3d9f143d90cdadc1a912bce4ff48b81d78fae7a6601cba122a4d3340da7ee828

Sharing

Copy URL Twitter E-mail

General

Target

3d9f143d90cdadc1a912bce4ff48b81d78fae7a6601cba122a4d3340da7ee828
Size

397KB
MD5

13cc199d42d2b307b03eccb651f303c6
SHA1

8a9cfd197730ce6dc47b46e7feda21bef4822098
SHA256

3d9f143d90cdadc1a912bce4ff48b81d78fae7a6601cba122a4d3340da7ee828
SHA512

65d8494bde7fa8391b1a9060c70abaf407e23834101ba7aac8fca14f1ea4b8e9d862a025d63d22489716b1427de55505270a49179896da710ec0dce62770338b
SSDEEP

1536:uUayKAFAn2TMDZaL3OXkbgyrPCVDG/Ae+SO:ayrHMwCWrmDG/AeZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d9f143d90cdadc1a912bce4ff48b81d78fae7a6601cba122a4d3340da7ee828

Files

3d9f143d90cdadc1a912bce4ff48b81d78fae7a6601cba122a4d3340da7ee828
.dll windows:5 windows x86 arch:x86

f15971c158c9f8dbae4763928c02d275

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
HeapFree
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
HeapAlloc
FreeLibrary
GetNativeSystemInfo
CreateThread
CloseHandle
IsDebuggerPresent
GetLastError
CreateFileW
GetModuleFileNameW
Sleep
CreateMutexW
GetFileSize
EncodePointer
DecodePointer
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapSize
MultiByteToWideChar
ReadFile
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
SetEndOfFile
WriteConsoleW
VirtualQuery

advapi32

RegSetValueExW
RegCloseKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
RegQueryValueExW
CryptReleaseContext
RegCreateKeyW
CryptDeriveKey
CryptAcquireContextW
CryptHashData

Exports

Exports

TmDbgInitialize
TmDbgTrace
TmDbgUninitialize

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f15971c158c9f8dbae4763928c02d275

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 5KB

.shell Size: 320KB - Virtual size: 320KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB

.shell
Size: 320KB - Virtual size: 320KB