4e1fea6129d07ed453a1d02c5f55eec01e37b70c40e0613949454cdfed70a15a

Sharing

Copy URL Twitter E-mail

General

Target

4e1fea6129d07ed453a1d02c5f55eec01e37b70c40e0613949454cdfed70a15a
Size

392KB
MD5

f62e1b2e6606af6484b8926dbba650c2
SHA1

4dcc7dd36f0805d271acf9463cf1d95c9aa6e727
SHA256

4e1fea6129d07ed453a1d02c5f55eec01e37b70c40e0613949454cdfed70a15a
SHA512

d0c73e33af20bb282a7ed35346f341ffd0a60ab53a533a680ee735d949bc6493dca3bd98cc9986254e4420fd2704d7c7f355d4cd5a44b6e9cf62db54eb60252d
SSDEEP

1536:o0k9F7g4yPn82hjfzaSv90SLoE+9niXuVG1Ll8d7:o0uF84w3fzaSv90SLoE+9niXuVm2d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e1fea6129d07ed453a1d02c5f55eec01e37b70c40e0613949454cdfed70a15a

Files

4e1fea6129d07ed453a1d02c5f55eec01e37b70c40e0613949454cdfed70a15a
.dll windows:4 windows x86 arch:x86

f9453c2aca165a8f47cf513d198f7fb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
WTSGetActiveConsoleSessionId
GetModuleFileNameA
Sleep
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
GetVersionExW
GetCurrentProcessId
GetSystemInfo
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateMutexW
DeleteFileA
CreateFileW
WaitForSingleObject
InitializeCriticalSection
DisableThreadLibraryCalls
GetSystemTime
VirtualQuery
VirtualFree
IsBadReadPtr
FreeLibrary
lstrcmpiA
CreateEventA
GetSystemDirectoryW
CreateThread
lstrcatW
GetFileTime
lstrcpyW
LoadLibraryA
GetModuleHandleA
CloseHandle
GetProcAddress
VirtualAlloc
VirtualProtect
VirtualProtectEx
OpenProcess
GetLastError
GetACP

advapi32

CryptReleaseContext
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
CryptDestroyKey
CryptGenKey
CryptAcquireContextW
LookupAccountSidW

ole32

CLSIDFromString
CoCreateGuid

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7out_of_range@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

msvcrt

exit
rand
time
_wfopen
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
wcsrchr
_strlwr
free
malloc
_except_handler3
_local_unwind2
??2@YAPAXI@Z
fwrite
fclose
ftell
fseek
fopen
atoi
__CxxFrameHandler
strstr
_wcsrev
calloc
sprintf
_strrev
strtok
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
fread

shlwapi

PathFileExistsW

crypt32

CryptFindCertificateKeyProvInfo
CertStrToNameW
CertCreateSelfSignCertificate

secur32

QueryContextAttributesW
DecryptMessage
ApplyControlToken
EncryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcquireCredentialsHandleW

Exports

Exports

MSUpdata

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9453c2aca165a8f47cf513d198f7fb2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

msvcp60

msvcrt

shlwapi

crypt32

secur32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 2KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 2KB

.shell
Size: 320KB - Virtual size: 320KB