2d65ad5aa063f7ea2dbec00aae583e6b18c620df887348617314a41740579f9d

Resubmissions

05/07/2023, 10:55

230705-mz62rsdb8v 8

30/01/2022, 13:17

220130-qjppbsbegn 8

Sharing

Copy URL Twitter E-mail

General

Target

2d65ad5aa063f7ea2dbec00aae583e6b18c620df887348617314a41740579f9d
Size

130KB
MD5

8c0cf5bc1f75d71879b48a286f6befcf
SHA1

ae2d90df8c0a1962d608a05599721b96215a3ad3
SHA256

2d65ad5aa063f7ea2dbec00aae583e6b18c620df887348617314a41740579f9d
SHA512

2a178a1ec63f293d5f027d9ca2def32fe1ce717b9a0a690daab3c03decd4ce69096c585223594f592ad46484f0d82aa0d27cf7547d57472fa3d1f1251bdda40d
SSDEEP

3072:a3GCOo2+XU+/Cg6zxpOUQpmAGaHsWvndZt9wxdTXv:tCOp+XU+/Cg6z/jQp/HsWkX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d65ad5aa063f7ea2dbec00aae583e6b18c620df887348617314a41740579f9d

Files

2d65ad5aa063f7ea2dbec00aae583e6b18c620df887348617314a41740579f9d
.dll regsvr32 windows x86

5a5018035b18af59f0737b4f5f3b8842

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
CreateEventA
OpenEventA
ExitProcess
MoveFileExA
MoveFileExW
GetSystemDirectoryA
CopyFileA
GetModuleFileNameW
SetEvent
GetDriveTypeW
SetFileAttributesW
GetWindowsDirectoryW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFileTime
SystemTimeToFileTime
GetPrivateProfileIntA
GetSystemTime
GetCurrentThread
GetCurrentThreadId
CreateThread
ExitThread
Sleep
GetTickCount
WaitForSingleObject
GetTempPathW
GetComputerNameA
ExpandEnvironmentStringsW
GetSystemInfo
GlobalFree
LoadLibraryExA
GetPrivateProfileStringA
GetVersionExA
OutputDebugStringA
CreateMutexA
OpenMutexA
SetLastError
GetFileAttributesA
FormatMessageW
FormatMessageA
SetErrorMode
CreateFileA
GetDiskFreeSpaceExA
GetFileTime
GetFileSizeEx
CreateFileW
GetDriveTypeA
SetFilePointer
LocalFree
DeleteFileW
CloseHandle
DuplicateHandle
DeleteCriticalSection
FindNextFileW
GetModuleHandleA
CreatePipe
RemoveDirectoryW
LocalAlloc
ProcessIdToSessionId
LoadLibraryA
FindClose
GetProcessVersion
EnterCriticalSection
MoveFileW
GetProcAddress
GetLastError
MultiByteToWideChar
FindFirstFileW
ReadFile
FileTimeToSystemTime
TerminateProcess
GetFileAttributesW
LeaveCriticalSection
CopyFileW
LoadLibraryW
WideCharToMultiByte
OpenProcess
InitializeCriticalSection
WriteFile
CreateDirectoryW
GetCurrentProcess
CreateProcessW
FreeLibrary
PeekNamedPipe
DisableThreadLibraryCalls

user32

OpenWindowStationA
ExitWindowsEx
GetDesktopWindow
SetThreadDesktop
CloseWindowStation
GetDC
CloseDesktop
GetThreadDesktop
GetWindowDC
GetWindowRect
SetProcessWindowStation
OpenInputDesktop
GetProcessWindowStation
GetSystemMetrics
GetMessageA
ReleaseDC

gdi32

GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
StretchBlt
RealizePalette
SelectPalette
GetObjectA
GetStockObject
CreateCompatibleBitmap
DeleteDC

advapi32

CryptAcquireContextA
ImpersonateLoggedOnUser
RegCreateKeyA
RegOpenKeyW
RegSetValueExA
CryptHashData
LsaFreeMemory
ConvertSidToStringSidW
LsaRetrievePrivateData
CryptDestroyHash
RegEnumValueA
CryptCreateHash
CredEnumerateW
LsaClose
RegOpenKeyExA
RegEnumKeyExA
CredFree
CryptReleaseContext
RegQueryValueExA
LsaOpenPolicy
OpenThreadToken
CryptGetHashParam
RegSetValueExW
ControlService
RegOpenKeyExW
RegEnumValueW
OpenSCManagerA
EnumServicesStatusW
RegDeleteValueW
RegQueryInfoKeyA
StartServiceW
OpenServiceW
EnumServicesStatusA
DeleteService
CloseServiceHandle
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
GetUserNameA
LookupAccountSidW
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
CloseEventLog
OpenEventLogA
ClearEventLogA
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
RegOpenKeyA
RevertToSelf

shell32

SHFileOperationW
CommandLineToArgvW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

ntdll

ZwQuerySystemInformation

ws2_32

select
WSAGetLastError
connect
shutdown
ioctlsocket
htons
htonl
setsockopt
recv
bind
socket
WSAStartup
getpeername
ntohs
getsockname
closesocket
send
listen
inet_addr
inet_ntoa
gethostbyname
accept

shlwapi

PathCanonicalizeW
SHDeleteKeyA
SHDeleteKeyW

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExW

wininet

InternetQueryOptionA

urlmon

URLDownloadToCacheFileA

crypt32

CryptUnprotectData

userenv

LoadUserProfileA
GetUserProfileDirectoryA
UnloadUserProfile

rasapi32

RasEnumEntriesW
RasGetEntryDialParamsW

msvcrt

wcscat
memmove
_wtoi
_snwprintf
strlen
wcsncpy
_wfopen
wcsncat
fgetws
wcslen
wcsrchr
_vsnwprintf
_purecall
??3@YAXPAX@Z
toupper
wcscpy
fclose
malloc
??2@YAPAXI@Z
sprintf
strcpy
wcsstr
realloc
wcscmp
isspace
strncpy
rand
_vsnprintf
wcstombs
_snprintf
strncmp
strstr
atoi
strcmp
wcschr
strncat
??_U@YAPAXI@Z
_wcsnicmp
isprint
strrchr
_wtof
strchr
isalnum
fopen
??_V@YAXPAX@Z
fread
srand
_time64
_wcsicmp
_wcsupr
_stricmp
_strnicmp
_CxxThrowException
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
free
memcpy
strcat
_ftol
memset
__CxxFrameHandler

oleaut32

GetErrorInfo

Exports

Exports

DllRegisterServer
DllUnregisterServer
ServiceMain
SvchostPushServiceGlobals
WUServiceMain
_crt_debugger_hook

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5a5018035b18af59f0737b4f5f3b8842

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

ws2_32

shlwapi

iphlpapi

psapi

wininet

urlmon

crypt32

userenv

rasapi32

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 41KB - Virtual size: 43KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 41KB - Virtual size: 43KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 6KB - Virtual size: 5KB