b64e03294bc29c8c9f121397b5f209b41455f11078fad05b53d2b12c50d322b9

Sharing

Copy URL Twitter E-mail

General

Target

b64e03294bc29c8c9f121397b5f209b41455f11078fad05b53d2b12c50d322b9
Size

202KB
MD5

971f7930ac7c2e24ecdb3c028e5a70b8
SHA1

70177dbc5983aa479a33ce270f80efb21e6adcaf
SHA256

b64e03294bc29c8c9f121397b5f209b41455f11078fad05b53d2b12c50d322b9
SHA512

b89edf700e4104cf1790933a6a8c9bf18d27bf466e991e12747908b557739d126c71fd4401adb3529efa58d7fa43f863e921409d78403199f1d9c027dcdd51dc
SSDEEP

3072:Co3jXsJ6mQrdTKypHgWTzEQJV3so+RBBI0Ic9oZO0cUL+qSZXhf6owO/aJm+:CWsJtQrd1ldEQcHDBIXZOBQ0/FwOiJv

Score

N/A

Malware Config

Signatures

Files

b64e03294bc29c8c9f121397b5f209b41455f11078fad05b53d2b12c50d322b9
.dll windows x86

92fadfabfa997e543ea6d289f55067bb

Code Sign

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18
Certificate

Issuer

CN=t123612333

Not Before

05/02/2012, 18:21

Not After

31/12/2039, 23:59

Subject

CN=t123612333

Extended Key Usages

ExtKeyUsageCodeSigning

ca:77:14:c2:10:54:9f:93:55:01:aa:5d:14:77:de:59:4e:01:d1:92
Signer

Actual PE Digest

ca:77:14:c2:10:54:9f:93:55:01:aa:5d:14:77:de:59:4e:01:d1:92

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=t123612333

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
ExitProcess
LoadLibraryA
GetProcAddress

user32

LoadKeyboardLayoutA
LoadBitmapA

gdi32

GetStockObject

ole32

StgOpenPropStg
StringFromCLSID
UpdateDCOMSettings
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
WriteClassStg
WriteFmtUserTypeStg
StgConvertPropertyToVariant
SetConvertStg
STGMEDIUM_UserFree
SNB_UserUnmarshal
ReleaseStgMedium
RegisterDragDrop
ReadClassStm
PropVariantCopy
PropStgNameToFmtId
ProgIDFromCLSID
OpenOrCreateStream
OleSetMenuDescriptor
OleSetContainedObject
OleSaveToStream
OleRun
OleRegEnumVerbs
OleQueryLinkFromData
OleQueryCreateFromData
OleNoteObjectVisible
OleIsRunning
OleIsCurrentClipboard
OleInitializeWOW
OleGetClipboard
OleDraw
OleCreateStaticFromData
OleCreateLinkFromDataEx
OleCreateLinkEx
OleCreateLink
OleCreateFromFileEx
OleCreateFromFile
OleCreateDefaultHandler
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
OleBuildVersion
IsEqualGUID
IsAccelerator
IIDFromString
HkOleRegisterObject
HPALETTE_UserFree
HMETAFILE_UserMarshal
HMETAFILEPICT_UserFree
HICON_UserSize
HICON_UserFree
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserSize
HDC_UserMarshal
HDC_UserFree
HACCEL_UserMarshal
StgCreateDocfile
GetHookInterface
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetDocumentBitStg
GetClassFile
FmtIdToPropStgName
DoDragDrop
CreateStreamOnHGlobal
CreateStdProgressIndicator
CreatePointerMoniker
CreateOleAdviseHolder
CreateObjrefMoniker
CreateGenericComposite
CreateDataAdviseHolder
CreateAntiMoniker
CoTreatAsClass
CoTaskMemRealloc
CoTaskMemFree
CoSwitchCallContext
CoSuspendClassObjects
CoSetCancelObject
CoRevokeMallocSpy
CoRevokeClassObject
CoReleaseServerProcess
CoReleaseMarshalData
CoRegisterSurrogate
CoRegisterMessageFilter
CoReactivateObject
CoQueryAuthenticationServices
CoMarshalInterThreadInterfaceInStream
CoLockObjectExternal
CoIsOle1Class
CoInstall
CoInitializeEx
CoInitialize
CoGetTreatAsClass
CoGetStdMarshalEx
CoGetStandardMarshal
CoGetPSClsid
CoGetObjectContext
CoGetObject
CoGetMarshalSizeMax
CoGetInstanceFromIStorage
CoGetClassVersion
CoGetCancelObject
CoGetCallContext
CoFreeUnusedLibraries
CoFreeLibrary
CoFreeAllLibraries
CoFileTimeNow
CoDisableCallCancellation
CoCreateObjectInContext
CoCreateInstanceEx
CoAllowSetForegroundWindow
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
BindMoniker
StgIsStorageFile
GetRunningObjectTable
StgCreateDocfileOnILockBytes
StgOpenAsyncDocfileOnIFillLockBytes

