04d6963ab02c1f483cb9ff7af68c15456740099de5dd84dc68a77e9511772129

Sharing

Copy URL

Twitter E-mail

General

Target

04d6963ab02c1f483cb9ff7af68c15456740099de5dd84dc68a77e9511772129
Size

761KB
MD5

daacc7852627bd0e71b8e3d2a4a6543b
SHA1

f47462d2b9d2b375684f98f011e399c25fe2e7dd
SHA256

04d6963ab02c1f483cb9ff7af68c15456740099de5dd84dc68a77e9511772129
SHA512

4c6fe5679e123443c3ec19094683ba834dbec0515b56bcde43c33d423db2684b108d6f9c457c9c10daa4765054c7d8bdc163b59a2c75464c42d7bcb6a18b2cd8
SSDEEP

12288:JauX9Io7goxCqOJC0g+j4gBoB3KD/KZExnbCZwcSeVX6OF+XN15xJgiC42D6r3ec:Jah7oYJRrLDSZExnbCvSyF+XW/6T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04d6963ab02c1f483cb9ff7af68c15456740099de5dd84dc68a77e9511772129

Files

04d6963ab02c1f483cb9ff7af68c15456740099de5dd84dc68a77e9511772129
.dll windows:5 windows x86 arch:x86

dd50bfe1d76af88ffd91fcba2cc8012f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Surface\Get\Say\led\led\seebrown.pdb

Imports

kernel32

GetModuleFileNameA
VirtualProtect
GetCurrentDirectoryA
GetFileTime
DeleteCriticalSection
CloseHandle
GetCurrentProcessId
GetTempPathA
OpenMutexA
CompareStringW
WriteConsoleW
HeapSize
RtlUnwind
GetLocalTime
SetFileAttributesA
ReadFile
CreateProcessA
SetFilePointer
lstrcmpA
GetFileSize
CreateFileA
HeapAlloc
GetTimeFormatW
GetDateFormatW
GetSystemTimeAsFileTime
GetLastError
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
WideCharToMultiByte
GetTimeZoneInformation
GetFileType
CreateFileW
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
Sleep
MultiByteToWideChar
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
RaiseException
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
LoadLibraryW
LCMapStringW
GetStringTypeW
HeapReAlloc
IsProcessorFeaturePresent
SetEnvironmentVariableA

shlwapi

PathFindFileNameA
SHRegCreateUSKeyA
SHRegWriteUSValueA
PathQuoteSpacesA
SHDeleteKeyA
SHRegCloseUSKey
PathFindExtensionA

comctl32

ImageList_Add
ord17
ImageList_Destroy
ImageList_SetOverlayImage
DestroyPropertySheetPage
ord6
PropertySheetA
CreateToolbarEx

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd50bfe1d76af88ffd91fcba2cc8012f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

comctl32

Sections

.text Size: 175KB - Virtual size: 175KB

.rdata Size: 484KB - Virtual size: 484KB

.data Size: 68KB - Virtual size: 9.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 175KB - Virtual size: 175KB

.rdata
Size: 484KB - Virtual size: 484KB

.data
Size: 68KB - Virtual size: 9.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 29KB