259969a7bf32baacf5ceee65cc589eb374419be22fb1fc0c7fc40574f288c521N

Sharing

Copy URL Twitter E-mail

General

Target

259969a7bf32baacf5ceee65cc589eb374419be22fb1fc0c7fc40574f288c521N
Size

1.2MB
MD5

f26615cbf338bde1666b2b4328b2d020
SHA1

876e98766a03090ddea6c57d0334d14fd7facea2
SHA256

259969a7bf32baacf5ceee65cc589eb374419be22fb1fc0c7fc40574f288c521
SHA512

daf3bab506b810aa59fb612279f02b44513635d6c2c3027319f1f797c1537aab6ccaae85c03bb3266edcab022778ca6507b64c53c35e8a7f3af4a9ea72aaa1b3
SSDEEP

24576:cqozT8s/yJY63F3dH+LbySSoRdzvBUAdrvKB:fsT8HzAySPUYrvQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
259969a7bf32baacf5ceee65cc589eb374419be22fb1fc0c7fc40574f288c521N

Files

259969a7bf32baacf5ceee65cc589eb374419be22fb1fc0c7fc40574f288c521N
.dll windows:4 windows x86 arch:x86

780278c0c588b5bf375819b942c6fbaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

__WSAFDIsSet
select
WSASetLastError
recv
WSAStartup
WSACleanup
connect
WSAGetLastError
sendto
closesocket
send
socket
setsockopt
getsockopt
htons

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mpr

WNetGetConnectionA

rpcrt4

RpcStringFreeA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcBindingFree
NdrClientCall2
NdrServerCall2
RpcServerListen
RpcServerRegisterIf
RpcServerUseProtseqEpA
RpcMgmtStopServerListening

kernel32

ResumeThread
FlushInstructionCache
GetCurrentProcess
SetThreadContext
GetThreadContext
SuspendThread
SetLastError
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcmpiA
LockResource
LoadResource
SizeofResource
FindResourceA
GetVersion
IsDBCSLeadByte
GetCurrentProcessId
LoadLibraryExA
DisableThreadLibraryCalls
DeleteFileA
MoveFileA
GetFileSize
GetFileAttributesW
GetDriveTypeA
QueryDosDeviceA
IsBadStringPtrA
GetACP
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
GetSystemDirectoryW
GetFileTime
GetSystemDirectoryA
SetFileTime
FileTimeToSystemTime
GetLocalTime
GetTimeZoneInformation
GetComputerNameA
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
SetEvent
InterlockedCompareExchange
FindClose
FindNextFileA
FindFirstFileA
GetTempPathA
GetTimeFormatA
GetLocaleInfoA
TerminateProcess
SetConsoleTitleA
GetConsoleTitleA
WaitForSingleObject
DuplicateHandle
CreateEventA
FlushFileBuffers
SetEndOfFile
SystemTimeToTzSpecificLocalTime
InterlockedExchange
GetVersionExA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetProcessHeap
GetFullPathNameA
FormatMessageA
GetNumberFormatA
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
GetDateFormatA
CreateThread
ExitThread
HeapReAlloc
RtlUnwind
GetSystemTimeAsFileTime
VirtualAlloc
VirtualQuery
GetCurrentThreadId
OutputDebugStringA
GetCurrentThread
FreeLibrary
GetLastError
LoadLibraryA
GetProcAddress
LocalReAlloc
LocalFree
LocalAlloc
InterlockedDecrement
InterlockedIncrement
GetTickCount
MultiByteToWideChar
WriteFile
Sleep
ReadFile
SetFilePointer
CloseHandle
VirtualProtect
GetModuleHandleA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualFree
ExitProcess
HeapSize
GetModuleFileNameA
CreateFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
GetStartupInfoA
LoadLibraryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
GetStringTypeA
GetStringTypeW
SetHandleCount
OpenProcess
TlsFree

user32

EnumWindows
GetWindowTextLengthA
SetFocus
PostQuitMessage
GetWindowRect
EnableWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
DestroyWindow
UnregisterClassA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
IsZoomed
MapVirtualKeyA
GetKeyState
GetForegroundWindow
GetKeyboardLayoutNameA
GetCursorPos
MoveWindow
GetFocus
CallNextHookEx
UnhookWindowsHookEx
SetPropA
GetPropA
CharPrevA
CallWindowProcA
SetWindowLongA
RemovePropA
GetWindow
IsWindowEnabled
SendMessageA
FindWindowA
GetWindowThreadProcessId
PostMessageA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetThreadDesktop
SetProcessWindowStation
CloseDesktop
CloseWindowStation
LoadStringA
wsprintfW
CharNextA
SetTimer
IsWindow
SendMessageTimeoutA
KillTimer
RegisterWindowMessageA
wsprintfA
GetParent
FindWindowExA
IsWindowVisible
EnumChildWindows
GetWindowLongA
GetClassNameA
DefWindowProcA
GetWindowTextA
GetUserObjectInformationA

gdi32

GetDeviceCaps
GetStockObject
TranslateCharsetInfo

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

VariantInit
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
SafeArrayCreate
SysStringByteLen
SysStringLen
SysFreeString
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantCopy
VariantChangeType
SysAllocStringLen
SafeArrayLock
SysAllocStringByteLen
GetErrorInfo
SafeArrayUnlock

Exports

Exports

DllCanUnloadNow
DllGetClassObject
IAlloc

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

780278c0c588b5bf375819b942c6fbaa

Headers

File Characteristics

Imports

wsock32

version

mpr

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 56KB - Virtual size: 55KB

.shared Size: 4KB - Virtual size: 488B

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 56KB - Virtual size: 55KB

.shared
Size: 4KB - Virtual size: 488B

.reloc
Size: 56KB - Virtual size: 55KB