5610f2cff2a5352f2aea2e2d85f83d8dd8d44bc56b776a938ef4826f621adcc7

Sharing

Copy URL

Twitter E-mail

General

Target

5610f2cff2a5352f2aea2e2d85f83d8dd8d44bc56b776a938ef4826f621adcc7
Size

700KB
MD5

f361ea6f535b8b1dfbfe86aea88cc345
SHA1

43d2f136fbf4fe3918efcc246de89783158bd17b
SHA256

5610f2cff2a5352f2aea2e2d85f83d8dd8d44bc56b776a938ef4826f621adcc7
SHA512

476b50c70ef7d07a5cb77413824783bc3ae00c1df5e8bb0cd4d6482eec8087121fbaa3fe1a4f47f20422d655699493baaef14ee9b93bd091c0ac625481d0ae59
SSDEEP

12288:RqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:RqGBHTxvt+g2gYed

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5610f2cff2a5352f2aea2e2d85f83d8dd8d44bc56b776a938ef4826f621adcc7

Files

5610f2cff2a5352f2aea2e2d85f83d8dd8d44bc56b776a938ef4826f621adcc7
.dll windows:5 windows x64 arch:x64

63d9f8ed86a3001531f22a9d153584ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ole32

HICON_UserMarshal

oleaut32

VarDateFromCy

shlwapi

StrTrimW
UrlUnescapeA

kernel32

UnregisterWaitEx
CloseHandle
FindActCtxSectionStringW
EnumTimeFormatsA
SetEvent
GetNLSVersion
GetLastError

netapi32

NetShareGetInfo

mscms

AssociateColorProfileWithDeviceW

msvcrt

ldiv

wininet

GetUrlCacheEntryInfoW

gdi32

GetRegionData
CreateDiscardableBitmap
SetWindowExtEx
CreateMetaFileA
DeleteColorSpace
CopyEnhMetaFileW

rpcrt4

NdrUserMarshalUnmarshall
UuidIsNil
RpcBindingSetAuthInfoA

wintrust

CryptCATPutAttrInfo

setupapi

SetupDiSetSelectedDriverA
SetupLogErrorA

mprapi

MprAdminInterfaceTransportAdd

Exports

Exports

CreateXmlReader
CreateXmlReaderInputWithEncodingCodePage
CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlWriterOutputWithEncodingCodePage
CreateXmlWriterOutputWithEncodingName

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 339B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63d9f8ed86a3001531f22a9d153584ec

Headers

DLL Characteristics

File Characteristics

Imports

ole32

oleaut32

shlwapi

kernel32

netapi32

mscms

msvcrt

wininet

gdi32

rpcrt4

wintrust

setupapi

mprapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 524KB - Virtual size: 521KB

.data Size: 92KB - Virtual size: 91KB

.pdata Size: 4KB - Virtual size: 339B

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 7KB

Size: 4KB - Virtual size: 3KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 318B

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 524KB - Virtual size: 521KB

.data
Size: 92KB - Virtual size: 91KB

.pdata
Size: 4KB - Virtual size: 339B

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 7KB