14b57211308ac8ad2a63c965783d9ba1c2d1930d0cafd884374d143a481f9bf3

Sharing

Copy URL

Twitter E-mail

General

Target

14b57211308ac8ad2a63c965783d9ba1c2d1930d0cafd884374d143a481f9bf3
Size

580KB
MD5

57595f82e73bed372c669e907d4db642
SHA1

78f18ab091be74f0cf4002d5f452d1856ae33790
SHA256

14b57211308ac8ad2a63c965783d9ba1c2d1930d0cafd884374d143a481f9bf3
SHA512

2a2c24006ce009a9ce303cc703d9a9a975a153b02c8719ff7604672af8656bcbc2794b6bf67f9d7ede26161cb1a4d118644130108800b40717ab4c5b22a46ce5
SSDEEP

12288:eEETvW7M4xbC9V1Fj4ttR5bMzlTkPKO0kZ:eEEi7Myb4V34rXMpo0y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
14b57211308ac8ad2a63c965783d9ba1c2d1930d0cafd884374d143a481f9bf3

Files

14b57211308ac8ad2a63c965783d9ba1c2d1930d0cafd884374d143a481f9bf3
.dll regsvr32 windows x86

eab923583aa648aa09e329638e8354af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
ExitThread
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
HeapAlloc
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
InterlockedExchange
RtlUnwind
GetTickCount
FindResourceExA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
VirtualProtect
FileTimeToLocalFileTime
FindNextFileA
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
CreateEventA
SetEvent
InterlockedDecrement
GetFullPathNameA
FindFirstFileA
FindClose
lstrcpyA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
ReadDirectoryChangesW
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
GetModuleFileNameA
GetVolumeInformationA
CreateThread
SetThreadPriority
GetDriveTypeA
GetWindowsDirectoryA
GetSystemDirectoryA
GetLogicalDriveStringsA
GetCurrentProcess
GetShortPathNameA
OpenProcess
ResumeThread
SuspendThread
GetExitCodeThread
TerminateThread
Sleep
CreateProcessA
WaitForSingleObject
GetLastError
ExitProcess
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
CloseHandle
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetHandleCount

user32

PostThreadMessageA
ReleaseCapture
WindowFromPoint
SetCapture
CharNextA
GetSysColorBrush
GetAsyncKeyState
SetWindowContextHelpId
MapDialogRect
WaitMessage
SetRectEmpty
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
GetMessageA
TranslateMessage
ValidateRect
DestroyMenu
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
wsprintfA
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
SetParent
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxA
TrackPopupMenu
GetKeyState
EnableWindow
SendMessageA
CopyRect
InflateRect
LoadBitmapA
GetMenuItemCount
GetMenuItemID
GetSubMenu
ModifyMenuA
GetClientRect
UpdateWindow
InvalidateRect
RedrawWindow
SetTimer
SetForegroundWindow
GetMenu
AdjustWindowRectEx
GetParent
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
MessageBeep
GetNextDlgGroupItem
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetWindow
GetMenuState
GetMenuStringA
InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
RemovePropA
KillTimer
SetCursor
GetSysColor
CreateWindowExA
ShowWindow
CreateWindowExW
GetWindowRect
ClipCursor
SetSystemCursor
ShowCursor
DrawIcon
LoadMenuA
IsIconic
ScreenToClient
IsWindowVisible
LoadCursorA
LoadIconA
GetSystemMetrics
FillRect
SetRect
GetCursorPos
LoadCursorFromFileA
CopyIcon
ExitWindowsEx
PeekMessageA
PostMessageA
CharUpperA
TabbedTextOutA

gdi32

CombineRgn
GetMapMode
PatBlt
StretchDIBits
CreateCompatibleBitmap
GetCharWidthA
GetBkColor
SetRectRgn
GetRgnBox
EnumFontFamiliesExA
CreateRectRgnIndirect
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetTextColor
CreateFontA
GetViewportExtEx
CreateRectRgn
SelectClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
BitBlt
SelectObject
GetStockObject
CreateFontIndirectA
DeleteObject
CreateSolidBrush
StretchBlt
Rectangle
CreateCompatibleDC
GetObjectA
GetWindowExtEx

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
AdjustTokenPrivileges

shell32

SHBrowseForFolderA
ShellExecuteA
Shell_NotifyIconA
SHGetFileInfoA
SHGetPathFromIDListA

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

CoRevokeClassObject
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard

oleaut32

VariantClear
VariantChangeType
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
VariantInit
SysAllocStringLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect

ws2_32

recvfrom
WSAStartup
WSACleanup
accept
select
htonl
WSAGetLastError
WSASetLastError
connect
sendto
closesocket
WSAAsyncSelect
send
socket
gethostbyname
inet_addr
setsockopt
htons
bind
WSAIoctl
recv
ntohs
inet_ntoa

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eab923583aa648aa09e329638e8354af

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

psapi

Exports

Exports

Sections

.text Size: 276KB - Virtual size: 273KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 172KB - Virtual size: 169KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 276KB - Virtual size: 273KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 172KB - Virtual size: 169KB

.reloc
Size: 44KB - Virtual size: 43KB