ab33e1c339e559f9217435cd0003c4975129780716d777cf203607b0de1dc139

Sharing

Copy URL Twitter E-mail

General

Target

ab33e1c339e559f9217435cd0003c4975129780716d777cf203607b0de1dc139
Size

787KB
MD5

0988a6b3b2ae6aaa4ddcb19acf247f02
SHA1

a55a20ff2a82be8878cf22b1d666d9a1c79dac17
SHA256

ab33e1c339e559f9217435cd0003c4975129780716d777cf203607b0de1dc139
SHA512

f0b19d0077e590ee82ec1820296e7fa738c4a716a0ff39e8b0fc989195037126a5716aa8842d33fe1bca41300dedd7e9bb4ed30dd70dca4ca6cfe57cab7c26ab
SSDEEP

12288:fxHhlmEIRn0sTcMEEP/57sY8X+f6hJA8Cv:ABRn0sTTEEP/NsY8X+f2JIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab33e1c339e559f9217435cd0003c4975129780716d777cf203607b0de1dc139

Files

ab33e1c339e559f9217435cd0003c4975129780716d777cf203607b0de1dc139
.dll windows:5 windows x64 arch:x64

df794408344c7e6b816d3229f16b4e67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

secur32

LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage

shlwapi

ord219
SHStrDupW

ole32

CoTaskMemFree
CoTaskMemAlloc

user32

LoadBitmapW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
DeregisterEventSource
RegisterEventSourceW
LogonUserW
ReportEventW
CredIsProtectedW
CredProtectW
CredUnprotectW
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
SetSecurityInfo
GetSecurityDescriptorSacl
CreateWellKnownSid
PrivilegeCheck
LookupPrivilegeValueW
OpenThreadToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
ConvertStringSidToSidW
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW

credui

CredUnPackAuthenticationBufferW
CredPackAuthenticationBufferW

kernel32

GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetModuleFileNameA
CreateFileA
ReadFile
GetHandleInformation
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
WaitForSingleObject
OpenMutexA
CreateFileMappingA
CreateMutexA
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
CreateEventA
SetEvent
ResetEvent
GetCurrentThread
TerminateThread
GetExitCodeThread
GlobalMemoryStatus
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetCurrentProcess
GetSystemDefaultLangID
GetVersionExW
GetModuleHandleA
GetProcAddress
CancelIo
GetOverlappedResult
DeviceIoControl
GlobalAlloc
GlobalFree
GetPrivateProfileStringW
LoadLibraryA
HeapSize
SetFilePointer
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
Sleep
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetProcessHeap
HeapAlloc
HeapFree
LocalAlloc
LocalFree
lstrlenA
DisableThreadLibraryCalls
GetComputerNameW
GetLastError
CloseHandle
lstrlenW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteFile
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

netapi32

NetUserEnum
NetUserGetInfo
NetApiBufferFree

hid

HidD_GetFeature
HidD_SetNumInputBuffers
HidD_GetPreparsedData
HidD_GetAttributes
HidD_GetHidGuid
HidP_GetCaps
HidD_FreePreparsedData
HidD_SetFeature

shell32

SHGetSpecialFolderPathW

powrprof

CallNtPowerInformation

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
CM_Get_Device_IDA
CM_Get_Parent
CM_Get_DevNode_Registry_PropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

winscard

SCardControl
SCardTransmit
SCardStatusA
SCardConnectA
SCardGetAttrib
SCardEndTransaction
SCardDisconnect
SCardBeginTransaction
SCardReleaseContext
SCardListReadersA
SCardEstablishContext
SCardReconnect

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df794408344c7e6b816d3229f16b4e67

Headers

DLL Characteristics

File Characteristics

Imports

secur32

shlwapi

ole32

user32

advapi32

credui

kernel32

wtsapi32

rpcrt4

netapi32

hid

shell32

powrprof

setupapi

winscard

Exports

Exports

Sections

.text Size: 391KB - Virtual size: 391KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 70KB - Virtual size: 163KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 193KB - Virtual size: 193KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 391KB - Virtual size: 391KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 70KB - Virtual size: 163KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 193KB - Virtual size: 193KB

.reloc
Size: 4KB - Virtual size: 4KB