494a34ac75ec45283e41b673ca12b770N

Sharing

Copy URL Twitter E-mail

General

Target

494a34ac75ec45283e41b673ca12b770N
Size

1.1MB
MD5

494a34ac75ec45283e41b673ca12b770
SHA1

4b22d1077d758d0f9b3ee960c31605936dc4c4e2
SHA256

4711473b8c5acba1c0fe042c3372cf1d93c9414ca08338a4a91ce6e31f9e9336
SHA512

7327869281ac46f3261a663f71fe6ca1455dfa6477057c28358e94de7e8ea8668e9c9d7616f07f9add13eaed8e94d7abd50bc416f9ead93ff18994068e5e73b7
SSDEEP

24576:mqTCYhKhvzjW6BK7rZ4izQ+88iLvoZ+NVHdbwHSY7VxRZPMHG2p4Cca:m19v+6BK7rKi5yjoZ+NVHdbad7Vx70Ht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
494a34ac75ec45283e41b673ca12b770N

Files

494a34ac75ec45283e41b673ca12b770N
.dll windows:6 windows x86 arch:x86

7c459f197427bb3fd2adc8611acb55ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalFree
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetSystemDefaultLCID
GetUserDefaultLCID
ReadFile
WriteFile
SetNamedPipeHandleState
DisableThreadLibraryCalls
FreeLibraryAndExitThread
FreeResource
GetModuleHandleW
LoadResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
GetSystemDirectoryW
IsDBCSLeadByteEx
IsBadReadPtr
FindClose
FindFirstFileW
FindNextFileW
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
lstrlenW
GetModuleHandleA
IsDBCSLeadByte
lstrcatA
IsBadWritePtr
GetCurrentThread
GetACP
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
OpenProcess
VirtualQueryEx
HeapCreate
HeapDestroy
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetTickCount
GetModuleHandleExW
ExitProcess
RtlUnwind
InterlockedFlushSList
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetCPInfo
DeleteCriticalSection
QueryPerformanceCounter
GetFileAttributesExW
FindFirstFileExW
FormatMessageA
GetStringTypeW
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateEventW
CreateEventA
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
CloseHandle
AreFileApisANSI
GetFileAttributesW
GlobalFree
CreateFileW

user32

ReleaseDC
SetClipboardData
GetWindowTextW
GetWindowTextLengthW
EnumWindows
DrawTextW
GetWindowThreadProcessId
CharNextA
CharPrevA
DrawTextExA
DrawTextExW
DrawTextA
wsprintfW
GetKeyState

gdi32

AddFontResourceExW
DeleteObject
CreateCompatibleDC
GetTextFaceW
GetTextMetricsW
SelectObject
RemoveFontResourceExW
ExtTextOutW
GetTextExtentExPointW
GetTextExtentExPointA
CreateFontW
CreateFontA
CreateFontIndirectW
CreateFontIndirectA
GetTextMetricsA
GetCharacterPlacementW
TextOutW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentPoint32A
ExtTextOutA
TextOutA
GetGlyphOutlineW
GetGlyphOutlineA
GetCharWidth32W
GetCharABCWidthsA

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemAlloc

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

PathMatchSpecW

psapi

GetModuleFileNameExW
EnumProcessModules

msvcrt

isalpha
malloc
wcsncmp
islower
isdigit
isupper
ispunct
isspace
strncpy
_errno
wcstol
strcspn
frexp
calloc
ceil
_wcsdup
__pctype_func
___lc_codepage_func
___mb_cur_max_func
strtod
_Getdays
_Getmonths
_Gettnames
_Strftime
tolower
_callnewh
_initterm
strtol
?terminate@@YAXXZ
_wcslwr
strncmp
_lock
_unlock
___lc_handle_func
__lc_collate_cp
_XcptFilter
__getmainargs
_msize
mbtowc
_strtoui64
_CIlog10
_clearfp
_amsg_exit
?name@type_info@@QBEPBDXZ
__CxxFrameHandler
__uncaught_exception
__RTtypeid
wcsstr
wcschr
strstr
memchr
strchr
_CxxThrowException
memset
memmove
memcpy
memcmp
wcsrchr
realloc
free
_beginthreadex
abort
strrchr

Exports

Exports

internal_renpy_call_host
internal_renpy_get_font

Sections

.text
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 50.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c459f197427bb3fd2adc8611acb55ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

advapi32

shlwapi

psapi

msvcrt

Exports

Exports

Sections

.text Size: 773KB - Virtual size: 773KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 21KB - Virtual size: 50.0MB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 112KB - Virtual size: 112KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 773KB - Virtual size: 773KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 21KB - Virtual size: 50.0MB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 112KB - Virtual size: 112KB

.reloc
Size: 42KB - Virtual size: 41KB