0e135787d2493b7e87cdfd9ec7846b6d52b96c40f33033df5295aecf1f3e168d

Sharing

Copy URL Twitter E-mail

General

Target

0e135787d2493b7e87cdfd9ec7846b6d52b96c40f33033df5295aecf1f3e168d
Size

132KB
MD5

4570bf3bf0a04e0823953a8290a4ec23
SHA1

800bd7321476701fdc89e98e92917de7ff54c58e
SHA256

0e135787d2493b7e87cdfd9ec7846b6d52b96c40f33033df5295aecf1f3e168d
SHA512

e74176771b9eccd827383573bea7e3f401722b3321eb67238f6f33b674d927fdb352db10568654dfa1067b0198dbf4a48c3c629ef912b91dcb9b3b836741aad5
SSDEEP

3072:JKbMGmTE6WKpsTf32qJiN/pLR6D1hnhzW6Ki+0iZ60ZnlCw4:UbMGmQBKpsTLJiDsD1JNeS/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e135787d2493b7e87cdfd9ec7846b6d52b96c40f33033df5295aecf1f3e168d

Files

0e135787d2493b7e87cdfd9ec7846b6d52b96c40f33033df5295aecf1f3e168d
.dll windows:6 windows x64 arch:x64

8ee4973df26070e243c3fd8129527a82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
CreateMutexW
OutputDebugStringW
FreeLibrary
LoadLibraryW
OutputDebugStringA
CreateFileW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetModuleFileNameW
GetCurrentProcess
CloseHandle
GetFileAttributesExW
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetLastError
WriteConsoleW
SetStdHandle
GetStringTypeW
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
WriteFile
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers

advapi32

LookupPrivilegeValueW
RegUnLoadKeyA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegLoadKeyW
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegCreateKeyW

ws2_32

WSAStartup
WSACleanup

Exports

Exports

RTW32_Destroy
RTW32_GetNicInfo
RTW32_ImportNicList2Drive
RTW32_ImportNicList2Vhd
RTW32_Initialize
RTW32_SetNicInfo

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ee4973df26070e243c3fd8129527a82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB