97bd92cb06c1da1d2ae68f73380c47cf99b044b776069682dfe937c5a8d36095N

Sharing

Copy URL

Twitter E-mail

General

Target

97bd92cb06c1da1d2ae68f73380c47cf99b044b776069682dfe937c5a8d36095N
Size

180KB
MD5

2d9ddd84aa59a3bd3ff4bb2200444ae0
SHA1

b43630c7ed24452365b90ab3d713d576cbcdcd60
SHA256

97bd92cb06c1da1d2ae68f73380c47cf99b044b776069682dfe937c5a8d36095
SHA512

d91b65ab4645a7c0880612cd95737c47e2158851d3ac550e28718942c7cb2a4d0ac151c6abbe809242550530b8c5b56561d4cc55ffad7678d282eae4566b117f
SSDEEP

3072:l82DHDd3sEN+GAyaLILdkvGTrqZPDXjeng:pzJxfFaLadkB9fen

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97bd92cb06c1da1d2ae68f73380c47cf99b044b776069682dfe937c5a8d36095N

Files

97bd92cb06c1da1d2ae68f73380c47cf99b044b776069682dfe937c5a8d36095N
.dll windows:4 windows x86 arch:x86

e7b292cf8c13a100156228fc05cb4f98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoGetInterfaceAndReleaseStream
CreateObjrefMoniker
OleCreateMenuDescriptor
CoGetContextToken
CoRevertToSelf
CoDosDateTimeToFileTime
HBITMAP_UserFree
CoTaskMemAlloc
CoRegisterSurrogate
OleCreateDefaultHandler
CoGetCancelObject
CoFreeUnusedLibraries
ReadClassStm
RevokeDragDrop
OleSetMenuDescriptor
FmtIdToPropStgName
OleLoadFromStream
OleUninitialize
CreatePointerMoniker
CreateItemMoniker
PropVariantCopy
StgIsStorageILockBytes
OleConvertIStorageToOLESTREAMEx
CoInitializeSecurity
OleCreateLinkEx
GetHGlobalFromStream
CreateDataAdviseHolder
HACCEL_UserFree

advapi32

CryptSetProviderExW
RegQueryInfoKeyW
SetFileSecurityA
GetEventLogInformation
SetPrivateObjectSecurityEx
RegEnumKeyExA
RegOpenKeyW
GetSecurityDescriptorControl
SetSecurityDescriptorSacl
ClearEventLogW
SetKernelObjectSecurity
RegDeleteKeyW
RegSaveKeyW
ObjectOpenAuditAlarmA
DuplicateTokenEx
QueryServiceLockStatusA
RegOpenKeyExW
LookupPrivilegeValueW
IsWellKnownSid
SetTokenInformation
IsTextUnicode
ReadEncryptedFileRaw
CryptSetProvParam
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
CryptSetKeyParam

kernel32

SetFilePointer
VirtualAlloc
SetTimerQueueTimer
CreateHardLinkW
_lread
FindResourceA
GetUserDefaultUILanguage
AssignProcessToJobObject
CreateHardLinkA
CreateFileMappingW
GetNamedPipeHandleStateA
DeleteAtom
PostQueuedCompletionStatus
GlobalUnWire
SetInformationJobObject
FindClose
CreatePipe
MulDiv
UnmapViewOfFile
EnumSystemLanguageGroupsA
SetConsoleCtrlHandler
SetMailslotInfo
FileTimeToSystemTime
SetConsoleActiveScreenBuffer
GlobalAlloc
GlobalFree
LocalAlloc
GlobalMemoryStatus
AssignProcessToJobObject
GetCommMask
LocalFree
CreateDirectoryExW
FindVolumeMountPointClose
GetComputerNameExA
SetSystemPowerState
FindAtomA
ReadConsoleInputW
GetSystemInfo
UpdateResourceW
SetConsoleScreenBufferSize
Beep
SetMessageWaitingIndicator
GetCommTimeouts
FindVolumeClose
lstrcpyA
SetFileApisToOEM
DeleteTimerQueueTimer

Exports

Exports

CGIMAMP
CGIMedia
CGIMemoryFilename
CGIPlainExport
CGIProcess
CGISkinControl

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7b292cf8c13a100156228fc05cb4f98

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 20KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 20KB