af0e617c1b009a90e6f254e99d4e72737dcbdca6ac772713c3117ea1ced221fdN

Sharing

Copy URL

Twitter E-mail

General

Target

af0e617c1b009a90e6f254e99d4e72737dcbdca6ac772713c3117ea1ced221fdN
Size

2.3MB
MD5

7eeb2d3934faa2625469a3884bffb460
SHA1

2a30fb8824dd743d8d9563223f6e65e78751b56e
SHA256

af0e617c1b009a90e6f254e99d4e72737dcbdca6ac772713c3117ea1ced221fd
SHA512

80d3dcb105c2a3129cc0fa6f7ff0abf4a5ae81aeb64b2a15ea0c828d64447eb1c8457e94ae0d79803c9c7498b8eca1870f89673f5982d208d08167c7eda834da
SSDEEP

49152:TJUxw/HXPDcjPmfn4NkKnfhtD4er3xrjllRnmUbygu:93/HXPDcjPYvKj7rR52Ub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af0e617c1b009a90e6f254e99d4e72737dcbdca6ac772713c3117ea1ced221fdN

Files

af0e617c1b009a90e6f254e99d4e72737dcbdca6ac772713c3117ea1ced221fdN
.dll windows:5 windows x86 arch:x86

84ff8bcb851f4790cc004479b74f3072

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertEnumCRLsInStore

gdi32

SetBrushOrgEx
GetClipRgn

lz32

GetExpandedNameW

ole32

CoResumeClassObjects
CoRegisterClassObject

iphlpapi

GetIpAddrTable

shlwapi

PathIsRelativeW
StrCmpNIA

advapi32

QueryUsersOnEncryptedFile
EnumServicesStatusA

user32

SetMenuInfo
SendMessageW
MenuItemFromPoint
GetMenuItemInfoW
GetKeyNameTextW
GetKeyboardType
GetActiveWindow
SetScrollRange
ChangeClipboardChain
GetRawInputDeviceList
ToAscii
DestroyCursor

wintrust

IsCatalogFile
CryptCATAdminReleaseCatalogContext

secur32

QuerySecurityPackageInfoA
DeleteSecurityContext

ntdsapi

DsFreeNameResultW

imm32

ImmGetContext

rasapi32

RasDialA

wininet

HttpEndRequestA

setupapi

SetupDiOpenDeviceInterfaceW
CM_Get_DevNode_Status

kernel32

CreateFileA
SetStdHandle
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
GetLocaleInfoA
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleCP
WideCharToMultiByte
LoadLibraryA
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedPushEntrySList
FindFirstFileA
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
GetFileTime
PostQueuedCompletionStatus
GetConsoleMode
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
Sleep
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
MultiByteToWideChar
RtlUnwind
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
VirtualFree
VirtualAlloc
WriteFile

winmm

auxGetNumDevs

oleaut32

SetErrorInfo
GetErrorInfo
LoadTypeLibEx
GetRecordInfoFromGuids

shell32

FindExecutableW

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.EXP
Size: 4KB - Virtual size: 895B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 368KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

s0
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Yubc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vSuTl6
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84ff8bcb851f4790cc004479b74f3072

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

gdi32

lz32

ole32

iphlpapi

shlwapi

advapi32

user32

wintrust

secur32

ntdsapi

imm32

rasapi32

wininet

setupapi

kernel32

winmm

oleaut32

shell32

Sections

.text Size: 108KB - Virtual size: 106KB

.EXP Size: 4KB - Virtual size: 895B

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 368KB - Virtual size: 376KB

.qdata Size: 1.5MB - Virtual size: 1.5MB

s0 Size: 112KB - Virtual size: 108KB

Yubc Size: 120KB - Virtual size: 117KB

vSuTl6 Size: 16KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 64KB - Virtual size: 60KB

.text
Size: 108KB - Virtual size: 106KB

.EXP
Size: 4KB - Virtual size: 895B

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 368KB - Virtual size: 376KB

.qdata
Size: 1.5MB - Virtual size: 1.5MB

s0
Size: 112KB - Virtual size: 108KB

Yubc
Size: 120KB - Virtual size: 117KB

vSuTl6
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 64KB - Virtual size: 60KB