68cf9929733e3e2c29517eaf13f0ff1876f0576c9142a58e18cefae29bca1585

Sharing

Copy URL

Twitter E-mail

General

Target

68cf9929733e3e2c29517eaf13f0ff1876f0576c9142a58e18cefae29bca1585
Size

258KB
MD5

828fcbb40326aea50c8bc11dcfdc717a
SHA1

3b887388db66f7fa4144ef6294eaac5606a05853
SHA256

68cf9929733e3e2c29517eaf13f0ff1876f0576c9142a58e18cefae29bca1585
SHA512

25ddc2bdc3376b9c2dc7302868a7bfc6286bd2779dedc5d5d5a2a9b0b604933dd70759d637077beaac27a6388446ce2834093cd73bdeb6f6485fd04614f5e6e0
SSDEEP

6144:HzUWdXWEO3CFUf0SpcSUfiUoRTQyxghlWMHf2N9Hw:QaCCFUcSYfiUoRTQy4lWMHeN2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/394ecd747f9b75d73b9d9fb0e393c754ce030e1cccf6c2544fd6eb54578cd517.dll

Files

68cf9929733e3e2c29517eaf13f0ff1876f0576c9142a58e18cefae29bca1585
.zip

Password: infected
394ecd747f9b75d73b9d9fb0e393c754ce030e1cccf6c2544fd6eb54578cd517.dll
.dll windows:6 windows x86 arch:x86

fd682837ab7d050d40b92bd4219d967f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\6\represent\93\20\Hot\Seat\66\62\quite\Give\Print\salt\5\value.pdb

Imports

kernel32

GetFileTime
CloseHandle
GetEnvironmentVariableA
GetSystemDirectoryA
GetTempPathA
GetCurrentDirectoryA
CreateFileA
MoveFileExA
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
SetFilePointer
HeapSize
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetFileSize
Sleep
DeleteCriticalSection
GetCurrentProcessId
VirtualProtectEx
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
WriteFile
OutputDebugStringW
CreateFileW

user32

ExitWindowsEx
PostMessageA
GetDoubleClickTime
EndDeferWindowPos
EmptyClipboard
GetSystemMetrics
DestroyMenu
BeginPaint
InvalidateRect
ValidateRect
MapWindowPoints
IntersectRect
InflateRect

gdi32

SetBkColor
GetClipBox
GetCharWidthA
CreateBitmap
SetTextColor

winspool.drv

DocumentPropertiesA
GetPrinterA
OpenPrinterA
DeletePrinterConnectionA
ClosePrinter
EnumPrintersA

uxtheme

DrawThemeText
CloseThemeData
OpenThemeData
GetThemeBackgroundRegion

Exports

Exports

Batlet
Poundtown
Spellorder
Thankfamily
Usewill

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

fd682837ab7d050d40b92bd4219d967f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

uxtheme

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 126KB - Virtual size: 125KB

.data Size: 6KB - Virtual size: 62KB

.gfids Size: 512B - Virtual size: 400B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 126KB - Virtual size: 125KB

.data
Size: 6KB - Virtual size: 62KB

.gfids
Size: 512B - Virtual size: 400B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB