b579f3574580b0ffd4f5125bcc08f994ba3754889d1bf27492f3fb0cb470b559N

Sharing

Copy URL

Twitter E-mail

General

Target

b579f3574580b0ffd4f5125bcc08f994ba3754889d1bf27492f3fb0cb470b559N
Size

2.7MB
MD5

7a3b321fa37d47e9d63c49e0219cdfc0
SHA1

b97f39d0fe12c6390f00f8616ecdbe84d1b7c38c
SHA256

b579f3574580b0ffd4f5125bcc08f994ba3754889d1bf27492f3fb0cb470b559
SHA512

c394dc0087c1bcc92ec06502422abc5a6fb2c18625636f3ac59c836f8f5e7a9e88040728019bf768e85c08e8a8b74e64714974480654d01461b6774f8083cc46
SSDEEP

49152:hoth4NEAnkV115Me6Qnt3ZAM84a/HwTLC5yMvYt+o+dJIRlhYzP:i6kVtMQNGH5vbvYw70DK7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b579f3574580b0ffd4f5125bcc08f994ba3754889d1bf27492f3fb0cb470b559N

Files

b579f3574580b0ffd4f5125bcc08f994ba3754889d1bf27492f3fb0cb470b559N
.dll windows:5 windows x86 arch:x86

eaf2122d0976cc4be5e63ee4691ca3f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

od9zk**z

Imports

advapi32

CryptSignHashA
OpenProcessToken
RegOpenCurrentUser
CryptDestroyKey
IsWellKnownSid

shlwapi

StrChrA
StrCmpLogicalW
SHReleaseThreadRef

gdi32

CreateEllipticRgn
GetGraphicsMode
SetMapperFlags

netapi32

NetGroupAdd
NetGroupSetInfo

rasapi32

RasSetCustomAuthDataW
RasSetEntryPropertiesW

ole32

OleGetIconOfClass

oleaut32

SafeArrayCreate

crypt32

CertGetCRLContextProperty

shell32

ShellExecuteA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
CreateFileA
GetProfileIntA
SetConsoleCursorPosition
WritePrivateProfileStructA
DeleteCriticalSection
GetStdHandle
GetModuleHandleW
PulseEvent
SetHandleCount
GetConsoleMode
GetProcessId
OutputDebugStringA
GetModuleFileNameA
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
GetLastError
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapFree
Sleep
SetStdHandle
InitializeCriticalSectionAndSpinCount
ExitProcess
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
WideCharToMultiByte
GetConsoleCP
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetInputState
DeregisterShellHookWindow
DragDetect
GetDlgItemTextA
SetLayeredWindowAttributes
TrackPopupMenuEx
MessageBoxA

lz32

LZSeek

imm32

ImmSetCompositionWindow

wininet

InternetGetConnectedState

setupapi

SetupGetMultiSzFieldW

winmm

waveOutMessage

Exports

Exports

EaoanceacUdsto

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FONST
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

h1mNjiv2
Size: 1016KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaf2122d0976cc4be5e63ee4691ca3f3

Headers

File Characteristics

PDB Paths

Imports

advapi32

shlwapi

gdi32

netapi32

rasapi32

ole32

oleaut32

crypt32

shell32

kernel32

user32

lz32

imm32

wininet

setupapi

winmm

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 312KB - Virtual size: 321KB

FONST Size: 16KB - Virtual size: 14KB

h1mNjiv2 Size: 1016KB - Virtual size: 1012KB

.rsrc Size: 40KB - Virtual size: 38KB

.reloc Size: 44KB - Virtual size: 42KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 312KB - Virtual size: 321KB

FONST
Size: 16KB - Virtual size: 14KB

h1mNjiv2
Size: 1016KB - Virtual size: 1012KB

.rsrc
Size: 40KB - Virtual size: 38KB

.reloc
Size: 44KB - Virtual size: 42KB