43f23d1c25fa028bb3b01ff85f7afd89f711da6dbf0bf813cbd62416e83120ec

Sharing

Copy URL Twitter E-mail

General

Target

43f23d1c25fa028bb3b01ff85f7afd89f711da6dbf0bf813cbd62416e83120ec
Size

2.0MB
MD5

64435c9c4178f5450aac2c8fb54b101d
SHA1

0acb6550dfa3dc2460e6857d5b5aac44ba15662f
SHA256

43f23d1c25fa028bb3b01ff85f7afd89f711da6dbf0bf813cbd62416e83120ec
SHA512

e6327606ad8a9370361c80f4ae5d6121a477475d68331324edd1e363ac1dfd340f43e297b7d51030f9c66137d9e0a40c56baf15229dc985f2dd8b77e24a41aa5
SSDEEP

49152:rE3IRyA/ZPypfJrhVHRDXm/GeHi7Vq/llHXb/s:rV/ZPypxrh5RneHi7Vull3Ts

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43f23d1c25fa028bb3b01ff85f7afd89f711da6dbf0bf813cbd62416e83120ec

Files

43f23d1c25fa028bb3b01ff85f7afd89f711da6dbf0bf813cbd62416e83120ec
.dll windows:5 windows x86 arch:x86

1655f76c90aea016f6a66ff907620e39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

NotifyAddrChange

pdh

PdhAddCounterW

mscms

IsColorProfileValid

wintrust

WTHelperGetProvSignerFromChain
CryptCATAdminEnumCatalogFromHash
WTHelperCertIsSelfSigned

lz32

LZOpenFileW

rasapi32

RasGetAutodialAddressA

kernel32

DeleteCriticalSection
GetTempFileNameW
LeaveCriticalSection
FindActCtxSectionGuid
EnumCalendarInfoW
OutputDebugStringA
GetModuleFileNameA
ReleaseMutex
Thread32Next
FindNextChangeNotification
GetModuleHandleW
GetUserDefaultLCID
GenerateConsoleCtrlEvent
CreateEventW
GetTempPathW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetLocaleInfoW
HeapSize
GetVolumeInformationA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
IsValidLocale
FlushFileBuffers
CompareStringA
CompareStringW
EnumSystemLocalesA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
LoadLibraryA
InterlockedExchange
FreeLibrary
RtlUnwind
InitializeCriticalSectionAndSpinCount
ReadFile
MultiByteToWideChar
GetTimeZoneInformation
SetEnvironmentVariableA
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
IsValidLanguageGroup
WideCharToMultiByte
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
CreateFileA
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetStdHandle
WriteFile
SetConsoleCtrlHandler
ExitProcess
GetProcAddress
GetLastError
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTimeFormatA
GetDateFormatA
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
Sleep

advapi32

EqualSid
SetPrivateObjectSecurity
RegGetKeySecurity
AccessCheckByType

msvfw32

ICDrawBegin

clusapi

OpenCluster

wininet

InternetAutodialHangup
RetrieveUrlCacheEntryStreamA
GetUrlCacheEntryInfoW

ole32

HMENU_UserMarshal
CoGetClassObject
CoDisconnectObject
CoFreeUnusedLibrariesEx
OleUninitialize

ntdsapi

DsBindW

comctl32

ImageList_Create
ImageList_GetImageCount

setupapi

SetupDiClassNameFromGuidExW
SetupDiInstallClassW

netapi32

NetFileEnum

shlwapi

StrRChrIA
StrCmpNW
UrlCanonicalizeA
PathFindSuffixArrayW
UrlCreateFromPathW
SHAutoComplete

winmm

mciSendStringA
mmioSendMessage

gdi32

CreatePenIndirect
UpdateColors
GetWindowOrgEx
GetMapMode
GetCharWidth32A
GetDIBits

user32

RegisterHotKey
IsWindow
DialogBoxParamW
LoadMenuIndirectA
CharPrevW
FindWindowExA
TrackPopupMenuEx
IsCharAlphaA
GetParent
UnhookWinEvent
SetCursor
DialogBoxIndirectParamA
GetRawInputDeviceList

urlmon

CreateURLMoniker

opengl32

glGetString
glEvalMesh1

rpcrt4

I_RpcSendReceive
RpcRaiseException
I_RpcFree

Exports

Exports

EylthebQkhfni

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 920KB - Virtual size: 918KB

IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

+.7N
Size: 988KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1655f76c90aea016f6a66ff907620e39

Headers

File Characteristics

Imports

iphlpapi

pdh

mscms

wintrust

lz32

rasapi32

kernel32

advapi32

msvfw32

clusapi

wininet

ole32

ntdsapi

comctl32

setupapi

netapi32

shlwapi

winmm

gdi32

user32

urlmon

opengl32

rpcrt4

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.code Size: 4KB - Virtual size: 3KB

.rdata Size: 920KB - Virtual size: 918KB

.data Size: 52KB - Virtual size: 62KB

+.7N Size: 988KB - Virtual size: 985KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 88KB - Virtual size: 84KB

.code
Size: 4KB - Virtual size: 3KB

.rdata
Size: 920KB - Virtual size: 918KB

.data
Size: 52KB - Virtual size: 62KB

+.7N
Size: 988KB - Virtual size: 985KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 28KB - Virtual size: 25KB