60e4b66c3145431bac9a9df286a85799854920ed5ebb348e65e220f8860d0fa9

Sharing

Copy URL Twitter E-mail

General

Target

60e4b66c3145431bac9a9df286a85799854920ed5ebb348e65e220f8860d0fa9
Size

166KB
MD5

f2e78fe6c84d99780cb6f754b917065d
SHA1

120ceb135b9f51bf215b4ea1fe7eca3c92507ceb
SHA256

60e4b66c3145431bac9a9df286a85799854920ed5ebb348e65e220f8860d0fa9
SHA512

08c4f812555d5d9e016c924f28a0162940142930a347ab50f2c1e2a352b3abddb3e34fbee4a83643458fd360293e00e113ac035d3d5b657b478c7248a06490da
SSDEEP

3072:z/mHATCC+P4hM9Bmflul7/e3VKhOR/opS1WTmzGngXnlwaXsFypVPXsPi6guxAO5:5CC8ywlSlK8R/rEziKzWTC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60e4b66c3145431bac9a9df286a85799854920ed5ebb348e65e220f8860d0fa9

Files

60e4b66c3145431bac9a9df286a85799854920ed5ebb348e65e220f8860d0fa9
.dll windows:6 windows x86 arch:x86

d7faeba881c21c7527f29020465b4234

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapSize
Sleep
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetFileAttributesA
GetCurrentProcessId
CreateNamedPipeA
DisconnectNamedPipe
ExitThread
CreateThread
LoadLibraryExW
TlsFree
WriteConsoleW
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeLibrary
GetModuleFileNameA
SetFileAttributesA
CloseHandle
DecodePointer
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
MultiByteToWideChar
HeapFree
GetProcessHeap
HeapAlloc
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
ExitProcess
FindClose
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileType
GetTimeZoneInformation
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleOutputCP
WriteFile
SetFilePointerEx
GetFileSizeEx
SetLastError
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WideCharToMultiByte
GetCurrentThreadId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
LocalFree
EncodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList

user32

EnumWindows
IsWindowVisible
GetWindowTextA

advapi32

ConvertSidToStringSidA
QueryServiceStatusEx
CloseServiceHandle
OpenServiceA
OpenSCManagerA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetSecurityInfo
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

ws2_32

WSAStartup
gethostbyname
closesocket
recv

shlwapi

PathRemoveFileSpecA

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory
WTSQuerySessionInformationA

rpcrt4

RpcStringFreeW
RpcBindingSetAuthInfoExA
RpcBindingFromStringBindingW
NdrClientCall2
RpcStringBindingComposeW

Exports

Exports

fuckyou

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7faeba881c21c7527f29020465b4234

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

wtsapi32

rpcrt4

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 3KB - Virtual size: 10KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 10KB

.reloc
Size: 6KB - Virtual size: 5KB