620aa97e7d4b88388c7c104d9c60882a9e514dc0af98000b715916c09be0f229

Sharing

Copy URL Twitter E-mail

General

Target

620aa97e7d4b88388c7c104d9c60882a9e514dc0af98000b715916c09be0f229
Size

692KB
MD5

aa8f79946587589ac091ceff8f15652b
SHA1

4e658cf9fba3cf59488043bede9df89565f89601
SHA256

620aa97e7d4b88388c7c104d9c60882a9e514dc0af98000b715916c09be0f229
SHA512

0453ad1ed5f8728875d44900b1e27ebbe241e6a3ed1a7bf654388c7a4143345c1e39a244d8ebb3899f244d3c95006e866aceac015d01bc8c56d3539e4c159c2b
SSDEEP

12288:TrCcuieNbVTB4/5N7mXcIqQobTkHIPS8WOEF3y++TNR6deg:TrCcuieNpTB4BJ8hqXR6deg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
620aa97e7d4b88388c7c104d9c60882a9e514dc0af98000b715916c09be0f229

Files

620aa97e7d4b88388c7c104d9c60882a9e514dc0af98000b715916c09be0f229
.dll windows:4 windows x64 arch:x64

4266c67bdf3ce1227b7059b08a44cf26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Imports

advapi32

GetUserNameW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW

kernel32

CloseHandle
CompareFileTime
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateSemaphoreW
CreateThread
DelayLoadFailureHook
DeleteCriticalSection
DeleteFileW
DosDateTimeToFileTime
EnterCriticalSection
FileTimeToDosDateTime
FileTimeToSystemTime
FreeLibrary
FreeLibraryAndExitThread
GetComputerNameExA
GetDateFormatA
GetDiskFreeSpaceExA
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetLocalTime
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetShortPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetTimeFormatA
GlobalAlloc
HeapAlloc
HeapReAlloc
IdnToAscii
IdnToUnicode
InitOnceExecuteOnce
InitializeCriticalSectionEx
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
LeaveCriticalSection
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingW
QueueUserWorkItem
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
ResolveDelayLoadedAPI
RtlUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetThreadDescription
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
WriteFile

mpr

WNetCachePassword
WNetGetCachedPassword

ntdll

NtQuerySystemTime
_vsnprintf

shell32

SHFileOperationW
SHGetSpecialFolderPathW

shlwapi

PathCreateFromUrlW
PathMatchSpecW
StrStrIA
StrToInt64ExW
UrlCanonicalizeA
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlEscapeW

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_assert
_errno
_gmtime64
_ltow
_mktime64
_strdup
_stricmp
_time64
_wcsdup
_wcsicmp
_wcsnicmp
_wgetenv
atoi
atol
calloc
free
fwrite
getenv
iswalnum
iswalpha
iswspace
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
rand
realloc
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strnlen
strtok
system
towlower
wcschr
wcscmp
wcslen
wcsncmp
wcsnlen
wcsrchr
wcsstr
wcstol
wcstoul

user32

CharLowerW
DialogBoxParamW
EndDialog
GetDlgItem
GetWindowLongPtrW
GetWindowTextW
LoadStringA
LoadStringW
SendMessageW
SetWindowLongPtrW
SetWindowTextW
wsprintfW

ws2_32

accept
bind
closesocket
connect
getsockname
getsockopt
htons
ioctlsocket
listen
recv
select
send
setsockopt
socket
WSAGetLastError
WSAStartup
WSACleanup
FreeAddrInfoW
GetAddrInfoW
freeaddrinfo
getaddrinfo
getnameinfo
inet_ntop

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDebugGetLocalTime
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenServerPushParse
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetServerPushParse
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 576B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 4KB - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 4KB - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4266c67bdf3ce1227b7059b08a44cf26

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

mpr

ntdll

shell32

shlwapi

ucrtbase

user32

ws2_32

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 281KB

.data Size: 4KB - Virtual size: 1KB

.rodata Size: 4KB - Virtual size: 2KB

.rdata Size: 48KB - Virtual size: 46KB

.buildid Size: 4KB - Virtual size: 53B

/4 Size: 4KB - Virtual size: 864B

.pdata Size: 12KB - Virtual size: 9KB

.xdata Size: 12KB - Virtual size: 9KB

.bss Size: - Virtual size: 576B

.edata Size: 8KB - Virtual size: 7KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 132KB - Virtual size: 128KB

.reloc Size: 4KB - Virtual size: 752B

/14 Size: 4KB - Virtual size: 48B

/29 Size: 4KB - Virtual size: 40B

/41 Size: 4KB - Virtual size: 20B

/55 Size: 4KB - Virtual size: 92B

/67 Size: 4KB - Virtual size: 165B

/78 Size: 4KB - Virtual size: 162B

.text
Size: 284KB - Virtual size: 281KB

.data
Size: 4KB - Virtual size: 1KB

.rodata
Size: 4KB - Virtual size: 2KB

.rdata
Size: 48KB - Virtual size: 46KB

.buildid
Size: 4KB - Virtual size: 53B

/4
Size: 4KB - Virtual size: 864B

.pdata
Size: 12KB - Virtual size: 9KB

.xdata
Size: 12KB - Virtual size: 9KB

.bss
Size: - Virtual size: 576B

.edata
Size: 8KB - Virtual size: 7KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 132KB - Virtual size: 128KB

.reloc
Size: 4KB - Virtual size: 752B

/14
Size: 4KB - Virtual size: 48B

/29
Size: 4KB - Virtual size: 40B

/41
Size: 4KB - Virtual size: 20B

/55
Size: 4KB - Virtual size: 92B

/67
Size: 4KB - Virtual size: 165B

/78
Size: 4KB - Virtual size: 162B