228ddb826895c7bed5eee6d9f09b1c529022314725b73b0031c0305aa4fef537

Sharing

Copy URL Twitter E-mail

General

Target

228ddb826895c7bed5eee6d9f09b1c529022314725b73b0031c0305aa4fef537
Size

2.7MB
MD5

f3e4d5498812f9bf8737b4d3c7c49a72
SHA1

1a37761b3630aaf0ee38bee1bf426b0e6296abf4
SHA256

228ddb826895c7bed5eee6d9f09b1c529022314725b73b0031c0305aa4fef537
SHA512

58592f389fcfff435033becb1443d69e48bd28619b26065a3953f91834ca3ebe0c9be817a28f0a2ce671e5739bcccfdb2b4ca516aa565eb4afcb391780ab8580
SSDEEP

49152:4/cRfbuIgIhVXVCRA2WyfoGxxmZHk9PlLik/SiQtuMT1THagnE:40duj4XVn8oGuZHk9Pl2k/SiQRVHJE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
228ddb826895c7bed5eee6d9f09b1c529022314725b73b0031c0305aa4fef537

Files

228ddb826895c7bed5eee6d9f09b1c529022314725b73b0031c0305aa4fef537
.dll regsvr32 windows x86

e14beeb8a883a6cc7661d54d8222cc1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
FindResourceW
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
FreeLibrary
EncodePointer
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetVersionExW
SetLastError
GetCurrentThreadId
Process32NextW
Process32FirstW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetProcAddress
FindNextFileA
FindFirstFileExA
FindClose
WaitForSingleObjectEx
ReadConsoleW
SetEndOfFile
SetStdHandle
CreateToolhelp32Snapshot
WritePrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
CloseHandle
GetCurrentProcess
OpenProcess
GlobalMemoryStatusEx
WideCharToMultiByte
SetThreadLocale
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ExitProcess
WriteConsoleW
GetModuleFileNameA
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
VirtualQuery
VirtualProtect
HeapAlloc
HeapDestroy
GetSystemInfo
InterlockedFlushSList
RtlUnwind
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
LockResource
IsValidCodePage
DecodePointer
FreeResource
Sleep
InterlockedCompareExchange
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetCurrentProcessId
DeleteFileW
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InterlockedExchangeAdd
WriteFile
ReadFile
FlushFileBuffers
CreateFileW

user32

SetWindowLongW
GetWindowLongW
OffsetRect
GetParent
LoadCursorW
ScreenToClient
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
wsprintfW
UnionRect
EqualRect
PtInRect
SetCursor
DrawFocusRect
GetAsyncKeyState
ShowWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
SendMessageTimeoutW
SendMessageW
GetWindowThreadProcessId
GetShellWindow
SendNotifyMessageW
RegisterWindowMessageW
CharNextW
IsWindow
PostMessageW
UnregisterClassW
CopyRect

gdi32

DeleteDC
GetObjectW
CreateDIBSection
SelectObject
SaveDC
RestoreDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontW
EnumFontFamiliesW
SetViewportOrgEx
RectVisible
OffsetViewportOrgEx

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ord165
ShellExecuteW
ShellExecuteExW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

UnRegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
GetErrorInfo
SysFreeString
SysAllocString
SysStringLen
RegisterTypeLi

shlwapi

PathFileExistsW
PathRemoveFileSpecW
AssocQueryStringW
SHGetValueA
StrStrIW
PathCombineW
SHGetValueW
StrCmpIW
StrCmpNIW
StrTrimA
PathAppendW
StrStrIA
SHSetValueA

comctl32

_TrackMouseEvent

gdiplus

GdiplusStartup
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteBrush
GdipDrawString
GdipGetImageWidth
GdipGetImageHeight
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipFillRectangleI
GdipDrawImageRectRect
GdipDrawImageRectRectI

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e14beeb8a883a6cc7661d54d8222cc1c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

wininet

iphlpapi

crypt32

wintrust

urlmon

Exports

Exports

Sections

.text Size: 397KB - Virtual size: 397KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 14KB - Virtual size: 21KB

.rsrc Size: 246KB - Virtual size: 245KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 397KB - Virtual size: 397KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 14KB - Virtual size: 21KB

.rsrc
Size: 246KB - Virtual size: 245KB

.reloc
Size: 22KB - Virtual size: 22KB