2213e21afcd5c97713e87be3c09a59353bbe45d7416c679fef8284c3cae030ec

Sharing

Copy URL Twitter E-mail

General

Target

2213e21afcd5c97713e87be3c09a59353bbe45d7416c679fef8284c3cae030ec
Size

1.1MB
MD5

d1d3e5eb5e4df97b4fd9b832f2160251
SHA1

96a0cec6586ae3a8e2f97ef4b3b871b7445d9ddb
SHA256

2213e21afcd5c97713e87be3c09a59353bbe45d7416c679fef8284c3cae030ec
SHA512

3333abea9180c88b9549cc7eddb5b67dc566d2f03da89348af9ad4a8c1cff3f0a0ba65b23cbd9c5f54e090db085f26440c2ad52f7ab1ecbb4ef0f94d76ed3fd2
SSDEEP

24576:RmRwraWzJr3THzIUW1aXBfCy3UcH87CCRPr5VEikDM8Vi:RmRwraqLTHUUWcXNPVH87CGX7ko8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2213e21afcd5c97713e87be3c09a59353bbe45d7416c679fef8284c3cae030ec

Files

2213e21afcd5c97713e87be3c09a59353bbe45d7416c679fef8284c3cae030ec
.dll windows:0 windows x64 arch:x64

3826da5a693d4cac6606e1f3214f8b86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

FindTextW

gdi32

AnimatePalette
CloseEnhMetaFile
EngStrokePath
FrameRgn
GdiEntry6
GdiGetDevmodeForPage
GdiTransparentBlt
GetBkMode
GetBrushOrgEx
GetTextExtentExPointI
LineDDA
PolyTextOutA
SetBkColor
SetTextJustification

kernel32

CheckElevationEnabled
CloseThreadpoolTimer
CreateEventW
CreateFileTransactedW
CreateSymbolicLinkA
DeviceIoControl
EnumDateFormatsExW
FlushFileBuffers
GetGeoInfoW
GetProcAddress
GetTickCount
GetVDMCurrentDirectories
GlobalAlloc
GlobalReAlloc
InterlockedPushListSList
IsProcessInJob
LoadLibraryA
QueryFullProcessImageNameW
ReadDirectoryChangesW
SetConsoleWindowInfo
SetProcessAffinityUpdateMode
SetStdHandle
SetSystemPowerState

msvcrt

clock
fgetpos
free
gets
isprint
isupper
malloc
memcpy
memset
remove
strxfrm

ole32

CoFreeAllLibraries
CoRegisterMessageFilter
CoRegisterSurrogate
CreateBindCtx
HICON_UserUnmarshal
HRGN_UserFree
STGMEDIUM_UserFree

user32

ArrangeIconicWindows
CopyImage
CreateDialogParamA
DrawCaptionTempW
GetClipboardOwner
GetKeyboardLayoutList
GetMenuStringA
GetTouchInputInfo
InvertRect
PostMessageA
ReleaseDC
ScrollDC
SetPropW

Exports

Exports

Cuchulain_spear
Donne_strafes_pitching
Hohenzollern_pegs
discontents_prune
emigrate_dentifrices_renewing
enchantress_muteness_propitiated
fallibly_restates_reconfiguration
shtikTombaugh
sifters_indestructible_blips
signets_showiness

Sections

.text
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 391B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3826da5a693d4cac6606e1f3214f8b86

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

gdi32

kernel32

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 660KB - Virtual size: 660KB

.data Size: 145KB - Virtual size: 145KB

.rdata Size: 324KB - Virtual size: 324KB

.edata Size: 512B - Virtual size: 391B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 660KB - Virtual size: 660KB

.data
Size: 145KB - Virtual size: 145KB

.rdata
Size: 324KB - Virtual size: 324KB

.edata
Size: 512B - Virtual size: 391B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB