bcf92b9679844384ebdf7974ae69609d5b946b656fa990431ace6a84b8b7a092

Sharing

Copy URL Twitter E-mail

General

Target

bcf92b9679844384ebdf7974ae69609d5b946b656fa990431ace6a84b8b7a092
Size

272KB
MD5

a38f902d4e20d0c88e44554f544dee60
SHA1

0d7815c6a43028b3a0b72c0ff348d08df833d0e5
SHA256

bcf92b9679844384ebdf7974ae69609d5b946b656fa990431ace6a84b8b7a092
SHA512

89764e8ed22c3f865fef8aa449fbe9f400d26cf04c3be3355c6e770d73e7f7281eb8ed7baa6eab549d16cb77b7bd6bff2ddb111a00eefc5188dc419644496720
SSDEEP

6144:WbojGXZy11W6dzuDkrUD1M4xy4QtE+Wq+BV+UdvrEFp7hK4:soja0LdzuDkrUD1M4xy7cBjvrEH7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcf92b9679844384ebdf7974ae69609d5b946b656fa990431ace6a84b8b7a092

Files

bcf92b9679844384ebdf7974ae69609d5b946b656fa990431ace6a84b8b7a092
.dll windows:6 windows x86 arch:x86

92c41024898fbf51016cb09ba2c20fe3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ieshims.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
fclose
_wfopen
fputws
calloc
wcsncmp
_vscwprintf
_wcslwr
free
_except_handler4_common
memmove
_CxxThrowException
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
wcsspn
memcpy
memset
realloc
__CxxFrameHandler3
malloc
_wcsnicmp
iswspace
??1type_info@@UAE@XZ
wcstok
wcsstr
wcsrchr
wcspbrk
wcschr
_vsnwprintf
_wcsicmp
iswctype
towlower

ntdll

RtlNtStatusToDosError
NtQueryObject

kernel32

CreateMutexW
LoadLibraryW
InitializeCriticalSection
SetFileAttributesW
EnterCriticalSection
EncodePointer
ReleaseMutex
IsWow64Process
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
WaitForSingleObject
GetFileSizeEx
FindFirstFileW
FindNextFileW
FindClose
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
OutputDebugStringW
OutputDebugStringA
GetModuleHandleA
VirtualProtect
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
lstrlenW
lstrcmpiW
CopyFileW
CreateDirectoryW
GetFileInformationByHandle
GetCurrentThreadId
GetFileAttributesW
SearchPathW
SetLastError
LocalAlloc
GetModuleFileNameW
VirtualQuery
LocalFree
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
FreeLibrary
GetProcAddress
GetLastError
GetProcessId
GetCurrentProcessId
HeapFree
GetProcessHeap
InterlockedDecrement
HeapAlloc
InterlockedIncrement
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
CloseHandle
WaitForSingleObjectEx
OpenEventW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
TerminateProcess
DecodePointer
CreateFileW
DeviceIoControl

shlwapi

PathFindFileNameW
ord154
ord152
PathIsUNCW
PathSkipRootW
ord437
ord158
ord156
ord157
PathGetArgsW
StrDupW
SHRegGetValueW

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

advapi32

RegCloseKey
RegOpenKeyExW
DecryptFileW
EncryptFileW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW

iertutil

ord50
ord170
ord58
ord305
ord45

shell32

ShellExecuteExW
SHGetFolderPathW

user32

GetForegroundWindow
GetWindowThreadProcessId
GetPropW
GetClassNameW
AllowSetForegroundWindow
GetGUIThreadInfo

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92c41024898fbf51016cb09ba2c20fe3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

shlwapi

ole32

oleaut32

advapi32

iertutil

shell32

user32

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 175KB

.data Size: 1024B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB