80c0ef2fee97b087ea21682a28b8a9bbcb925fa5f46073cfcc7d2fb90574861f

Sharing

Copy URL Twitter E-mail

General

Target

80c0ef2fee97b087ea21682a28b8a9bbcb925fa5f46073cfcc7d2fb90574861f
Size

3.6MB
MD5

be22982585d2b4aaa9f4a4b1a1ef6a8d
SHA1

3462ddedba13fb56dfc2083dd517bfb1d2125e2f
SHA256

80c0ef2fee97b087ea21682a28b8a9bbcb925fa5f46073cfcc7d2fb90574861f
SHA512

f2586b0c4d8a6b4c25c628dd25ce20243badaf75d71c1eeebb4dfa9b83dd8ec7ea72f73671047540309da30f3b7ef7dd9c74542c361103769118ee8a2609f09b
SSDEEP

49152:oQRgdDzXTk+dR5hFAAvEk/ztqThPv4rMyb4tvYUTDUt4xvN20:o2KzX7D5hFA+/ztAv4rMybOu4xvN20

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80c0ef2fee97b087ea21682a28b8a9bbcb925fa5f46073cfcc7d2fb90574861f

Files

80c0ef2fee97b087ea21682a28b8a9bbcb925fa5f46073cfcc7d2fb90574861f
.dll regsvr32 windows x86

dcf47f23a7d4d78254bb7dbac3bff346

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

LocalAlloc
SetUnhandledExceptionFilter
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
TlsSetValue
TlsGetValue
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
LCMapStringW
lstrcpyW
GetCurrentThread
SuspendThread
GetThreadContext
ResumeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
GetStdHandle
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CompareStringW
LockFile
SetFilePointer
AreFileApisANSI
InterlockedIncrement
GetCurrentThreadId
GetSystemInfo
ReadFile
WriteFile
GetModuleFileNameA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FlushFileBuffers
SetEndOfFile
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFullPathNameA
GetFullPathNameW
GetModuleHandleExW
InterlockedFlushSList
RtlUnwind
ExitProcess
ReadProcessMemory
FindResourceExW
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
CreateFileA
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
GetSystemTimeAsFileTime
TlsFree
TlsAlloc
CreateEventW
SetLastError
DecodePointer
EncodePointer
lstrcmpiW
GlobalUnlock
GlobalLock
FreeEnvironmentStringsW
SetFileAttributesW
GetFileSize
CreateFileW
GetFileAttributesW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
CopyFileW
DeleteFileW
GlobalFree
GlobalAlloc
GetCurrentProcess
FreeLibrary
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetWindowsDirectoryW
GetTempPathW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
K32GetModuleFileNameExW
OpenProcess
GetLocalTime
GetPrivateProfileIntW
CreateThread
TerminateThread
Sleep
WritePrivateProfileStringW
LoadLibraryW
GetEnvironmentVariableW
GetVersionExW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateDirectoryW
QueryPerformanceCounter
GetModuleFileNameW
GetPrivateProfileStringW
QueryPerformanceFrequency
HeapFree
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapAlloc
GetLastError
LockFileEx
UnlockFile
GetSystemTime
GetFileAttributesA
DeleteFileA
GetTempPathA
LoadLibraryA
FormatMessageA
SetEnvironmentVariableA

user32

TrackPopupMenu
RemoveMenu
ModifyMenuW
InsertMenuW
EnableMenuItem
CharNextW
DestroyMenu
DeleteMenu
CreatePopupMenu
CreateMenu
BeginPaint
SetCapture
OffsetRect
DrawTextW
GetCaretPos
GetKeyboardState
MessageBeep
ReleaseCapture
GetAsyncKeyState
GetKeyState
FindWindowW
PostMessageW
GetWindowThreadProcessId
GetCursorPos
GetClientRect
FillRect
UnionRect
SetRectEmpty
ScreenToClient
UpdateLayeredWindow
ToAscii
GetActiveWindow
LoadImageW
SetMenuInfo
SetWindowPos
GetParent
GetForegroundWindow
BringWindowToTop
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
IsClipboardFormatAvailable
GetClipboardData
GetClassNameW
GetWindowRect
GetDesktopWindow
GetSystemMetrics
keybd_event
GetWindowTextW
FindWindowExW
CharLowerW
GetFocus
IsWindow
IsWindowVisible
GetWindowLongW
SetWindowLongW
SetTimer
KillTimer
SetRect
SendMessageW
DestroyWindow
RegisterWindowMessageW
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
MonitorFromPoint
GetDC
ReleaseDC
SendMessageTimeoutW
GetMonitorInfoW
EnumDisplayMonitors
SystemParametersInfoW
PtInRect
ClientToScreen
WindowFromPoint
DialogBoxParamW
SetWindowTextW
SetDlgItemTextW
EndDialog
GetDlgItem
SetCursor
IsIconic
ShowWindow
InvalidateRect
SetFocus
MoveWindow
GetDlgItemTextW
CallWindowProcW
MessageBoxW
SetDlgItemInt
GetDlgItemInt
EndPaint

gdi32

LineTo
MoveToEx
CreatePen
TextOutW
GetTextExtentPointW
ExcludeClipRect
GetTextExtentPoint32W
CreateFontW
CreateSolidBrush
EnumFontsW
GetStockObject
GetDeviceCaps
SetBkMode
SetTextColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
BitBlt
DeleteDC
GetPixel
SelectObject
CreateICW

advapi32

GetLengthSid
RegDeleteKeyW
RegEnumKeyExW
SetSecurityInfo
LookupAccountSidW
GetTokenInformation
RegCreateKeyExW
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeSecurityDescriptor
LookupAccountNameW
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
EqualSid
AddAce

shell32

SHGetSpecialFolderPathW
SHAppBarMessage
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

GetErrorInfo
SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

dbghelp

StackWalk64
EnumerateLoadedModules64
SymFunctionTableAccess64
SymInitialize
SymGetModuleBase64

gdiplus

GdipCloneFont
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipFillRectangleI
GdipGetGenericFontFamilySansSerif
GdipGetImageRawFormat
GdipCloneBitmapAreaI
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipDrawLine
GdipSetPenDashStyle
GdipDrawLineI
GdipFillPath
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipSetImageAttributesColorKeys
GdipAddPathArcI
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipDrawString
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipAddPathLineI
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDeletePrivateFontCollection
GdipPrivateAddFontFile
GdipFree
GdipNewPrivateFontCollection
GdipNewInstalledFontCollection
GdipGetFontCollectionFamilyCount
GdipMeasureString
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipGetFontSize
GdipGetFamily
GdipDeleteFontFamily
GdipDeletePath
GdipCreatePath
GdiplusStartup
GdipSetStringFormatAlign
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipDisposeImageAttributes

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetServicesProfile

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcf47f23a7d4d78254bb7dbac3bff346

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

gdiplus

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 328KB - Virtual size: 327KB

.data Size: 27KB - Virtual size: 75KB

.gfids Size: 1024B - Virtual size: 748B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 83KB - Virtual size: 82KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 328KB - Virtual size: 327KB

.data
Size: 27KB - Virtual size: 75KB

.gfids
Size: 1024B - Virtual size: 748B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 83KB - Virtual size: 82KB