e0c72a7b56fa310394fd962a3dcaa0064d5ab0a073db5b784f0f94778b46d825

Sharing

Copy URL Twitter E-mail

General

Target

e0c72a7b56fa310394fd962a3dcaa0064d5ab0a073db5b784f0f94778b46d825
Size

4.3MB
MD5

e4bca95c3d1d4619c9c0f150bc3a9abf
SHA1

f8a8c7e38734d5ca8004bbd545d9d9577146636c
SHA256

e0c72a7b56fa310394fd962a3dcaa0064d5ab0a073db5b784f0f94778b46d825
SHA512

90b4ba401f487c715195127f8d89885daf43c1d4e9b74cadf421f0d95298b33a0b4eb68418dd09a5391ea663f729f967b29f2503b6670a51d15b64dfc18ab56e
SSDEEP

98304:6vAFVdrUJcE2yT5F1xdHnT8WXUEbrAJyd0m74GRcbR3K33f/xKj:6oFHrQrF1xBNXDCR3u3hq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0c72a7b56fa310394fd962a3dcaa0064d5ab0a073db5b784f0f94778b46d825

Files

e0c72a7b56fa310394fd962a3dcaa0064d5ab0a073db5b784f0f94778b46d825
.dll windows:6 windows x86 arch:x86

c0ccb371a1f016147b5f6fe3fb336134

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleW
WideCharToMultiByte
CreateThread
Sleep
OutputDebugStringW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
OpenMutexW
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateMutexW
GetLastError
SetEndOfFile
GetFullPathNameW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetFileType
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
LoadLibraryExW
ExitThread
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CloseHandle
WriteConsoleW
ReleaseMutex
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
FindFirstFileW
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
FindClose
GetNativeSystemInfo
CreateProcessW
OpenProcess
OpenThread
SuspendThread
GetThreadContext
VirtualAllocEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
Thread32First
Thread32Next
GetThreadTimes
Module32FirstW
Module32NextW
GetWindowsDirectoryW
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
EncodePointer
DecodePointer
GetStringTypeW
RaiseException
SetLastError
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
GetCurrentThreadId
ReleaseSemaphore
SwitchToThread
CreateSemaphoreW
GetFileSize
MapViewOfFileEx
CreateIoCompletionPort
WaitForMultipleObjects
InitializeCriticalSection
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

AdjustTokenPrivileges
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetFolderPathW

ws2_32

socket
listen
bind
WSAStartup
WSAAddressToStringW
WSACleanup
WSARecv
WSAIoctl
WSASetLastError
shutdown
setsockopt
ntohs
htons
getsockopt
getsockname
ioctlsocket
closesocket
WSAGetOverlappedResult
WSAGetLastError
WSASend
WSAStringToAddressW

iphlpapi

GetTcpTable

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

shlwapi

StrChrW
StrPBrkW

user32

MessageBoxA
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0ccb371a1f016147b5f6fe3fb336134

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

iphlpapi

version

winmm

shlwapi

user32

wtsapi32

Sections

.text Size: - Virtual size: 756KB

.rdata Size: - Virtual size: 130KB

.data Size: - Virtual size: 25KB

.tls Size: - Virtual size: 25B

.text0 Size: - Virtual size: 2.3MB

.text1 Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 756KB

.rdata
Size: - Virtual size: 130KB

.data
Size: - Virtual size: 25KB

.tls
Size: - Virtual size: 25B

.text0
Size: - Virtual size: 2.3MB

.text1
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B