8d3258ed6e9aaf18c1b65d700b1b8126a0269ec4a269285ba976d8a3a31d189e

Sharing

Copy URL Twitter E-mail

General

Target

8d3258ed6e9aaf18c1b65d700b1b8126a0269ec4a269285ba976d8a3a31d189e
Size

775KB
MD5

f238e021207826ca32f4222391f26bb9
SHA1

cdedf9b2c11be7b35ebd49ec38ce965ce11dae50
SHA256

8d3258ed6e9aaf18c1b65d700b1b8126a0269ec4a269285ba976d8a3a31d189e
SHA512

47af2a690d7a98ea51d0f55390310f79642297e45b65bc5777a44951c1dd6fc4967098fbaab25d707cef7aac199fe6a07a7bc5c9b3a5d1b19037d777cf06ceae
SSDEEP

12288:QJ4aANicowMyR9yXOiZOSQhnoMXh/ghAAfDH:E4NNicowlqAhnokh/yfz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d3258ed6e9aaf18c1b65d700b1b8126a0269ec4a269285ba976d8a3a31d189e

Files

8d3258ed6e9aaf18c1b65d700b1b8126a0269ec4a269285ba976d8a3a31d189e
.dll windows:5 windows x86 arch:x86

21b42f6febd60be81d0ebdd1284ca518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

secur32

LsaConnectUntrusted
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess

shlwapi

SHStrDupW
ord219

ole32

CoTaskMemAlloc
CoTaskMemFree

user32

LoadBitmapW

advapi32

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
DeregisterEventSource
RegisterEventSourceW
LogonUserW
ReportEventW
CredIsProtectedW
CredProtectW
CredUnprotectW
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
GetUserNameA
SetSecurityInfo
GetSecurityDescriptorSacl
CreateWellKnownSid
PrivilegeCheck
LookupPrivilegeValueW
OpenThreadToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
ConvertStringSidToSidW
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW

credui

CredPackAuthenticationBufferW
CredUnPackAuthenticationBufferW

kernel32

GetVersionExW
GetSystemDefaultLangID
GetCurrentProcess
GetModuleHandleW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetModuleFileNameA
SwitchToThread
SetEndOfFile
SetFilePointer
MapViewOfFile
GetFileSize
CreateFileA
UnmapViewOfFile
ReadFile
WriteFile
CreateMutexA
InterlockedIncrement
WaitForSingleObject
ReleaseMutex
GetHandleInformation
OpenFileMappingA
CreateFileMappingA
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetModuleHandleA
DeleteCriticalSection
TlsAlloc
SetLastError
TlsGetValue
TlsSetValue
TlsFree
CreateEventA
SetEvent
ResetEvent
GetExitCodeThread
InterlockedExchange
GlobalMemoryStatus
FreeLibrary
LoadLibraryW
MultiByteToWideChar
Sleep
GetProcessHeap
HeapAlloc
HeapFree
LocalAlloc
FlushFileBuffers
SetStdHandle
LocalFree
lstrlenA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
InterlockedExchangeAdd
LeaveCriticalSection
GetSystemTimeAsFileTime
HeapSize
GetSystemDirectoryA
DisableThreadLibraryCalls
GetCurrentThread
InterlockedDecrement
GetConsoleMode
GetConsoleCP
LCMapStringW
GetComputerNameW
GetLastError
CloseHandle
lstrlenW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetPrivateProfileStringW
GlobalFree
GlobalAlloc
DeviceIoControl
GetOverlappedResult
CancelIo
OpenMutexA
TerminateThread
RtlUnwind
RaiseException
GetCommandLineA
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

netapi32

NetUserEnum
NetUserGetInfo
NetApiBufferFree

hid

HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidD_SetNumInputBuffers
HidD_FreePreparsedData
HidD_GetFeature
HidD_SetFeature
HidD_GetHidGuid

shell32

SHGetSpecialFolderPathW

powrprof

CallNtPowerInformation

setupapi

SetupDiGetClassDevsA
CM_Get_Device_IDA
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Registry_PropertyA
CM_Get_Parent
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

winscard

SCardReconnect
SCardStatusA
SCardTransmit
SCardControl
SCardGetAttrib
SCardDisconnect
SCardEndTransaction
SCardReleaseContext
SCardListReadersA
SCardEstablishContext
SCardConnectA
SCardBeginTransaction

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21b42f6febd60be81d0ebdd1284ca518

Headers

DLL Characteristics

File Characteristics

Imports

secur32

shlwapi

ole32

user32

advapi32

credui

kernel32

version

wtsapi32

rpcrt4

netapi32

hid

shell32

powrprof

setupapi

winscard

Exports

Exports

Sections

.text Size: 391KB - Virtual size: 391KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 68KB - Virtual size: 159KB

.rsrc Size: 193KB - Virtual size: 193KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 391KB - Virtual size: 391KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 68KB - Virtual size: 159KB

.rsrc
Size: 193KB - Virtual size: 193KB

.reloc
Size: 21KB - Virtual size: 20KB