e15488e36483db4900b4cc1a954c0ad0N

Sharing

Copy URL Twitter E-mail

General

Target

e15488e36483db4900b4cc1a954c0ad0N
Size

2.3MB
MD5

e15488e36483db4900b4cc1a954c0ad0
SHA1

602f4ad14df44961faf09ae20c26243e06795a84
SHA256

6c00e58aa087c36317d7ecd07eb61cae8b1862aa3d1978d4b4f9ae3f936a9b47
SHA512

9dc2ca86042f27960b0d6a80137a123cd62319466cf8877fd7974703b78e07a5b6d648ff85c2a7920329ae1d2bac8aa25b8ae18d983af48b95ea5889f2695928
SSDEEP

49152:j/izqGRc6/5n8j/yQnvfbTr+i+M7z2YPV4CYmWXnE+wXDX:j/cqGRcCk/yQbGi+M+Y6C+nKX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e15488e36483db4900b4cc1a954c0ad0N

Files

e15488e36483db4900b4cc1a954c0ad0N
.dll windows:5 windows x86 arch:x86

adfd8293ab71c14bdf7db71e8d8917bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetFileTitleA

lz32

GetExpandedNameW
LZRead

secur32

AcquireCredentialsHandleW
TranslateNameW

ws2_32

select

wininet

GetUrlCacheEntryInfoW

netapi32

NetApiBufferAllocate

msacm32

acmDriverDetailsW

winscard

SCardListCardsW
SCardConnectW

winspool.drv

StartDocPrinterW
FindNextPrinterChangeNotification
SetJobW

comctl32

ImageList_SetBkColor
InitCommonControlsEx

rasapi32

RasGetSubEntryHandleA
RasGetProjectionInfoA
RasHangUpA

mprapi

MprConfigInterfaceCreate

ole32

GetHGlobalFromILockBytes

shell32

SHBindToParent
SHGetFolderPathA
ShellExecuteExA
SHChangeNotify
CommandLineToArgvW
Shell_NotifyIconW

gdi32

GetWinMetaFileBits
SaveDC
SetWindowOrgEx
Pie
GetDIBits
ResetDCA
PlgBlt
AnimatePalette

winmm

midiStreamPause
midiStreamProperty

shlwapi

StrCmpLogicalW
AssocIsDangerous

setupapi

SetupDiEnumDeviceInfo

oleaut32

SafeArrayDestroyDescriptor
UnRegisterTypeLi
GetErrorInfo

user32

ChangeClipboardChain
GetMenuCheckMarkDimensions
CreateDialogIndirectParamA
CharLowerBuffW
OpenWindowStationA
ShowWindow
GetParent
UpdateWindow
BroadcastSystemMessageExW
SwapMouseButton
EnumPropsExA
DestroyCaret
GetDlgItem
GetComboBoxInfo
PaintDesktop
GetDoubleClickTime
GetWindowRgn

advapi32

GetFileSecurityW
AddUsersToEncryptedFile
RegSetValueW
RegCloseKey
CryptSetKeyParam
ObjectCloseAuditAlarmW
DeregisterEventSource
AdjustTokenPrivileges

urlmon

CoInternetGetSecurityUrl
CoInternetParseUrl

wintrust

WintrustGetRegPolicyFlags
CryptCATPutCatAttrInfo
WintrustSetRegPolicyFlags

rpcrt4

NdrPointerMarshall
RpcBindingCopy
RpcSsContextLockExclusive
RpcServerUseProtseqA
RpcMgmtSetCancelTimeout
NdrInterfacePointerBufferSize

kernel32

SetFilePointer
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
VirtualAlloc
VirtualFree
GetModuleFileNameA
WriteFile
InitializeCriticalSectionAndSpinCount
HeapAlloc
ReadFile
CloseHandle
WriteConsoleA
GetConsoleOutputCP
HeapReAlloc
RtlUnwind
GetLocaleInfoA
ExitProcess
Sleep
HeapFree
DeleteCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
EnterCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CompareStringW
GetLastError
CreateFileA
WriteConsoleW
GetCurrentThreadId
SetLastError
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
WaitForSingleObjectEx
SetCommBreak
GetModuleHandleExW
SetEvent
LeaveCriticalSection
QueryPerformanceCounter
FindAtomW
GetTimeFormatW
GetStdHandle
IsBadWritePtr
Process32FirstW
SetCommConfig
WaitForSingleObject
GetModuleFileNameW
LoadLibraryA
GetFileTime
LoadLibraryExW
GetBinaryTypeW
EraseTape
ClearCommBreak
FindVolumeClose
GlobalAlloc
GetNamedPipeInfo

Sections

.text
Size: 616KB - Virtual size: 614KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adfd8293ab71c14bdf7db71e8d8917bc

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

lz32

secur32

ws2_32

wininet

netapi32

msacm32

winscard

winspool.drv

comctl32

rasapi32

mprapi

ole32

shell32

gdi32

winmm

shlwapi

setupapi

oleaut32

user32

advapi32

urlmon

wintrust

rpcrt4

kernel32

Sections

.text Size: 616KB - Virtual size: 614KB

.qdata Size: 4KB - Virtual size: 2KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 156KB - Virtual size: 165KB

CRT Size: 312KB - Virtual size: 309KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 616KB - Virtual size: 614KB

.qdata
Size: 4KB - Virtual size: 2KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 156KB - Virtual size: 165KB

CRT
Size: 312KB - Virtual size: 309KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 36KB - Virtual size: 32KB