6644bc0bd833cb22637b5d141bf7063dcd77d28f3885450a751de34ed3774b15

Sharing

Copy URL

Twitter E-mail

General

Target

6644bc0bd833cb22637b5d141bf7063dcd77d28f3885450a751de34ed3774b15
Size

758KB
MD5

a54e4fefa0577655b345a4656fc6d66f
SHA1

850164ecffbe8e0c9362976d91a31e3747201609
SHA256

6644bc0bd833cb22637b5d141bf7063dcd77d28f3885450a751de34ed3774b15
SHA512

d6da9fd74ea70af2acff96639169775074d82d91a745b6553a0b4e12ecacc7f93a9b7c440fc922cd70ac36abb592a94c081ca2586375480292468111e051a051
SSDEEP

12288:lBseOTwOg957PAMTEFv49thrFcmxLFwD7wGcXbtzbEOpUDlBxawsoei4:keOTwOUPnTC49LJxJwaCOpUD7Ioei4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6644bc0bd833cb22637b5d141bf7063dcd77d28f3885450a751de34ed3774b15

Files

6644bc0bd833cb22637b5d141bf7063dcd77d28f3885450a751de34ed3774b15
.dll regsvr32 windows:6 windows x86 arch:x86

36d18f8cb3bee16af0421e6a936157a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

mciSendCommandW
joyGetNumDevs
joyGetPosEx
timeGetTime
waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutReset
waveOutWrite
waveOutClose
timeEndPeriod
timeBeginPeriod
joyGetDevCapsW

wsock32

socket
gethostbyname
bind
sendto
setsockopt
ntohs
htons
WSAGetLastError
select
ioctlsocket
recvfrom
WSAStartup
inet_ntoa
closesocket

kernel32

RaiseException
SetEnvironmentVariableW
SetEndOfFile
CreateFileW
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentDirectoryW
CreateDirectoryW
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
DeleteFileW
WriteConsoleInputW
MapViewOfFile
UnmapViewOfFile
SetConsoleScreenBufferSize
SetEvent
GetLargestConsoleWindowSize
GetStdHandle
GetConsoleScreenBufferInfo
CreateEventW
SetConsoleWindowInfo
WaitForMultipleObjects
CloseHandle
ReadConsoleOutputCharacterW
VirtualFree
GetLastError
VirtualAlloc
FreeLibrary
GlobalLock
GlobalAlloc
LoadLibraryW
GlobalUnlock
GetProcAddress
GlobalFree
ExitProcess
GetNativeSystemInfo
GetDriveTypeW
AllocConsole
GetNumberOfConsoleInputEvents
SetErrorMode
HeapAlloc
GlobalSize
HeapFree
GetProcessHeap
IsBadReadPtr
WriteFile
Sleep
FreeConsole
GetVersionExW
SetLastError
LoadLibraryA
VirtualProtect
ReadConsoleInputW
OutputDebugStringW
GetModuleFileNameW
FlushFileBuffers
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
MoveFileExW
GetConsoleCP
DeleteCriticalSection
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadConsoleW
GetConsoleMode
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
AreFileApisANSI
MultiByteToWideChar
ReadFile
RtlUnwind
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
GetFullPathNameA
HeapReAlloc
GetModuleHandleExW
WideCharToMultiByte
GetCommandLineA
EnterCriticalSection

user32

RegisterWindowMessageW
GetWindowLongW
SetWindowLongW
AdjustWindowRect
UnregisterHotKey
RegisterHotKey
DefWindowProcW
MoveWindow
CloseClipboard
GetMessageW
SetForegroundWindow
TranslateMessage
MessageBoxA
GetClipboardData
PeekMessageW
ShowWindow
OpenClipboard
DispatchMessageW
MessageBoxW
GetWindowRect
SetCapture
ShowCursor
SetCursorPos
SystemParametersInfoW
GetCursorPos
ClipCursor
GetSystemMetrics
ReleaseCapture

Exports

Exports

DllRegisterServer

Sections

.text
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36d18f8cb3bee16af0421e6a936157a8

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wsock32

kernel32

user32

Exports

Exports

Sections

.text Size: 465KB - Virtual size: 465KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 56KB - Virtual size: 7.2MB

.rsrc Size: 136KB - Virtual size: 136KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 465KB - Virtual size: 465KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 56KB - Virtual size: 7.2MB

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 36KB - Virtual size: 36KB