ecaf7ab8ce58a0cefe1652fc904bd7ec0c4438627b88219efb8431604065ca1d

Sharing

Copy URL

Twitter E-mail

General

Target

ecaf7ab8ce58a0cefe1652fc904bd7ec0c4438627b88219efb8431604065ca1d
Size

4.3MB
MD5

b81e8875fd1a0a85414169ab11c49ab4
SHA1

e376a69a407081c92fcc510ecff4caa30897a4b1
SHA256

ecaf7ab8ce58a0cefe1652fc904bd7ec0c4438627b88219efb8431604065ca1d
SHA512

80c8b1d35bef473510f4a89f3b8042d9d4bd930e9eab2b87cfa20064284338c7fee2b930989ea171101d6c0c95dfbcaeef8a1680538a11d405b572d86e190b8c
SSDEEP

49152:qmAvV/5CYjGDD3RHOE9v/dC5irmo3wdpibeCuvBbRJHRh81j9w5jiBk5/DEvFXus:CR5sP5OEvPyiyjvZR17DEvFXdf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecaf7ab8ce58a0cefe1652fc904bd7ec0c4438627b88219efb8431604065ca1d

Files

ecaf7ab8ce58a0cefe1652fc904bd7ec0c4438627b88219efb8431604065ca1d
.dll regsvr32 windows x86

9586d4f63fa91ba0d0d6ead16689f097

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend

imm32

ImmUnlockIMCC
ImmSetConversionStatus
ImmCreateIMCC
ImmDisableIME
ImmLockIMC
ImmLockIMCC
ImmGetConversionStatus
ImmGenerateMessage
ImmReSizeIMCC
ImmGetIMCCSize
ImmUnlockIMC

oleacc

AccessibleObjectFromWindow
AccessibleObjectFromEvent

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

MiniDumpWriteDump

kernel32

MoveFileExW
CopyFileW
MultiByteToWideChar
GetLocalTime
LCMapStringW
GetStartupInfoW
ResetEvent
GlobalMemoryStatusEx
OpenFileMappingW
OpenMutexW
VirtualQuery
GetCurrentProcess
GetModuleHandleW
GetSystemInfo
SetFilePointer
SetEndOfFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemDirectoryW
LocalFree
ExpandEnvironmentStringsW
DeviceIoControl
RemoveDirectoryW
SetLastError
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CancelIo
WriteFile
CreateNamedPipeW
ConnectNamedPipe
FindNextFileW
UnmapViewOfFile
DuplicateHandle
GetFileInformationByHandle
SystemTimeToFileTime
GetFileType
GetSystemTime
CreateFileMappingW
MapViewOfFile
FileTimeToDosDateTime
CreateDirectoryW
SetFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
ExitProcess
ResumeThread
InitializeCriticalSection
CreateMutexW
ReleaseMutex
LoadLibraryExW
GetACP
GetVersionExW
lstrcmpiW
QueryDosDeviceW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GlobalUnlock
GetFileAttributesExW
GetEnvironmentVariableW
GetVolumeInformationW
GetDiskFreeSpaceW
GetLogicalDriveStringsW
GetFullPathNameW
GetTempPathW
GetWindowsDirectoryW
MoveFileW
GetFileSizeEx
SetFileAttributesW
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalLock
GlobalFree
GlobalAlloc
Sleep
FreeLibrary
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
HeapSize
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetTimeZoneInformation
GetModuleFileNameA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
HeapReAlloc
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetFileAttributesW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
DeleteFileW
FormatMessageW
WideCharToMultiByte
FindClose
lstrlenW
FindFirstFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
OpenEventW
SetEvent
CreateEventW
WaitForSingleObject
InterlockedExchangeAdd
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
CloseHandle
OpenProcess
MulDiv
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
WaitForMultipleObjects
GetTickCount
GetLastError
GetCurrentThreadId
CreateProcessW
GetProcAddress
lstrcpyW
GetFileSize
DecodePointer
RaiseException
CreateFileW
ReadFile
FindResourceW
LoadResource
LockResource
LoadLibraryW
SizeofResource
GetLongPathNameW

user32

EqualRect
WaitMessage
GetCapture
DispatchMessageW
PeekMessageW
TranslateMessage
MonitorFromRect
MapVirtualKeyExW
GetKeyboardLayout
GetKeyNameTextW
InflateRect
DeleteMenu
RemovePropW
CreatePopupMenu
IsMenu
SetMenuItemInfoW
IsWindowEnabled
DestroyMenu
IntersectRect
SetFocus
GetUpdateRect
InsertMenuW
SetRectEmpty
AppendMenuW
UpdateWindow
FillRect
IsRectEmpty
GetWindowTextLengthW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
CopyRect
LoadKeyboardLayoutW
ActivateKeyboardLayout
LoadStringW
GetKeyboardLayoutList
WindowFromPoint
GetParent
SetWinEventHook
GetClassInfoExW
RegisterClassExW
UnregisterClassW
PostMessageW
GetKeyState
DefWindowProcW
IsIconic
GetActiveWindow
DrawIconEx
DrawTextW
RegisterClipboardFormatW
keybd_event
OpenClipboard
CloseClipboard
FindWindowExW
GetWindowThreadProcessId
GetWindowLongW
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
GetDesktopWindow
GetKeyboardState
GetFocus
NotifyWinEvent
GetClassNameW
CallNextHookEx
UnhookWinEvent
GetAncestor
GetWindowTextW
UnhookWindowsHookEx
SetWindowsHookExW
LoadImageW
UnregisterHotKey
RegisterHotKey
GetAsyncKeyState
MoveWindow
KillTimer
SetCursorPos
ReleaseDC
GetDC
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
GetMenuItemID
MessageBoxW
GetMenuItemCount
GetSubMenu
GetForegroundWindow
GetMenuStringW
CheckMenuItem
EnableMenuItem
ClientToScreen
ToUnicodeEx
SystemParametersInfoW
GetGUIThreadInfo
SendInput
GetSystemMetrics
TrackMouseEvent
FindWindowW
SetCapture
ReleaseCapture
DestroyWindow
CreateWindowExW
ScreenToClient
SetTimer
WindowFromDC
SetWindowLongW
GetClientRect
SetRect
InvalidateRect
SendMessageW
GetWindowRect
IsWindowVisible
SetWindowPos
ShowWindow
LoadCursorW
SetCursor
UpdateLayeredWindow
PtInRect
GetCursorPos
BeginPaint
EndPaint
IsWindow

gdi32

SelectObject
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPointW
CreatePen
CreateRectRgn
LineTo
CreateCompatibleDC
SelectClipRgn
MoveToEx
CreateDIBitmap
CreateCompatibleBitmap
CreateSolidBrush
EnumFontFamiliesW
GetStockObject
BitBlt
CreateDIBSection
GetBitmapBits
SetTextColor
SetBkMode
GetObjectW
GetDeviceCaps
DeleteDC
SetBkColor
DeleteObject
ExtCreatePen

advapi32

RegOpenKeyExW
GetFileSecurityW
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
GetSecurityDescriptorDacl
RegDeleteValueW
RegEnumValueW
GetAclInformation
GetAce
EqualSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegQueryValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW

ole32

RevokeDragDrop
CoUninitialize
RegisterDragDrop
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysStringLen
SysFreeString
VariantInit
SysAllocString

iphlpapi

GetAdaptersAddresses

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
UIWindowProcedure

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9586d4f63fa91ba0d0d6ead16689f097

Headers

DLL Characteristics

File Characteristics

Imports

msimg32

imm32

oleacc

version

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 765KB - Virtual size: 764KB

.data Size: 108KB - Virtual size: 114KB

.rsrc Size: 371KB - Virtual size: 371KB

.reloc Size: 178KB - Virtual size: 178KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 765KB - Virtual size: 764KB

.data
Size: 108KB - Virtual size: 114KB

.rsrc
Size: 371KB - Virtual size: 371KB

.reloc
Size: 178KB - Virtual size: 178KB