeleteCriticalSection
FatalAppExitA
FlushFileBuffers

user32

SetWindowsHookExA
UnhookWindowsHookEx
RegisterWindowMessageA
CallNextHookEx
GetParent
GetWindowLongA
IsWindowVisible
KillTimer
SetTimer
SendMessageA
GetWindow
GetClassNameW
FindWindowW
SendMessageW
PostMessageA

advapi32

InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHCreateItemFromIDList
DragQueryFileW

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

rpcrt4

UuidCreate

Exports

Exports

F100001
F100002
F100003
F100004
F100005
F3
H1
H2
H3
H4

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 190KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6039e9d0f945d4f162f1a914231dcdf6

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 279KB - Virtual size: 279KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 190KB - Virtual size: 200KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 279KB - Virtual size: 279KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 190KB - Virtual size: 200KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB