a47955e4d6bb1924b1a4be2bbb4cb85bab5f3e915e9cfd52ac12ebfe1a1a81a9

Sharing

Copy URL Twitter E-mail

General

Target

a47955e4d6bb1924b1a4be2bbb4cb85bab5f3e915e9cfd52ac12ebfe1a1a81a9
Size

2.8MB
MD5

ae32b3f25649c2432bce113c9117f000
SHA1

e17ab78e22feab2fe0d7587e9afa1e3280d08bf7
SHA256

a47955e4d6bb1924b1a4be2bbb4cb85bab5f3e915e9cfd52ac12ebfe1a1a81a9
SHA512

81b504abd4e4168efddcd9685c8c6f07177638be75a377251134cfb0662c139c1af8f58974af1f51541e21ab0a82f1f52bad6c1b401fefe172bf2f2eff11157e
SSDEEP

49152:yBwQqw2YQk2PKjGqIQq4qzJJ1J8Sx0Fi9kQ3WzUT1ghtXYzKGQRUPzI76VhiknYO:yB7AkeKjm4qzJJ38SmA9kmS4ghtXYeG3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a47955e4d6bb1924b1a4be2bbb4cb85bab5f3e915e9cfd52ac12ebfe1a1a81a9

Files

a47955e4d6bb1924b1a4be2bbb4cb85bab5f3e915e9cfd52ac12ebfe1a1a81a9
.dll windows:5 windows x86 arch:x86

1c5c6482f70c758ac6acf7eeed5dd14d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SAIMmsUzxPfs5z5aCf

Imports

setupapi

SetupDiEnumDeviceInfo

gdi32

GetGlyphOutlineA
CombineRgn
EnumMetaFile
GetCharWidth32W

rasapi32

RasGetConnectionStatistics
RasValidateEntryNameW
RasRenameEntryW
RasGetConnectStatusW

oleaut32

VarI2FromCy
VarBstrFromUI1
GetErrorInfo
SysReAllocStringLen

rpcrt4

RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcGetAuthorizationContextForClient
I_RpcServerRegisterForwardFunction
RpcServerUseProtseqIfW

secur32

AcceptSecurityContext
MakeSignature

shell32

SHLoadNonloadedIconOverlayIdentifiers
SHFileOperationW
SHSetLocalizedName
DragQueryFileA
Shell_NotifyIconA
ExtractIconExA

kernel32

GetCommandLineA
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
HeapReAlloc
HeapAlloc
IsValidLocale
LeaveCriticalSection
WaitForSingleObject
SetCommState
QueueUserWorkItem
GetThreadTimes
ReleaseSemaphore
DeleteCriticalSection
ExitProcess
QueryPerformanceCounter
WaitForSingleObjectEx
SetEvent
Process32FirstW
GetCurrentProcessId
GetProfileIntA
GetModuleFileNameW
GetBinaryTypeW
GetModuleFileNameA
SetCriticalSectionSpinCount
LoadLibraryW
LoadLibraryExA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
RtlUnwind
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
InitializeCriticalSectionAndSpinCount
SetStdHandle
FatalAppExitA
HeapFree
Sleep
CompareStringW
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
CloseHandle
GetLocaleInfoW
FreeEnvironmentStringsA
CreateFileA
GetEnvironmentStrings
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDateFormatA
GetTickCount
CompareStringA
EnumSystemLocalesA
SetEnvironmentVariableA
EnterCriticalSection

esent

JetInit

comdlg32

PrintDlgA

winmm

midiStreamOpen
mixerGetDevCapsW

user32

IsHungAppWindow
GetMenu
ShowWindow
SetWindowLongA
EmptyClipboard
GetWindow
GetClassLongW
InvalidateRect
UnhookWindowsHookEx
PostQuitMessage
GetClassNameA
SetCursorPos
SetWindowPlacement
CharNextExA
GetClipboardOwner
DestroyAcceleratorTable
SetWindowContextHelpId
DrawStateW

winscard

SCardConnectW
SCardEndTransaction
g_rgSCardRawPci
SCardListCardsW

mprapi

MprAdminInterfaceTransportGetInfo

winspool.drv

AddPrintProvidorW
EnumPortsW
GetPrintProcessorDirectoryW

ole32

CoFreeAllLibraries

wininet

GetUrlCacheEntryInfoExA

comctl32

ImageList_AddMasked
InitCommonControlsEx

lz32

GetExpandedNameW

ws2_32

select

wintrust

CryptCATCDFEnumMembers
CryptCATPutMemberInfo

urlmon

CopyBindInfo

shlwapi

StrStrIA
PathIsUNCA
ChrCmpIW

advapi32

BuildImpersonateTrusteeW
RegCloseKey
MakeAbsoluteSD
GetAce
LookupAccountSidA
ReadEventLogA
GetSidLengthRequired
GetNamedSecurityInfoW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.erloc
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

u8kp28Y2
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lE
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c5c6482f70c758ac6acf7eeed5dd14d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

gdi32

rasapi32

oleaut32

rpcrt4

secur32

shell32

kernel32

esent

comdlg32

winmm

user32

winscard

mprapi

winspool.drv

ole32

wininet

comctl32

lz32

ws2_32

wintrust

urlmon

shlwapi

advapi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.erloc Size: 344KB - Virtual size: 343KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 188KB - Virtual size: 191KB

CONST Size: 80KB - Virtual size: 77KB

u8kp28Y2 Size: 184KB - Virtual size: 183KB

lE Size: 456KB - Virtual size: 452KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 40KB - Virtual size: 37KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.erloc
Size: 344KB - Virtual size: 343KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 188KB - Virtual size: 191KB

CONST
Size: 80KB - Virtual size: 77KB

u8kp28Y2
Size: 184KB - Virtual size: 183KB

lE
Size: 456KB - Virtual size: 452KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 40KB - Virtual size: 37KB