shlwapi

UrlUnescapeW
wvnsprintfA
UrlUnescapeA
UrlIsOpaqueW
UrlIsA
UrlEscapeA
UrlCreateFromPathW
UrlCompareW
UrlCompareA
UrlCombineW
UrlCanonicalizeW
StrTrimW
StrTrimA
StrToIntW
StrToIntExA
StrToIntA
StrStrIW
StrStrIA
StrSpnW
StrSpnA
StrRetToBufA
StrRStrIW
StrRChrW
StrNCatW
StrNCatA
StrIsIntlEqualA
StrFormatKBSizeA
StrFormatByteSizeW
StrFormatByteSizeA
StrDupA
StrCpyW
StrCpyNW
StrCmpW
StrChrW
StrCSpnIA
StrCSpnA
SHStrDupA
SHSetThreadRef
SHRegSetPathW
SHRegOpenUSKeyA
SHRegGetUSValueA
SHRegGetPathW
SHRegGetBoolUSValueW
SHRegEnumUSKeyA
SHRegDeleteEmptyUSKeyW
SHRegCloseUSKey
SHQueryValueExW
SHQueryInfoKeyA
SHOpenRegStreamW
SHOpenRegStream2W
SHGetValueW
SHGetThreadRef
SHEnumValueW
SHDeleteKeyA
SHDeleteEmptyKeyA
SHCopyKeyW
SHAutoComplete
PathUnquoteSpacesW
PathUnquoteSpacesA
PathUnmakeSystemFolderW
PathUndecorateW
PathStripToRootA
PathStripPathW
PathSetDlgItemPathA
PathSearchAndQualifyA
PathRenameExtensionW
PathRenameExtensionA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathRemoveExtensionW
PathRemoveExtensionA
PathRemoveBlanksW
PathRemoveBlanksA
PathRemoveBackslashA
PathRemoveArgsW
PathRemoveArgsA
PathParseIconLocationW
PathMatchSpecW
PathMatchSpecA
PathIsURLW
PathIsUNCServerW
PathIsUNCServerA
PathIsSystemFolderA
PathIsSameRootW
PathIsPrefixW
PathIsNetworkPathW
PathIsFileSpecA
PathIsDirectoryW
PathIsDirectoryEmptyW
PathIsDirectoryA
PathFindSuffixArrayW
PathFindSuffixArrayA
PathFindOnPathW
PathCreateFromUrlA
PathCompactPathExW
PathCommonPrefixW
PathCommonPrefixA
PathCombineW
PathCombineA
PathBuildRootA
PathAppendA
PathAddBackslashA
IntlStrEqWorkerA
GetMenuPosFromID
ColorRGBToHLS
ChrCmpIW
AssocQueryStringByKeyW
AssocQueryStringA
AssocQueryKeyA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nnn
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gay4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92fadfabfa997e543ea6d289f55067bb

Code Sign

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18Certificate

Extended Key Usages

ca:77:14:c2:10:54:9f:93:55:01:aa:5d:14:77:de:59:4e:01:d1:92Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

shlwapi

Sections

.text Size: 8KB - Virtual size: 8KB

.nnn Size: 175KB - Virtual size: 175KB

.data Size: 512B - Virtual size: 276B

.gay4 Size: 1024B - Virtual size: 1000B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

0f:1d:b0:a6:2c:6d:d5:b2:47:86:46:85:24:2c:9b:18
Certificate

ca:77:14:c2:10:54:9f:93:55:01:aa:5d:14:77:de:59:4e:01:d1:92
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 8KB - Virtual size: 8KB

.nnn
Size: 175KB - Virtual size: 175KB

.data
Size: 512B - Virtual size: 276B

.gay4
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB