1c1e3cf6f2fd6b4eda5af7ff5f53d813699ca4116f7994df0eaeefa1ece88dc2N

Sharing

Copy URL Twitter E-mail

General

Target

1c1e3cf6f2fd6b4eda5af7ff5f53d813699ca4116f7994df0eaeefa1ece88dc2N
Size

3.1MB
MD5

f81ae0281a7ca52f4452fd173ab8a400
SHA1

7483fb2db778663a76e7021dba99465f7b07f69c
SHA256

1c1e3cf6f2fd6b4eda5af7ff5f53d813699ca4116f7994df0eaeefa1ece88dc2
SHA512

14b90877318fd7b42a0ff7ba411c338108d718d2c7f84520940dcbc0337b676437c30711894658f712fc3c2531089deba863de09ad53248a72ea7ab011494974
SSDEEP

49152:EdSfF9YwNDFUaM27ezwxtSeWTq1Br9bHE3yT+Hx3SGost:EkfFt7ezwxtSeWWPrNyN5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c1e3cf6f2fd6b4eda5af7ff5f53d813699ca4116f7994df0eaeefa1ece88dc2N

Files

1c1e3cf6f2fd6b4eda5af7ff5f53d813699ca4116f7994df0eaeefa1ece88dc2N
.dll windows:5 windows x86 arch:x86

9d59e2a3af191ec3f19f44df486edc1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mprapi

MprAdminPortDisconnect
MprConfigInterfaceTransportGetInfo

comdlg32

FindTextA

winmm

waveInClose
mixerGetNumDevs
waveOutGetPlaybackRate
waveOutClose

ws2_32

getprotobyname
select

winscard

SCardEndTransaction
SCardConnectA
SCardIntroduceCardTypeA
SCardListInterfacesA
SCardStatusW

netapi32

NetUserDel
NetGroupAddUser

oleaut32

VarUI4FromStr
CreateTypeLi
VarBstrFromUI1
BSTR_UserUnmarshal
VarCyFromDate

shlwapi

StrRStrIW
StrCmpNW
StrRChrIW
PathUnExpandEnvStringsW
PathGetDriveNumberA
SHDeleteKeyW

setupapi

CM_Get_Device_Interface_List_ExW
SetupDiEnumDeviceInterfaces
CM_Get_Hardware_Profile_Info_ExW
SetupDiDeleteDevRegKey
SetupGetLineByIndexW
CM_Get_DevNode_Custom_PropertyW
CM_Get_DevNode_Status_Ex

gdi32

GetTextCharset
SetTextCharacterExtra
CreateColorSpaceA
EqualRgn
RemoveFontResourceW
FrameRgn
StretchBlt
CloseMetaFile
SetArcDirection
PolyTextOutA
GetAspectRatioFilterEx
StartDocA
SetMetaFileBitsEx

comctl32

InitCommonControlsEx

wininet

FindNextUrlCacheEntryExW
SetUrlCacheEntryInfoA

rpcrt4

NdrConformantArrayMarshall
NdrAsyncServerCall
NdrSimpleStructMarshall
NdrSimpleTypeMarshall

user32

GetUpdateRgn
InflateRect
GetRawInputDeviceList
LoadIconA
CreateDialogParamA
EnumDesktopsA
UpdateWindow
KillTimer
IsIconic
RegisterClipboardFormatW
ClipCursor
RemovePropA
SetLayeredWindowAttributes
ChangeMenuW
ScreenToClient

shell32

CommandLineToArgvW

pdh

PdhEnumMachinesHW

winspool.drv

OpenPrinterW

msvcrt

fgets
vfprintf
wcsspn
toupper
wcscoll
memset
fgetc

crypt32

PFXExportCertStoreEx
CertSerializeCertificateStoreElement
CryptMsgGetAndVerifySigner
PFXImportCertStore
CryptFreeOIDFunctionAddress

ole32

CoSuspendClassObjects
CreateDataCache
WriteClassStg
HICON_UserUnmarshal
GetHGlobalFromStream
OleQueryLinkFromData
CoFileTimeNow
HICON_UserMarshal

kernel32

OutputDebugStringA
SetErrorMode
GetPrivateProfileStructA
GetPrivateProfileIntA
AssignProcessToJobObject
CloseHandle
GetVersion
RemoveVectoredExceptionHandler
SetWaitableTimer
ReadConsoleOutputW
GlobalGetAtomNameW
EnterCriticalSection
GetStdHandle
GetModuleHandleW
GetModuleFileNameA
GetBinaryTypeW
GetModuleFileNameW
FindAtomA
GetComputerNameA
GetSystemDefaultUILanguage
QueryDosDeviceW
BuildCommDCBA
ReplaceFileA
GetSystemTimeAdjustment
LoadLibraryW
InterlockedFlushSList
UnregisterWait
LocalFree
SetStdHandle
GetLongPathNameW
PurgeComm
GlobalAddAtomW
FindVolumeMountPointClose

clusapi

ClusterRegSetValue

powrprof

IsPwrHibernateAllowed

secur32

VerifySignature

advapi32

BuildTrusteeWithNameW
ObjectOpenAuditAlarmW
RegEnumKeyW
SaferIdentifyLevel
StartServiceCtrlDispatcherA
SetTokenInformation
GetFileSecurityW
IsValidSecurityDescriptor
AccessCheck
RegUnLoadKeyA
RevertToSelf
InitiateSystemShutdownExW
IsValidAcl
GetExplicitEntriesFromAclW
ImpersonateNamedPipeClient
RegDeleteKeyA
CloseEncryptedFileRaw
RegEnumValueW
EqualDomainSid

rasapi32

RasDialW
RasSetEapUserDataA

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 412KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d59e2a3af191ec3f19f44df486edc1b

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

comdlg32

winmm

ws2_32

winscard

netapi32

oleaut32

shlwapi

setupapi

gdi32

comctl32

wininet

rpcrt4

user32

shell32

pdh

winspool.drv

msvcrt

crypt32

ole32

kernel32

clusapi

powrprof

secur32

advapi32

rasapi32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.CRT Size: 4KB - Virtual size: 3KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 412KB - Virtual size: 413KB

.crt Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 100KB - Virtual size: 98KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.CRT
Size: 4KB - Virtual size: 3KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 412KB - Virtual size: 413KB

.crt
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 100KB - Virtual size: 98KB