309a3f0d2c872eb4ce7c5afa0de4cf4d7f42a55c2946fad4d49e39b45180c37b

Sharing

Copy URL Twitter E-mail

General

Target

309a3f0d2c872eb4ce7c5afa0de4cf4d7f42a55c2946fad4d49e39b45180c37b
Size

2.1MB
MD5

240a413b4f38c33e383e8e5d479067dc
SHA1

5f3970f402a95b9735d9cf4ba4251e5351412ede
SHA256

309a3f0d2c872eb4ce7c5afa0de4cf4d7f42a55c2946fad4d49e39b45180c37b
SHA512

9b4c9319ec33d14bc0e2dc56de7e1da840a4ab53846e30fb46eb1bfd773b5de7d3cd03a6ad3ac9afe8ef6580b0041218e4a3397ccfa98d2501b0008c4ad2d98f
SSDEEP

49152:8c+QS8UjJ39eU4mTMyCHw7tDUuXb4DaPKWqgJRMRBUO0U:YR8UN9eU4mAyEw72uXwyJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
309a3f0d2c872eb4ce7c5afa0de4cf4d7f42a55c2946fad4d49e39b45180c37b

Files

309a3f0d2c872eb4ce7c5afa0de4cf4d7f42a55c2946fad4d49e39b45180c37b
.dll windows:6 windows x86 arch:x86

f8c532be4f750ee2cdf024415aa0d37e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\solution\solution\Release\solution.pdb

Imports

kernel32

GetModuleHandleW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
GetLocalTime
GetCurrentProcessId
SystemTimeToFileTime
LocalAlloc
LocalFree
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameA
CreateToolhelp32Snapshot
FormatMessageW
Process32NextW
Process32FirstW
DeviceIoControl
CreatePipe
GetSystemDirectoryA
CreateProcessA
GetCurrentProcess
lstrlenW
GetSystemTime
ReadConsoleInputW
SetConsoleMode
GetFileSize
SetFilePointerEx
GetSystemInfo
CreateFileW
WaitForSingleObject
FindClose
ExpandEnvironmentStringsA
GetProcessId
GetModuleFileNameW
RemoveDirectoryW
WriteFile
FindNextFileW
GetFileSizeEx
FindFirstFileW
GetModuleFileNameA
ReadFile
MoveFileW
GetTickCount
CopyFileW
FreeLibrary
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
GetFileAttributesExW
GetConsoleCP
FindResourceW
LoadResource
FindResourceExW
CreateThread
LoadLibraryW
CloseHandle
HeapReAlloc
DeleteFileW
GlobalMemoryStatus
FlushConsoleInputBuffer
WriteConsoleW
SetEndOfFile
GetFullPathNameW
GetCurrentDirectoryW
GetTimeZoneInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
LockResource
LoadLibraryA
GetLastError
GetTickCount64
Sleep
MultiByteToWideChar
HeapSize
IsBadCodePtr
InitializeCriticalSectionEx
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
HeapFree
SizeofResource
CreateDirectoryW
LCMapStringW
CompareStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
ExitProcess
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
OutputDebugStringW
RaiseException
SleepEx
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SetLastError
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoA
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread

user32

MessageBoxW
CharLowerW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CharLowerA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
GetTokenInformation
GetSecurityInfo
ConvertSidToStringSidW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
SetSecurityInfo
AllocateAndInitializeSid
SetEntriesInAclW
RegFlushKey
RegSetValueExW
OpenProcessToken
FreeSid
RegEnumValueW

shell32

SHChangeNotify
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathFileExistsW
PathRemoveFileSpecW

crypt32

CertCloseStore
CryptBinaryToStringW
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgClose
CertFreeCertificateContext
CryptQueryObject

wininet

InternetGetConnectedState

ws2_32

getservbyname
htonl
shutdown
gethostbyname
WSACleanup
sendto
htons
WSAEnumNetworkEvents
recvfrom
WSAWaitForMultipleEvents
ntohs
socket
WSAEventSelect
inet_addr
WSAStartup
WSACreateEvent
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
ioctlsocket
gethostname

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

bcrypt

BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptFinishHash
BCryptOpenAlgorithmProvider

wldap32

ord32
ord50
ord27
ord33
ord35
ord79
ord46
ord30
ord200
ord22
ord41
ord301
ord26
ord60
ord211
ord143

Exports

Exports

CheckUpdate
ChromeXtFinish
ChromeXtHide
ChromeXtInit
ChromeXtInitNoRetry
ChromeXtIsVoucUrl
ChromeXtRecord
ClearLoginToken
CreateChromeXtHandle
CreateVIPID
DotForAction
ExtractArchiveEx
ExtractPluginDat
FreeMem
GetBrowserInsDate
GetBrowserInsName
GetBrowserVersion
GetGoodsTitile
GetLoginInfo
IsCmdStartUpUrlNotGood
IsWinInstalledApp
LoginQueryBookMarks
LoginQueryPasswd
LoginQueryUserInfo
LoginUpdateBookMarks
LoginUpdatePasswd
MatchGroup
OpenFileWithWinApp
SaveLoginToken
SetDefalutBrowser
StartScreenCut
UpdateFileCheck

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nfe0
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8c532be4f750ee2cdf024415aa0d37e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

crypt32

wininet

ws2_32

iphlpapi

version

bcrypt

wldap32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 410KB - Virtual size: 409KB

.data Size: 39KB - Virtual size: 52KB

.nfe0 Size: 36KB - Virtual size: 35KB

.reloc Size: 67KB - Virtual size: 66KB

.rsrc Size: 94KB - Virtual size: 93KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 410KB - Virtual size: 409KB

.data
Size: 39KB - Virtual size: 52KB

.nfe0
Size: 36KB - Virtual size: 35KB

.reloc
Size: 67KB - Virtual size: 66KB

.rsrc
Size: 94KB - Virtual size: 93KB