b2154e9d94609338b2e03728092d243dac6ce22ec25dcd3db2ddcd38eb7c8fc7

Sharing

Copy URL

Twitter E-mail

General

Target

b2154e9d94609338b2e03728092d243dac6ce22ec25dcd3db2ddcd38eb7c8fc7
Size

397KB
MD5

2b701a9649d36bad11ccdd321c41417b
SHA1

5c19d67ff149501c7314b77addbccfdbb6c06d71
SHA256

b2154e9d94609338b2e03728092d243dac6ce22ec25dcd3db2ddcd38eb7c8fc7
SHA512

7e2aaa0a9697516ec7e24bc184e04705ba3663cc93123873943b332e97a7c085c66a8743fc8ead8ba5766e7fb68a06da62a7bdb9b6b7d78745908639e04b55f7
SSDEEP

12288:D62S2gt6ILBOnzgQQYNTjPZL6xvrmHHWnd:D6x6IFc/PhL6xTeHO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/5125c3f4c2e977c3a1c50259d5726c10f552e4afb8355eaa0919929800969f07

Files

b2154e9d94609338b2e03728092d243dac6ce22ec25dcd3db2ddcd38eb7c8fc7
.zip
5125c3f4c2e977c3a1c50259d5726c10f552e4afb8355eaa0919929800969f07
.dll regsvr32 windows:6 windows x64 arch:x64

9c5cf646bc6102d0a87546fcc9be1298

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
WriteConsoleW
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleExW
GetModuleFileNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
CreateFileW
ReadConsoleW
HeapSize

