df212c122a87e3dda16b7d66ea9bc7ca4130a7f4b078298355b6d752e22cd5d4N

Sharing

Copy URL Twitter E-mail

General

Target

df212c122a87e3dda16b7d66ea9bc7ca4130a7f4b078298355b6d752e22cd5d4N
Size

83KB
MD5

e1a84c7e86494f87e530e3ace4740490
SHA1

aaf829ea8a2f0cefb3f9c280d0433ac37686f4bd
SHA256

df212c122a87e3dda16b7d66ea9bc7ca4130a7f4b078298355b6d752e22cd5d4
SHA512

3d02f60d0af06295d370f7a219798ae212fc5c7e6ced827d9069b56e58d3861217ecc9a3381fa262fd508cb72d468777bea74c00fe584d7d4d96ff1384df9564
SSDEEP

1536:R1TwNvtf/zSnAvNe7Gctw624RojfDbxoSqJAdHV+TrPJNLPivSYVEQLl+7:R1inzSnAle3bpADbxDqJAd1+PP3PySsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df212c122a87e3dda16b7d66ea9bc7ca4130a7f4b078298355b6d752e22cd5d4N

Files

df212c122a87e3dda16b7d66ea9bc7ca4130a7f4b078298355b6d752e22cd5d4N
.dll windows:4 windows x86 arch:x86

898303d13dcb5d1b38ff3fed7961dcb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
CreateThread
GetComputerNameW
CreateEventW
SetLastError
GetShortPathNameW
TlsAlloc
GetModuleFileNameW
GetEnvironmentVariableW
GetTempPathW
InitializeCriticalSection
CreateFileW
WriteFile
OutputDebugStringA
BeginUpdateResourceW
EndUpdateResourceW
FindResourceW
SizeofResource
LoadResource
LockResource
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
MultiByteToWideChar
GetComputerNameA
QueryPerformanceCounter
InterlockedCompareExchange
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExW
GetModuleHandleW
GetFileAttributesW
Sleep
InterlockedExchange
SetErrorMode
ExitProcess
FreeLibrary
LoadLibraryW
GetLastError
FormatMessageW
GetCommandLineW
GetCurrentProcess
GetTickCount
GetSystemDirectoryW
CreateProcessW
WaitForSingleObject
GetProcAddress
lstrlenW
LocalAlloc
WideCharToMultiByte
lstrlenA
LocalFree
CloseHandle
GetVersion
VirtualProtect
SetEnvironmentVariableW

user32

VkKeyScanW
VkKeyScanA
GetFocus
SystemParametersInfoW
LoadIconW
CreateWindowExW
RegisterClassW
DestroyWindow
LoadCursorW
UnregisterClassW
SetWindowLongW
PostMessageW
GetWindow
SetWindowPos
IsRectEmpty
SetWindowRgn
ToUnicode
GetKeyboardState
GetPropW
RemovePropW
UpdateWindow
RedrawWindow
OffsetRect
IsWindow

advapi32

ChangeServiceConfigW
GetSecurityDescriptorDacl
RegSetValueExW
LsaOpenPolicy
FreeSid
LookupAccountSidW
AllocateAndInitializeSid
MakeSelfRelativeSD
RegNotifyChangeKeyValue
LookupAccountNameW
IsValidSid
LsaEnumerateAccountRights
UnlockServiceDatabase
LockServiceDatabase
CloseServiceHandle
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
GetAclInformation
ConvertSidToStringSidW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

gdi32

CreateFontIndirectW
DeleteObject
CreateRectRgnIndirect
CombineRgn
LPtoDP
SetBkMode
SelectObject

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoA
NdrClientCall2
RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcEpResolveBinding

msvcrt

time
sprintf
_snprintf
strchr
_strnicmp
strncpy
memset
_wcslwr
wcscmp
wcsncpy
_wcsicmp
wcslen
wcsstr
free
malloc
_mbslen
_CxxThrowException
_wcsdup
_stricmp
wcstombs
memcpy
wcstoul
_XcptFilter
_amsg_exit
_adjust_fdiv
_cexit
_exit
exit
_wcmdln
_initterm
wcschr
_wtoi
iswalpha
_except_handler3
__CxxFrameHandler

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

898303d13dcb5d1b38ff3fed7961dcb2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

msvcrt

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 35KB - Virtual size: 69KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 35KB - Virtual size: 69KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB