a6249f336608bc3ae792723c7e19837605e7e6994b1f535611134879f41a0544N

Sharing

Copy URL Twitter E-mail

General

Target

a6249f336608bc3ae792723c7e19837605e7e6994b1f535611134879f41a0544N
Size

410KB
MD5

c1966b5dfc8dc5c9212449814c7aad80
SHA1

1cc6a0975f9be3c10b369fed1edda930ebc60373
SHA256

a6249f336608bc3ae792723c7e19837605e7e6994b1f535611134879f41a0544
SHA512

ed8ebefbff5f52bddf059dd5e6ed8b3d778942e3736f363caa6466ab5d8e37794739bf6a76c568a221181a6730eefb20de43ddc5cbaaa27ac676624c172fe5eb
SSDEEP

6144:nBRtCM5eAbUHErIApb6NxFCoehJGkk2pe+7vhN5uQ:nxdUaUHAt6NTCoeSkkR+ThN5u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6249f336608bc3ae792723c7e19837605e7e6994b1f535611134879f41a0544N

Files

a6249f336608bc3ae792723c7e19837605e7e6994b1f535611134879f41a0544N
.dll windows:4 windows x86 arch:x86

f6cdd34e3cb572bf9192a5de9d96c5e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetStartupInfoW
CreateWaitableTimerA
CloseHandle
CreateJobObjectA
CreateToolhelp32Snapshot
WriteFile
CreateFileA
MoveFileExW
InterlockedPushEntrySList
CallNamedPipeA
GetShortPathNameA
CreateTimerQueue
UTRegister
PrivCopyFileExW
RegisterConsoleIME
AddConsoleAliasW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
lstrcmpW
GetConsoleWindow
Heap32ListFirst
SetTimeZoneInformation
GetConsoleDisplayMode
RemoveDirectoryW
GetNumberOfConsoleMouseButtons
DeleteTimerQueue
InterlockedCompareExchange
VirtualUnlock
SetLocalTime
GetModuleHandleExA
GetLocaleInfoA
GetCurrentConsoleFont
FindActCtxSectionStringA
GetNumberOfConsoleInputEvents
SetNamedPipeHandleState
IsBadStringPtrA
RaiseException
GetDriveTypeA
QueryPerformanceCounter
LocalFree
GlobalMemoryStatusEx
DecodeSystemPointer
VerLanguageNameW
GetCommandLineW
GetPrivateProfileStructW
ResumeThread
WriteConsoleW
ReadConsoleOutputCharacterA
AddLocalAlternateComputerNameW
OpenMutexA
GetNumberFormatW
VirtualProtect
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
LoadLibraryA

esent

JetGetCursorInfo
JetRenameTable
JetCreateTableColumnIndex
JetGetIndexInfo
JetPrepareUpdate
JetSnapshotStart
JetRenameColumn
JetCreateInstance2
JetStopBackup
JetGetLogInfoInstance
JetTerm
JetStopService
JetDeleteIndex
JetResetTableSequential
JetCommitTransaction
JetReadFileInstance
JetDetachDatabase
JetSetSessionContext
JetPrepareToCommitTransaction
JetGetRecordPosition
JetDetachDatabase2
JetGetTableInfo
JetBeginSession
JetSetColumn
JetDupCursor
JetEndSession
JetTerm2
JetCloseTable
JetGetAttachInfoInstance
JetOpenTempTable
JetCreateInstance
JetAttachDatabase
JetIntersectIndexes
JetOpenTable
JetEscrowUpdate
JetDeleteColumn2

samlib

SamGetDisplayEnumerationIndex
SamChangePasswordUser2
SamCreateUser2InDomain
SamDeleteUser
SamTestPrivateFunctionsUser
SamRemoveMemberFromGroup
SamiLmChangePasswordUser
SamDeleteGroup
SamFreeMemory
SamQueryDisplayInformation
SamEnumerateGroupsInDomain
SamRemoveMemberFromAlias
SamiEncryptPasswords
SamEnumerateUsersInDomain
SamiChangePasswordUser2
SamOpenGroup
SamSetInformationUser
SamEnumerateAliasesInDomain
SamSetInformationAlias
SamLookupIdsInDomain
SamGetCompatibilityMode
SamAddMultipleMembersToAlias
SamQueryInformationUser
SamGetMembersInAlias
SamLookupNamesInDomain
SamCreateUserInDomain
SamRemoveMultipleMembersFromAlias
SamiChangeKeys
SamQueryInformationDomain
SamQueryInformationAlias
SamOpenUser
SamSetInformationGroup
SamChangePasswordUser
SamConnectWithCreds
SamSetSecurityObject
SamShutdownSamServer
SamLookupDomainInSamServer
SamiChangePasswordUser

oledlg

OleUIBusyW
OleUIInsertObjectW
OleUIPasteSpecialW
OleUIChangeSourceW
OleUIChangeIconW
OleUIPromptUserW

Exports

Exports

AccessCompressionServer
ApplicationErase
AutomaticNtfsFramework
DirectlyChangeHandle
ExpandSmartFollow
FieldContainsFast
JscriptInstallMaster
MarkFlagBrowser
PossiblePerform
SoapFocusEnum
TakeRatherSecond

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 187KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6cdd34e3cb572bf9192a5de9d96c5e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

esent

samlib

oledlg

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 187KB - Virtual size: 190KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 187KB - Virtual size: 190KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB