4c29136a7c79c79409ce8255d3b6157b4fc08a591220993bb90645f2acac2cab

Sharing

Copy URL

Twitter E-mail

General

Target

4c29136a7c79c79409ce8255d3b6157b4fc08a591220993bb90645f2acac2cab
Size

940KB
MD5

4087adacea74316cd6099ea4f269c758
SHA1

a5d17da00274ea0ce366dd891baca90be38b587b
SHA256

4c29136a7c79c79409ce8255d3b6157b4fc08a591220993bb90645f2acac2cab
SHA512

f6377700b210cc2503f495a68dc6485ba880c5a88724657b6851c6889be808d2650f77bd3303c0088da2e518d305b2d29797d565dce19502d8cea4c5b52d29ed
SSDEEP

12288:EPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8:EtKTrsKSKBTSb6DUXWq8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4c29136a7c79c79409ce8255d3b6157b4fc08a591220993bb90645f2acac2cab

Files

4c29136a7c79c79409ce8255d3b6157b4fc08a591220993bb90645f2acac2cab
.dll windows:5 windows x64 arch:x64

8d681d21965c4762199ac2bb118f7c17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrTrimW
UrlUnescapeA

wintrust

CryptCATPutAttrInfo

kernel32

UnregisterWaitEx
EnumTimeFormatsA
GetNLSVersion
GetLastError
CloseHandle
SetEvent
FindActCtxSectionStringW

wininet

GetUrlCacheEntryInfoW

setupapi

SetupLogErrorA
SetupDiSetSelectedDriverA

mscms

AssociateColorProfileWithDeviceW

msvcrt

ldiv
isdigit

rpcrt4

UuidIsNil
RpcBindingSetAuthInfoExA
NdrUserMarshalUnmarshall

oleaut32

VarDateFromCy
VarR8FromDec

ole32

HICON_UserMarshal

mprapi

MprAdminInterfaceTransportAdd

gdi32

CopyEnhMetaFileW
CreateMetaFileW
CreateDiscardableBitmap
SetWindowExtEx
GetRegionData
DeleteColorSpace

netapi32

NetShareGetInfo

Exports

Exports

CreateXmlReader
CreateXmlReaderInputWithEncodingCodePage
CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlWriterOutputWithEncodingCodePage
CreateXmlWriterOutputWithEncodingName

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 628KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d681d21965c4762199ac2bb118f7c17

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wintrust

kernel32

wininet

setupapi

mscms

msvcrt

rpcrt4

oleaut32

ole32

mprapi

gdi32

netapi32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 628KB - Virtual size: 624KB

.data Size: 112KB - Virtual size: 111KB

.pdata Size: 4KB - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 30KB

.reloc Size: 12KB - Virtual size: 9KB

Size: 4KB - Virtual size: 503B

Size: 4KB - Virtual size: 503B

Size: 4KB - Virtual size: 318B

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 628KB - Virtual size: 624KB

.data
Size: 112KB - Virtual size: 111KB

.pdata
Size: 4KB - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 30KB

.reloc
Size: 12KB - Virtual size: 9KB