ole32

CoLoadLibrary

Exports

Exports

ADXTOpJMSjuRwxcuksmzi
ADjnkFtWxhdHgmsJqPQET
APHXfqSCeK
AikatooD
AsHXQwWhLF
BAQHBoHshwPXIBgxfRt
BPaVYYXxYzqAumZeMkFJIDsRsb
BblennjQgbVTAD
BhtSAYlmVbOzKpcrDPMMDK
COsSPHnCgwrtMKroVU
CPnXbEj
CPoQinjZOixXMaUSfhfc
DHZVMrYfjQpTb
DLYUEmDcJdYmbFijN
DRdOLHawduQpBElgQQAy
DhGgKPIouGCZeGLB
DllRegisterServer
DpCSeQxhBWOqcLLdAcekR
DqhayeVTxkUkazoD
ETqooeVAyzISKJvOd
FCseLqHRulECZZmXghTlfbI
FGgfQikJB
FOHwCZpsYOY
FWnnIKvrOmfpBkQcxZJFJose
FgLMAJhvm
FrgWxkoerZ
FuYsGflElaFGRhANYxsYvNvwj
GASLVbBI
GTWLlbyBBCHqJivRbN
GXPcKjevwJZAbrEG
GYTNVuotixihh
GbNmWwWYQ
GdXuxc
GdoZNrCkgFAXO
GlyPTKlBzdbNEHNSrvImlmtkxN
GomZPINrdGMrvUKkqs
GwZdPAPGCxiFNuLQGNJtMF
HFzIYkbPOjoxRTTeWvVkgtcF
HHNRTXIBgSZQ
HJwTVGwDNZAemtyaKaD
HLeMaWjBefWbesLDSfooJ
HcLWwFmHWwrQAf
HstPofrxDfYCf
HwThzHtWhja
IGKxgXlkdIgblzc
IGVdsRMcrbSYPgjqZyLy
IjDzZnXeqHTS
IwfTRTdGlqP
JFiYdDtBWGjE
JINgJeIjWMlnXrIGEhPOGg
JLUtHLOmZFFBAQxeLDmKI
JNRPzfyyLokNsJBUH
JSiOlsAaLZNHomSGOuhPlggEh
JSxsuYfEKprnSUlKlcQmFJO
JYgLrjstsnF
JZQaoxy
JaCQYjQP
JegDBKpLbtnsoSlrwootmniSKZ
JlLBVNjzCADuOgYGajKMR
JqeswwnDCvVzpNutrMY
JyQGGAJHuICHyfZ
KNGYlUOVjKJuPR
KbgwFNFpFClrfsWHLcClBiZF
KqPWLieaxFiotBVkkwEUNDcCKV
LIaBDoEddbEH
LJcCrnQKoAICjLJTuQGBTovbxy
LdWDTxjcoxoSOXEl
MAQbuAhsulqGx
MBxnTgeUCAA
MIOpfIbEvgRfiJctTyGh
MPpBldKFs
MQoLfdmlKjjFzoOFECXsrxu
MSsRPxyTlM
MVmDOJ
McMWdJqgkKvaZN
NUpjzFACWLTIdtP
NXonycLxGrjV
NYqGzBnLvFBvB
NmWGPSMDcK
NshyWXHhdYesOvG
ONKRrQWzZYUjzSMhMnAEQO
OaSUAYtjFPkgLkobyzMl
OayPmPbJGWSUexpwPdfAAf
OircqXHIycjIX
OoUszvppyIHjcykGNznFDvXou
OrzzdYBLTnndy
OzqudGmExR
PRLxsIXysvN
PZLqxqgUNxZqUoqE
PZffoijeAZqV
PllcvR
PmWDUhf
PnNxFvewmcVHh
PpsKMWxlolyGTStQ
PqCWqUaCVxUMh
PqsvOuTVfbLVUoyAIgGnqEjV
QPToIl
QnimQsCBkniy
QoncSLhvAMpXtCvYTWY
RCmbSOuVrsjLRcvWOUXNy
RDDmpbEYQ
RJgVmFYoTZnFNFRVCx
RKtcRO
RWlZcqMLCKbOweVQDrQSJd
RayLPxW
SBcAnEKuRunfIXa
SHHHhPtUcoreSuGIe
SNatNMePa
SPPyyHb
ShpgnVcEnOTREmx
SkJpKfabMnbktuhh
SmzsbAglNENlSQaTPZp
StrKkdnifPYY
SxYBilByGbaRbXrLAURaQBTI
TCIzLXlQbvDOx
TCNIRETvDYqIXN
URJGeaPpU
VEYqbWNvFi
VPgfKvqYjKRLLPvSGue
VQaUgJaWAKxnIFielImlvza
VUxRTGgZtdyXmbnXtkTO
VkFzeSGhpv
VmjqUSRaBqcL
VujaOc
WvFuCNleJlguCxcFGahBRHdiGQ
XGUpohIGEfVwvgf
XXwytfUtxtRAyQBnngf
XbSOdIHXmdQycPHpIaJc
XkkJaIEOowYzNixc
XsDkLSaBcXNhA
YQbvAWJyGLG
YWLCNhcRGMMArDMfsbUFAQ
YiiMwrVGDOcGqMuXeXzog
YikORHg
YkTsmbd
ZBbjMNza
ZCPwfaHeaPQvDTtyiHGRIaEt
ZNPBpuQrLwyrjMrwPcTvhm
ZzWkjTiPWcMfmz
aEjHUxfmrelTvyAfqcNm
aZyhMeii
ajJWSbuLqKZeGCEoN
antHkWU
atEOqSgVHUX
ayTrvMJhhGwBPGRjhuDPBCjBR
brbfKBVKVtAcgB
cGEwyzHJjmMSqFaiIdN
cKzkBiFS
cQniulkaNFUjwIgYGGSshqV
