a0f5f769232b79a42488000e3eb6f7e48e886f599a0c8c70d156a06931f3bbc8

Sharing

Copy URL Twitter E-mail

General

Target

a0f5f769232b79a42488000e3eb6f7e48e886f599a0c8c70d156a06931f3bbc8
Size

740KB
MD5

4336bac794a9e0884a3709ee711a3f05
SHA1

106181602cb062861a8ee16577739168e97a6c35
SHA256

a0f5f769232b79a42488000e3eb6f7e48e886f599a0c8c70d156a06931f3bbc8
SHA512

31078fab47a42a12b555a14b3d4c63e4cfc21914a23fb6c6527473b92af259e6e4e6e5f88588c4c8a7e44d02ae5bc60264fd3119ed50b20c0d042106acb48392
SSDEEP

12288:+OzT5gExLDxvnGYx6WfifZVJVn8qvUEITYmryIuOEhW5hqr+FJDMJmXFr/K2O8nG:+OzT5gExLDtGYOom0cmrmOEhW58CFaSp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0f5f769232b79a42488000e3eb6f7e48e886f599a0c8c70d156a06931f3bbc8

Files

a0f5f769232b79a42488000e3eb6f7e48e886f599a0c8c70d156a06931f3bbc8
.dll regsvr32 windows x86

d790724595ece82c1754bb81716b68cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetGetConnectedState
InternetCreateUrlA

shlwapi

StrStrW
UrlUnescapeA
PathRemoveBackslashA
PathRemoveFileSpecA
StrStrIW

kernel32

CloseHandle
CreateMutexA
Sleep
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
LocalFree
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
ExpandEnvironmentStringsA
SetFileAttributesA
IsDBCSLeadByteEx
GetSystemDirectoryA
GetVolumeInformationA
CreateThread
GetExitCodeProcess
CreateProcessA
GetSystemDefaultLangID
WriteFile
ResetEvent
GetFileSize
ReadFile
GetWindowsDirectoryA
GetFileAttributesA
CreateFileA
WaitForSingleObject
ReleaseMutex
GetVersionExA
CompareStringW
CompareStringA
InterlockedExchange
GlobalHandle
GlobalFree
GlobalLock
GlobalUnlock
MulDiv
lstrcmpA
GlobalAlloc
InterlockedCompareExchange
DisableThreadLibraryCalls
IsDBCSLeadByte
InterlockedIncrement
LoadLibraryExA
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GetCommandLineA
GetDateFormatA
GetTimeFormatA
CreateEventA
SetEvent
DeleteFileA
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
RaiseException
GetModuleFileNameA
FormatMessageA
lstrlenA
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
FindResourceExA
FindResourceA
LocalAlloc
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetTickCount
FreeLibrary
LoadLibraryA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
IsBadWritePtr
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
SetEndOfFile
SetEnvironmentVariableA
GetTimeZoneInformation

user32

SetWindowPlacement
FindWindowExA
CreateDialogParamA
CheckMenuItem
GetMenuItemInfoA
RemoveMenu
GetMenuItemCount
DialogBoxParamA
MessageBoxA
UnionRect
GetCapture
UnregisterClassA
EnableMenuItem
InsertMenuItemA
CreatePopupMenu
DrawTextA
DrawStateA
GetAncestor
CopyIcon
DestroyIcon
OffsetRect
PostMessageA
RegisterWindowMessageA
CreateAcceleratorTableA
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
ReleaseCapture
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetDC
GetSysColor
SetWindowContextHelpId
MapDialogRect
EndDialog
GetSystemMetrics
DialogBoxIndirectParamA
LoadImageA
GetWindowTextLengthA
GetWindowTextA
IsChild
GetForegroundWindow
SetCursor
CharNextA
SetWindowsHookExA
GetFocus
CallNextHookEx
GetClassNameA
UnhookWindowsHookEx
EndMenu
MoveWindow
GetKeyState
ReleaseDC
GetWindowDC
ScreenToClient
ClientToScreen
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SetActiveWindow
GetDesktopWindow
IsWindowEnabled
EnableWindow
IsWindow
IsWindowVisible
CallWindowProcA
DefWindowProcA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
DestroyWindow
LoadCursorA
KillTimer
SetTimer
SetWindowLongA
LoadStringA
LoadMenuA
GetSubMenu
SetMenuItemInfoA
TrackPopupMenu
SendMessageA
DestroyMenu
SetWindowTextA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
GetWindowLongA
SetFocus
GetWindowPlacement
IsIconic
DrawFrameControl
UpdateWindow
SetWindowRgn
IsRectEmpty
PtInRect
SetRectEmpty
CopyRect
InflateRect
GetCursorPos
DrawIconEx
ShowWindow

gdi32

LPtoDP
DPtoLP
StretchBlt
OffsetRgn
EqualRgn
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
ExcludeClipRect
Polygon
CreatePen
SetTextColor
SetBkMode
GetTextColor
CreateBitmap
SetBkColor
CreateFontIndirectA
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SelectObject
GetTextMetricsA
DeleteDC
GetClipBox
SetStretchBltMode
GetTextExtentPoint32A
SetViewportOrgEx
GetViewportOrgEx
ExtTextOutA
FrameRgn
SetWindowOrgEx

advapi32

RegDeleteValueA
RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

OleLockRunning
CoTaskMemFree
CoInitialize
CoUninitialize
RegisterDragDrop
OleUninitialize
OleInitialize
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CoGetClassObject
CLSIDFromProgID
RevokeDragDrop
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
ProgIDFromCLSID

oleaut32

VariantClear
VariantCopy
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SysStringLen
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreateFontIndirect
VarBstrCmp
VariantInit
SysFreeString
VariantChangeType

comctl32

ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
ImageList_Create
ImageList_Destroy

snmpapi

SnmpUtilOidNCmp
SnmpUtilOidCpy
SnmpUtilVarBindFree

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d790724595ece82c1754bb81716b68cb

Headers

File Characteristics

Imports

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

snmpapi

version

Exports

Exports

Sections

.text Size: 408KB - Virtual size: 406KB

.rdata Size: 104KB - Virtual size: 102KB

.data Size: 28KB - Virtual size: 109KB

.SHARED Size: 4KB - Virtual size: 8B

.rsrc Size: 144KB - Virtual size: 141KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 104KB - Virtual size: 102KB

.data
Size: 28KB - Virtual size: 109KB

.SHARED
Size: 4KB - Virtual size: 8B

.rsrc
Size: 144KB - Virtual size: 141KB

.reloc
Size: 48KB - Virtual size: 44KB