1979531c63e96f7f59c9462bb21855c16d4a0df6c61a62d1e169dff30b25ba89N

Sharing

Copy URL Twitter E-mail

General

Target

1979531c63e96f7f59c9462bb21855c16d4a0df6c61a62d1e169dff30b25ba89N
Size

356KB
MD5

0b05d3bb1da77f11c7f5be5a115652f0
SHA1

c3d27b8126ae29307d52ef31c1714572c8143809
SHA256

1979531c63e96f7f59c9462bb21855c16d4a0df6c61a62d1e169dff30b25ba89
SHA512

94ffd628192615aaff9c8d0455124acf5db1988af6991763eb1763cae7e1834bd9142788046ff7bfd83c46f9f689ade665e9fe9870f03309d9467a70cb82cc7d
SSDEEP

6144:hKjNPTDDHd4L9l170GkcSNXdvKMMpvAm+zbI/ni61jJyYeL:spPTDDHd4L9TAhlNNvKMCAm6bINtYYeL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1979531c63e96f7f59c9462bb21855c16d4a0df6c61a62d1e169dff30b25ba89N

Files

1979531c63e96f7f59c9462bb21855c16d4a0df6c61a62d1e169dff30b25ba89N
.dll windows:4 windows x86 arch:x86

6c7342402f0ca31c5fe7edb2f5e4fed8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
SetLastError
MultiByteToWideChar
CloseHandle
OpenProcess
DeleteFileW
SetEvent
CompareStringW
CreateDirectoryW
SetNamedPipeHandleState
TransactNamedPipe
GetOverlappedResult
WaitNamedPipeW
GetFileSize
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
Sleep
GetVersionExW
GetSystemDefaultLangID
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetBinaryTypeW
SetFilePointer
WriteFile
CopyFileW
GetACP
Thread32First
Thread32Next
ResumeThread
GetThreadContext
LoadLibraryW
CreateRemoteThread
TerminateProcess
GetLongPathNameW
WideCharToMultiByte
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
ExpandEnvironmentStringsW
GetFileAttributesW
SystemTimeToFileTime
GetExitCodeProcess
CreateEventA
DuplicateHandle
CreateFileMappingA
MapViewOfFile
GetCurrentThreadId
OpenThread
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
WaitForMultipleObjects
ReleaseMutex
UnmapViewOfFile
GetTempPathW
GetTickCount
CreateFileW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
GetProcAddress
GetCurrentThread
GetCurrentProcess
HeapAlloc
GetConsoleCP
CreateFileA
lstrcmpiW
GetCurrentProcessId
LoadLibraryA
GetLastError
FreeLibrary
LocalAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
InterlockedCompareExchange
InterlockedExchange
RaiseException

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
exit
_XcptFilter
_exit
_cexit
__getmainargs
_controlfp
_adjust_fdiv
?terminate@@YAXXZ
_initterm

shlwapi

PathFindExtensionA
StrStrIW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

AOfWithinTo
ConfigurationTheWith
IsBooleanFileTheWhitespace
IsHeader
LinesOption
MayConfigurationOptional
MustAppearExceptionSection
OneWhitespaceLearn
ShareThe
WhatTheAndTheStarts
WithinLineEmpty

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 4KB - Virtual size: 527B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 599B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c7342402f0ca31c5fe7edb2f5e4fed8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

version

msvcrt

shlwapi

setupapi

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 169KB

.adata Size: 4KB - Virtual size: 527B

.edata Size: 4KB - Virtual size: 599B

.tls Size: 4KB - Virtual size: 1KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 16KB - Virtual size: 284KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 172KB - Virtual size: 169KB

.adata
Size: 4KB - Virtual size: 527B

.edata
Size: 4KB - Virtual size: 599B

.tls
Size: 4KB - Virtual size: 1KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 16KB - Virtual size: 284KB

.reloc
Size: 4KB - Virtual size: 2KB