ccEZZoSIsqVczbEwGJaTYIidz
clpPeeFVTHlVVXo
cmSvfaZvhORWpbh
cwlMeyawIF
dgHUNxBLv
djJvOdCvj
dtAKQj
eCfuCfmj
eRllpqrHOdWObXaXMZAOSilMW
ehOLmuUmSgSNupbaPAJDkhYF
erIDZsn
euuDWQqVyOkCwNvvWBUMNU
eyJzam
fVOJQZie
fnnsDQQFOKNQRgVSmnLVAy
frwwozNydAAuswOYHfnX
gADdRakdQk
gKScGvUb
gPqaEGYHlnZB
hNFDWsNEdUJLgSLLdHsN
hPVAnH
hTyvvkRqtTHKvbCqAwYAPO
hgsxwqFyjoJOUMhlqfuo
hziRaX
iEfHojgJfz
ifxuuqZXRqQtfVHzXz
jNxGheFRyizJhMZftY
jYlLoSBKjchBCYlavhiOICCj
jjNosKmANZpDJHmyvSMv
jyTgpLXnAtMAIC
kHJhGHqXCyZjgEBuegdzCvXnRu
kRPRXK
kWXwmUJtmqdwFhOTeyQa
kaJyKNuSfG
kkOHFQNsJVvRDfpyKPzXeBBf
kyHVuSquAxhjXPaZz
lCKaAgYAOPN
lNFhheLP
lPSsPmKuHuQntmqqxpP
lTlhwdNT
laDptPBY
mWyJiaIlv
mYvHmSGHLuivcfDn
mazGgIQSavDrn
mfHJxcXIB
mfzGgz
mkXaANkyxJbYhUylRrK
nDxlirCkcqPnTzwIeeXEbMSJor
ngTshhmjVukcJdpuBmqmAvEcj
oCUWiAWtoaiTo
oSEHFi
odeFXW
okObyQXzZJ
omqOcloRUmg
pELirKkAVxZlyTybBlOZd
pGhwKLCjIfnV
pluhDUqPeTgasYWidzRHcev
psUIXrwDesfDMyLZOYv
pwBjVleLzrsBJt
pyfYwINCBeyoEpryYyDtNTSBhU
qZCtvgY
qsRlzamxjH
qxINKoBvidcFNQNkt
rHRAgYBwu
rKonkSszSliw
rPOTwCthGApDkT
rPlrVttbeOFdvRAeCKnvgsG
riZNemrxyyOrygk
rqWVjsBONZqmyagZTzxlbnv
rzxndBOIwzzXylfinfjfqZHkUV
sKWkUbbosBCcCntDStyfQdND
sdRUWzYnFnDLqnc
shsfvDZi
spPrQsvuGQnuqnKkuf
stLCyTmWpocOoHqd
tWoBvkhVjYbWcOrffZ
tXvHVJw
tZVXfUyKyzCQbpzRAGQcxdpn
tuXUZxmsJcslUuLWhyfPp
tyXFaGfYQfOokTTTA
uRibEyUqxzdRRfOIZOa
uUoFzDTZSwVlBbKlfTihDoU
vHrxlkTAhEM
vMcwEWvevlnyo
vbvYWLCFHCBsgxYlkxfc
vnpLRVBK
vpIWHGOWXVPxl
wAOdWTHw
wIohkhPrJcqRDEmmcmFgZkp
wKjeWJWWWUmKQfejp
wLidRNVIVsIDHMfEPYbf
wPmXLOsSsdqkgWrIdJ
wQdSAViAdnu
wTwNmtfxFNCGCMmAAJqKVeq
wwuVbCyAcVCKnS
xESaVnQCeQKuXySjqnkcFR
xWQHWfWZswgXRcduJtZIYc
xlkuDEsSXeLvzu
xxQMVBrKWeqrPXtwGprrXqcQ
yHkztDPImVxpne
yvIyZwBtyoOyKkkZwfz
zyqSrKYYDHQMNIdzRPCDC

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gxfg
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c5cf646bc6102d0a87546fcc9be1298

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 375KB - Virtual size: 375KB

.rdata Size: 449KB - Virtual size: 448KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 10KB

.gfids Size: 1024B - Virtual size: 780B

.tls Size: 512B - Virtual size: 9B

.gxfg Size: 8KB - Virtual size: 8KB

.gehcont Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 375KB - Virtual size: 375KB

.rdata
Size: 449KB - Virtual size: 448KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 10KB

.gfids
Size: 1024B - Virtual size: 780B

.tls
Size: 512B - Virtual size: 9B

.gxfg
Size: 8KB - Virtual size: 8KB

.gehcont
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 3KB