0f4f2852f322755543837c95f86646e78fcb542207eee1f9ebf65baecdffd60dN

Sharing

Copy URL

Twitter E-mail

General

Target

0f4f2852f322755543837c95f86646e78fcb542207eee1f9ebf65baecdffd60dN
Size

57KB
MD5

116e9450d816751811ed8439d496e520
SHA1

5308f29e500ca329c7274dfe1fe92983c20e39a7
SHA256

0f4f2852f322755543837c95f86646e78fcb542207eee1f9ebf65baecdffd60d
SHA512

86c9f0707765c61cdc492e2f02f080464ef5891d9c62a83547850a05500ccd7b7f5c1b00e79d7a85fe39f98869c468786c07211d7a56a8ed8e1502f7a9937f39
SSDEEP

768:mev69AiFD+GmoxUJMRpbe5dtEkb8JAOuDGmBzuUUq3gW9B8EgGAfeAa/:bv69AiFDzGJMLbe5kkSvUSUUqDAfeAG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f4f2852f322755543837c95f86646e78fcb542207eee1f9ebf65baecdffd60dN

Files

0f4f2852f322755543837c95f86646e78fcb542207eee1f9ebf65baecdffd60dN
.dll windows:6 windows x86 arch:x86

7a40941b33600c8ea5f255984f62c5f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

icardie.pdb

Imports

msvcrt

memcpy
_onexit
_lock
__dllonexit
_unlock
??3@YAXPAX@Z
_amsg_exit
_initterm
_XcptFilter
memset
realloc
??2@YAPAXI@Z
_adjust_fdiv
_errno
_purecall
_resetstkoflw
malloc
_wcsicmp
free

ole32

CoTaskMemAlloc
CoTaskMemFree
ProgIDFromCLSID
CoCreateInstance
CLSIDFromString
CoTaskMemRealloc

oleaut32

SafeArrayRedim
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayGetElement
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
VariantCopy
VariantClear
VariantChangeType
VarUI4FromStr
SetErrorInfo
CreateErrorInfo
LoadRegTypeLi
LoadTypeLi
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
SafeArrayAccessData
SafeArrayGetUBound
SysAllocStringLen

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExA
GetProcAddress
LoadLibraryExW
GetSystemDirectoryW
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleFileNameW
RaiseException
GetLastError
DisableThreadLibraryCalls
GetModuleHandleW
FindResourceW
LoadResource
SizeofResource
lstrcmpiW
FreeLibrary
LocalAlloc
lstrlenW
FormatMessageW
LocalFree
InterlockedDecrement
InterlockedIncrement

user32

UnregisterClassA
LoadStringW
CharNextW

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW

wininet

InternetGetSecurityInfoByURLW

shlwapi

ord158
ord156
UrlGetPartW

crypt32

CertSerializeCertificateStoreElement

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a40941b33600c8ea5f255984f62c5f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ole32

oleaut32

kernel32

user32

advapi32

wininet

shlwapi

crypt32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 2KB