d8d5341778fe3d31eab1e4763cdbd2f06ddda34f6f5d0949c5d66a635c7ff558N

Sharing

Copy URL

Twitter E-mail

General

Target

d8d5341778fe3d31eab1e4763cdbd2f06ddda34f6f5d0949c5d66a635c7ff558N
Size

1.6MB
MD5

613a5a7bb109837ce1c74720ad661ed0
SHA1

8ace0229c46d50e2e53f47a7f3f5b253c6b1d26f
SHA256

d8d5341778fe3d31eab1e4763cdbd2f06ddda34f6f5d0949c5d66a635c7ff558
SHA512

a350e3fa419d27f50395cbb55d28ed99e6779f2647063add0adf12ea5eee6a2eee0c8dbfff5ee93d7f404742183b1db78814e9125ece8da7da66523d32559456
SSDEEP

24576:yqLfuF00OTX2vgdKlkUOrHFDTXwE0dpyiy:luFTw2vZkHrhTXMp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8d5341778fe3d31eab1e4763cdbd2f06ddda34f6f5d0949c5d66a635c7ff558N

Files

d8d5341778fe3d31eab1e4763cdbd2f06ddda34f6f5d0949c5d66a635c7ff558N
.dll windows:6 windows x64 arch:x64

078e65177acade8c9985fde4abb3e338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EventWrite
EventRegister
EventEnabled

bcrypt

BCryptOpenAlgorithmProvider
BCryptImportKey
BCryptDecrypt
BCryptEncrypt
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptSetProperty
BCryptGenRandom

iphlpapi

GetAdaptersAddresses
GetPerAdapterInfo
GetNetworkParams

kernel32

TlsAlloc
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
TlsGetValue
TlsFree
RtlUnwind
TlsSetValue
SetLastError
GetLastError
MultiByteToWideChar
GetStdHandle
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
GetFullPathNameW
GetLongPathNameW
WideCharToMultiByte
LocalAlloc
GetConsoleOutputCP
GetProcAddress
RaiseFailFastException
CreateFileW
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FreeLibrary
GetFileAttributesExW
LoadLibraryExW
QueryUnbiasedInterruptTime
SetThreadErrorMode
CreateThread
ResumeThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
WriteFile
CloseHandle
SetEvent
ResetEvent
CreateEventExW
FormatMessageW
VirtualAllocEx
SetThreadContext
OpenProcess
TerminateProcess
CreateProcessW
GetThreadContext
GetModuleHandleW
LoadLibraryW
FlushProcessWriteBuffers
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetEnvironmentVariableW
GetSystemTimeAsFileTime
DebugBreak
SleepEx
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx
GetCurrentProcessorNumberEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
SetThreadGroupAffinity
SetThreadAffinityMask
GetNumaProcessorNodeEx
K32GetProcessMemoryInfo
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoGetApartmentType
CoWaitForMultipleHandles

secur32

GetUserNameExW

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

strcmp
_wcsicmp
wcsncmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
abort
terminate
_cexit
_crt_atexit
_initterm_e
_execute_onexit_table
_register_onexit_function
_configure_narrow_argv
_initialize_onexit_table
_initialize_narrow_environment
_initterm

Exports

Exports

BiaCwnxm

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

078e65177acade8c9985fde4abb3e338

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

iphlpapi

kernel32

ole32

secur32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 616KB - Virtual size: 616KB

.managed Size: 454KB - Virtual size: 453KB

.rdata Size: 429KB - Virtual size: 429KB

.data Size: 89KB - Virtual size: 150KB

.pdata Size: 58KB - Virtual size: 58KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 784B

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 616KB - Virtual size: 616KB

.managed
Size: 454KB - Virtual size: 453KB

.rdata
Size: 429KB - Virtual size: 429KB

.data
Size: 89KB - Virtual size: 150KB

.pdata
Size: 58KB - Virtual size: 58KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 30KB - Virtual size: 30KB