11987615ef35f9cf439a91af9a02c8beb866e1e390bee7fdd707bf45234297ce

Sharing

Copy URL

Twitter E-mail

General

Target

11987615ef35f9cf439a91af9a02c8beb866e1e390bee7fdd707bf45234297ce
Size

721KB
MD5

ea3e32ebc444b06c06186cb3bee2bb53
SHA1

662db9218c9dc515de728ea8cb363a4efe7b5634
SHA256

11987615ef35f9cf439a91af9a02c8beb866e1e390bee7fdd707bf45234297ce
SHA512

670a0affd92ea5f9609c1e1d951e1f681bfe391fffc225e003c995548213a7fdb48022ffc89cf8b19a27f5e7362325846909584c16b6fd8efc5829ea598f6f69
SSDEEP

12288:JPE6qoIE7luZsH2NFbdkHIdi8WD+y+5+y4Bd22+:lJqothueWNv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11987615ef35f9cf439a91af9a02c8beb866e1e390bee7fdd707bf45234297ce

Files

11987615ef35f9cf439a91af9a02c8beb866e1e390bee7fdd707bf45234297ce
.dll windows:4 windows x86 arch:x86

f9dc29b63bcfa7c1b6e6a64405977eea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Imports

advapi32

GetUserNameW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW

kernel32

CloseHandle
CompareFileTime
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateSemaphoreW
CreateThread
DelayLoadFailureHook
DeleteCriticalSection
DeleteFileW
DosDateTimeToFileTime
EnterCriticalSection
FileTimeToDosDateTime
FileTimeToSystemTime
FreeLibrary
FreeLibraryAndExitThread
GetComputerNameExA
GetDateFormatA
GetDiskFreeSpaceExA
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetLocalTime
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetShortPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetTimeFormatA
GlobalAlloc
HeapAlloc
HeapReAlloc
IdnToAscii
IdnToUnicode
InitOnceExecuteOnce
InitializeCriticalSectionEx
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
LeaveCriticalSection
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingW
QueueUserWorkItem
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
ResolveDelayLoadedAPI
RtlUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetThreadDescription
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
WriteFile

mpr

WNetCachePassword
WNetGetCachedPassword

ntdll

NtQuerySystemTime
_vsnprintf

shell32

SHFileOperationW
SHGetSpecialFolderPathW

shlwapi

PathCreateFromUrlW
PathMatchSpecW
StrStrIA
StrToInt64ExW
UrlCanonicalizeA
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlEscapeW

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_assert
_errno
_gmtime32
_ltow
_mktime32
_strdup
_stricmp
_time32
_wcsdup
_wcsicmp
_wcsnicmp
_wgetenv
atoi
atol
calloc
free
fwrite
getenv
iswalnum
iswalpha
iswspace
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
rand
realloc
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strnlen
strtok
system
towlower
wcschr
wcscmp
wcslen
wcsncmp
wcsnlen
wcsrchr
wcsstr
wcstol
wcstoul

user32

CharLowerW
DialogBoxParamW
EndDialog
GetDlgItem
GetWindowLongW
GetWindowTextW
LoadStringA
LoadStringW
SendMessageW
SetWindowLongW
SetWindowTextW
wsprintfW

ws2_32

accept
bind
closesocket
connect
getsockname
getsockopt
htons
ioctlsocket
listen
recv
select
send
setsockopt
socket
WSAGetLastError
WSAStartup
WSACleanup
FreeAddrInfoW
GetAddrInfoW
freeaddrinfo
getaddrinfo
getnameinfo
inet_ntop

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDebugGetLocalTime
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenServerPushParse
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetServerPushParse
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 256B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 4KB - Virtual size: 694B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 4KB - Virtual size: 879B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 4KB - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 4KB - Virtual size: 750B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/107
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9dc29b63bcfa7c1b6e6a64405977eea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

mpr

ntdll

shell32

shlwapi

ucrtbase

user32

ws2_32

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 286KB

.data Size: 4KB - Virtual size: 900B

.rodata Size: 4KB - Virtual size: 2KB

.rdata Size: 44KB - Virtual size: 42KB

.buildid Size: 4KB - Virtual size: 53B

/4 Size: 40KB - Virtual size: 36KB

.bss Size: - Virtual size: 256B

.edata Size: 8KB - Virtual size: 7KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 132KB - Virtual size: 128KB

.reloc Size: 16KB - Virtual size: 15KB

/14 Size: 4KB - Virtual size: 96B

/29 Size: 4KB - Virtual size: 2KB

/41 Size: 4KB - Virtual size: 694B

/55 Size: 4KB - Virtual size: 879B

/67 Size: 4KB - Virtual size: 56B

/80 Size: 4KB - Virtual size: 161B

/91 Size: 4KB - Virtual size: 750B

/107 Size: 4KB - Virtual size: 1KB

/123 Size: 4KB - Virtual size: 64B

.text
Size: 288KB - Virtual size: 286KB

.data
Size: 4KB - Virtual size: 900B

.rodata
Size: 4KB - Virtual size: 2KB

.rdata
Size: 44KB - Virtual size: 42KB

.buildid
Size: 4KB - Virtual size: 53B

/4
Size: 40KB - Virtual size: 36KB

.bss
Size: - Virtual size: 256B

.edata
Size: 8KB - Virtual size: 7KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 132KB - Virtual size: 128KB

.reloc
Size: 16KB - Virtual size: 15KB

/14
Size: 4KB - Virtual size: 96B

/29
Size: 4KB - Virtual size: 2KB

/41
Size: 4KB - Virtual size: 694B

/55
Size: 4KB - Virtual size: 879B

/67
Size: 4KB - Virtual size: 56B

/80
Size: 4KB - Virtual size: 161B

/91
Size: 4KB - Virtual size: 750B

/107
Size: 4KB - Virtual size: 1KB

/123
Size: 4KB - Virtual size: 64B