8c735723795473374bcd4fe8239c1c1de7d2f116944a764085bda2717c08b420N

Sharing

Copy URL Twitter E-mail

General

Target

8c735723795473374bcd4fe8239c1c1de7d2f116944a764085bda2717c08b420N
Size

113KB
MD5

30d4b4f65886be9001fa000d2acb2020
SHA1

3f5b8f056dc6842dc17f2b903e439d0580413d4b
SHA256

8c735723795473374bcd4fe8239c1c1de7d2f116944a764085bda2717c08b420
SHA512

f795840a17986d210f887739899383892fcb54dc94a62b27ba44d1a5a74368431d706a54a496d75604fd8d0fe18ab28f032fa7647228258c713ecdda738575a0
SSDEEP

3072:It7k69OVXZISzZkqVsk2quGH/qCmaytMVdZlTKWl5GLKx:IA1GI2qdH/qBaytMdlTH5GLK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c735723795473374bcd4fe8239c1c1de7d2f116944a764085bda2717c08b420N

Files

8c735723795473374bcd4fe8239c1c1de7d2f116944a764085bda2717c08b420N
.dll windows:6 windows x86 arch:x86

48d1ebb4c57e771a23f408058a151f7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rainmeter

RmPathToAbsolute
RmReadString
RmLog
RmLogF
RmReplaceVariables
RmGet

kernel32

HeapReAlloc
HeapSize
ReadConsoleW
OpenProcess
CloseHandle
VirtualAllocEx
ReadProcessMemory
GetCurrentProcessId
QueryFullProcessImageNameW
VirtualFreeEx
DisableThreadLibraryCalls
SetEndOfFile
ReadFile
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
WriteConsoleW
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

PostMessageW
SendMessageW
FindWindowW
GetWindowThreadProcessId
ReleaseDC
DestroyIcon
PrivateExtractIconsW
GetIconInfo
GetDC
FindWindowExW

gdi32

GetObjectW
DeleteObject
GetDIBits

shell32

SHGetFileInfoW
ord727

Exports

Exports

AppPath
ExecuteBang
Finalize
HiddenCount
IconPath
Initialize
Reload
ShownCount
Update

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48d1ebb4c57e771a23f408058a151f7b

Headers

DLL Characteristics

File Characteristics

Imports

rainmeter

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 100KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 101KB - Virtual size: 100KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 5KB - Virtual size: 4KB