9b5c66a87f676fa4f9a35198c4a2bb1aff5990c986f3b218d311ce939b183a9cN

Sharing

Copy URL

Twitter E-mail

General

Target

9b5c66a87f676fa4f9a35198c4a2bb1aff5990c986f3b218d311ce939b183a9cN
Size

98KB
MD5

1c711faf56c549d7e1855e1536bc4600
SHA1

c5f5648b83a3edfcbbfc058947892e1a1f197c35
SHA256

9b5c66a87f676fa4f9a35198c4a2bb1aff5990c986f3b218d311ce939b183a9c
SHA512

8e361261c58d2eba410254208576d22406eb9d094a100cd93bdad6a45ce0e3413f98f1a2585f8310543151b6ca15cffc64fddd13f80a0921ec46028c73ef10af
SSDEEP

3072:lhcDmcc5Hi5En/YDZ4QzyOSUxrEw5gx6I:3dccxi5CYeQp3RESgx6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b5c66a87f676fa4f9a35198c4a2bb1aff5990c986f3b218d311ce939b183a9cN

Files

9b5c66a87f676fa4f9a35198c4a2bb1aff5990c986f3b218d311ce939b183a9cN
.dll windows:5 windows x86 arch:x86

3efbf7896e6e7b751b673abdf3dbad41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersAddresses

ws2_32

WSASetLastError
FreeAddrInfoW
GetAddrInfoW
getsockname
socket
WSACloseEvent
WSAStartup
inet_addr
WSARecv
WSASocketW
WSASend
WSAGetLastError
WSAConnect
WSAEnumNetworkEvents
htons
WSAEventSelect
shutdown
WSACreateEvent
bind
sendto
select
recvfrom
connect
closesocket
WSAWaitForMultipleEvents
ntohs

shlwapi

StrToIntA
StrStrIW
StrToIntW
StrStrIA

wininet

InternetQueryDataAvailable
InternetReadFile
InternetQueryOptionW
InternetConnectA
InternetWriteFile
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
HttpEndRequestW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlA
HttpSendRequestExW

advapi32

CryptDestroyKey
OpenProcessToken
CryptAcquireContextW
GetTokenInformation
CryptReleaseContext
LookupPrivilegeValueW
LookupAccountSidW
CryptCreateHash
CryptDestroyHash
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyW
CryptImportKey
CryptVerifySignatureW
CryptHashData
AdjustTokenPrivileges

crypt32

CertDeleteCertificateFromStore
CertOpenStore
CertOpenSystemStoreW
CertAddCertificateContextToStore
CertCloseStore
CertEnumCertificatesInStore
CryptUnprotectData
PFXExportCertStoreEx

kernel32

HeapReAlloc
HeapAlloc
GetCurrentProcessId
CreateToolhelp32Snapshot
HeapFree
HeapDestroy
HeapCreate
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
GetComputerNameA
lstrcatW
lstrcpyW
LocalFree
GetSystemDefaultLangID
GetTempFileNameW
GetPrivateProfileSectionNamesW
FindFirstFileW
GetNativeSystemInfo
GetSystemDefaultUILanguage
lstrcpynA
FreeLibrary
SetDllDirectoryW
GetPrivateProfileStringW
GetUserDefaultLangID
GetPrivateProfileIntA
LoadLibraryW
GetTimeZoneInformation
GetTempPathW
GetPrivateProfileIntW
OpenMutexW
FindClose
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
FindNextFileW
CompareStringA
MapViewOfFile
UnmapViewOfFile
OpenProcess
Process32FirstW
CreateFileMappingW
Process32NextW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrlenA
SetEvent
Sleep
CreateEventA
GetLastError
ResetEvent
CloseHandle
CreateThread
lstrcpyA
TerminateThread
SetThreadPriority
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
lstrcmpA
GetVersionExW
lstrcatA
GetFileSize
FindResourceW
LoadResource
CreateProcessW
SystemTimeToFileTime
GetCurrentProcess
QueryPerformanceCounter
GetModuleHandleW
WriteFile
WideCharToMultiByte
SizeofResource
ReadFile
CreateFileW
lstrlenW
GetProcAddress
VirtualAlloc
GetLocalTime
LockResource

user32

GetSystemMetrics
GetDC
wsprintfW
wsprintfA

gdi32

GetDeviceCaps

shell32

SHGetFolderPathA
SHGetFolderPathW

Sections

.text
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3efbf7896e6e7b751b673abdf3dbad41

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

shlwapi

wininet

advapi32

crypt32

kernel32

user32

gdi32

shell32

Sections

.text Size: 46KB - Virtual size: 48KB

.rdata Size: 10KB - Virtual size: 12KB

.data Size: - Virtual size: 12KB

.rsrc Size: 38KB - Virtual size: 40KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 46KB - Virtual size: 48KB

.rdata
Size: 10KB - Virtual size: 12KB

.data
Size: - Virtual size: 12KB

.rsrc
Size: 38KB - Virtual size: 40KB

.reloc
Size: 2KB - Virtual size: 2KB