6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df

Sharing

Copy URL Twitter E-mail

General

Target

6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df
Size

427KB
MD5

fcc2aad494b4f12480a1c8b0b944c70a
SHA1

a6d8dcf65dd1b004d60e6121683920e09feaa680
SHA256

6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df
SHA512

c3595ada7221e5ab4149a5ce7221704904b6a0dcda37dcfe9cf5a74a98c6c8e1b09b1a06299c3f1be5342596f8e4a5660c57690ba96a962ac12008806f872f58
SSDEEP

1536:8fzl4nyjgF5ROb+dWGszDtsggIlJumzUXgd7ce8+sWjcdmIaQcYZXsnR/2SywltC:4z2pWxcmh8hLcYanR/2SFS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df

Files

6216aa1b38985072cd0b7d8b8f381aa17eae79861d4ac37e046a302b7b5ee8df
.dll windows:5 windows x86 arch:x86

4b501b7b5eb2402aaf70c0c5e1a65ebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
SetUnhandledExceptionFilter
GetSystemDefaultLCID
GetDriveTypeA
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
GetLogicalDriveStringsA
CopyFileA
GetExitCodeThread
CreatePipe
GetVersionExA
GetTempPathA
DeleteFileA
FlushFileBuffers
HeapSize
WriteConsoleW
GetFileSize
GetSystemTime
GetLastError
CreateToolhelp32Snapshot
Process32Next
OpenProcess
Process32First
LocalFree
ReadFile
GlobalFree
GlobalAlloc
Sleep
SetEvent
CreateThread
CreateEventA
WaitForSingleObject
lstrcpyA
CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetProcAddress
lstrcmpiA
lstrcatA
HeapReAlloc
RtlUnwind
SetStdHandle
WTSGetActiveConsoleSessionId
LCMapStringW
GetStringTypeW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
CreateFileW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
RaiseException
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetSystemDirectoryA
GetSystemWow64DirectoryA
WriteFile
GetCurrentProcess
lstrlenA
SetFilePointer
CreateFileA
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
GetProcessHeap
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount

user32

GetDesktopWindow
GetWindowDC
GetSystemMetrics

gdi32

BitBlt
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

SetServiceStatus
ConvertSidToStringSidA
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
CreateProcessAsUserA
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
RegCloseKey
RegisterServiceCtrlHandlerA

shell32

SHGetSpecialFolderPathA

iphlpapi

GetTcpTable

wtsapi32

WTSQueryUserToken

ws2_32

htons
closesocket
WSACleanup
WSAStartup
send
socket
recv
setsockopt
inet_addr
gethostname
inet_ntoa
ntohs
gethostbyname
connect

gdiplus

GdipScaleWorldTransform
GdipDeleteGraphics
GdipDisposeImage
GdipDrawImageI
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0

crypt32

CertFreeCertificateContext
CertStrToNameW
CertCloseStore
CertCreateSelfSignCertificate
CryptFindCertificateKeyProvInfo

secur32

EncryptMessage
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesA
FreeCredentialsHandle

Exports

Exports

IID_IClassAdmin
NWCServiceMain
NetWareAccess

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b501b7b5eb2402aaf70c0c5e1a65ebb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

iphlpapi

wtsapi32

ws2_32

gdiplus

crypt32

secur32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 4KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 4KB

.shell
Size: 320KB - Virtual size: 320KB