217eeb2c1b3107b980ac4053edb8d2a86399a6e1450ca0993df5a639733b24b0N

Sharing

Copy URL Twitter E-mail

General

Target

217eeb2c1b3107b980ac4053edb8d2a86399a6e1450ca0993df5a639733b24b0N
Size

144KB
MD5

02dd09735f91a9382443d3cc8fbb8280
SHA1

f79825261afeb79b6056011fd80635de6079b331
SHA256

217eeb2c1b3107b980ac4053edb8d2a86399a6e1450ca0993df5a639733b24b0
SHA512

e4f3568ca408ea6ba9cb885aff4c13c3c8efd78463db5788dd5ddc8b0dae9f47c6fcb0d5c5cd7378a51c923dcce88bc2455aa376d1785f316bcc435744d8eb7a
SSDEEP

3072:oGLrSDe7/HgUIC47jNNirmkQijffrovISWwrYkofp/GLKqKzAkn1:oGiUH6C8cmkzffrovPnkkkxqKzAe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
217eeb2c1b3107b980ac4053edb8d2a86399a6e1450ca0993df5a639733b24b0N

Files

217eeb2c1b3107b980ac4053edb8d2a86399a6e1450ca0993df5a639733b24b0N
.dll windows:4 windows x86 arch:x86

7fd12ee87e7ecb3a191d8915368ef300

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingA
GlobalFree
GetCommandLineA
InterlockedCompareExchange
HeapAlloc
WriteProcessMemory
GetModuleHandleA
CreateMutexW
InterlockedDecrement
EnterCriticalSection
WaitForSingleObject
CreateProcessA
GetModuleFileNameA
WriteFile
MapViewOfFile
OpenEventA
CreateFileMappingA
GetLastError
GetProcAddress
CreateDirectoryA
Sleep
GlobalAlloc
GetTickCount
HeapFree
ExitProcess
GetCurrentProcess
GetProcessHeap
CopyFileA
InterlockedIncrement
ReadProcessMemory
CloseHandle
UnmapViewOfFile
SetLastError
CreateFileA
GetComputerNameA
CreateEventA
GetVolumeInformationA
LoadLibraryA
TerminateProcess
LeaveCriticalSection
LocalFree

ole32

CoTaskMemAlloc
CoCreateGuid
CoSetProxyBlanket
OleCreate
CoCreateInstance
OleSetContainedObject
CoInitialize
CoUninitialize

user32

GetWindowLongA
GetParent
GetSystemMetrics
SetWindowsHookExA
UnhookWindowsHookEx
PostQuitMessage
FindWindowA
RegisterWindowMessageA
SetWindowLongA
GetCursorPos
GetWindow
GetWindowThreadProcessId
ClientToScreen
SendMessageA
KillTimer
DefWindowProcA
GetClassNameA
PeekMessageA
ScreenToClient
SetTimer
TranslateMessage
DispatchMessageA
DestroyWindow
GetMessageA
CreateWindowExA

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegCloseKey
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
DuplicateTokenEx
RegQueryValueExA
SetTokenInformation
GetUserNameA
RegSetValueExA

shell32

SHGetFolderPathA

Exports

Exports

DesktopPathapi

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 937B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fd12ee87e7ecb3a191d8915368ef300

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 937B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 937B

.reloc
Size: 8KB - Virtual size: 6KB