1602a8023e7f105cb4039a7e1277dfaeeefdc6cc57c3e905b6aa7b46ecaada92

Sharing

Copy URL Twitter E-mail

General

Target

1602a8023e7f105cb4039a7e1277dfaeeefdc6cc57c3e905b6aa7b46ecaada92
Size

1.2MB
MD5

21ac723e20533a3348088900c1b33ca1
SHA1

5365fd6db7b38da90f022f8840a8c32faad2f6fb
SHA256

1602a8023e7f105cb4039a7e1277dfaeeefdc6cc57c3e905b6aa7b46ecaada92
SHA512

3a37b64d77a25af34cb28289fd765610578059ebdf447e618c9b60be1f9f8623f25a18e71599c0813f39cb809c680fd617fc32aff0590c633f2ac02c65cfd2ef
SSDEEP

24576:eqSCTJeq4W2L/yF6/D48i8Kfy5w0aEJiBjkL9hhKfVAe:eCgGF68kK6mtTBChwVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1602a8023e7f105cb4039a7e1277dfaeeefdc6cc57c3e905b6aa7b46ecaada92

Files

1602a8023e7f105cb4039a7e1277dfaeeefdc6cc57c3e905b6aa7b46ecaada92
.dll regsvr32 windows x64

8a508e9932d08d142416515dfda0f89b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryActCtxW
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
GlobalLock
GlobalUnlock
lstrcmpiW
FindResourceW
MultiByteToWideChar
GetFileSize
ReadFile
CreateThread
CreateFileW
GetFileSizeEx
CloseHandle
FindResourceExW
LockResource
VerSetConditionMask
Sleep
GetCurrentThreadId
GlobalAlloc
VerifyVersionInfoW
EncodePointer
GetThreadLocale
SetThreadLocale
SetThreadUILanguage
LoadLibraryW
GetModuleHandleExW
QueryPerformanceFrequency
SetEndOfFile
WriteConsoleW
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
FindActCtxSectionStringW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetModuleFileNameW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
DeactivateActCtx
ActivateActCtx
GetEnvironmentStringsW
CreateActCtxW
TerminateProcess
SetUnhandledExceptionFilter
OutputDebugStringA
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
DecodePointer

user32

DestroyIcon
SendMessageW
UnregisterClassW
SetClipboardViewer
ChangeClipboardChain
PostMessageW
CharNextW
GetMessagePos
GetComboBoxInfo
GetParent
OffsetRect
InflateRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
ReleaseDC
GetDC
GetSystemMetrics
GetCapture
GetFocus
SetWindowPos
DestroyWindow
ShowWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
RegisterWindowMessageW
EndDialog
GetMonitorInfoW
MonitorFromPoint
IsWindow
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
MessageBoxIndirectW
MessageBoxW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InsertMenuItemW
TrackPopupMenu
DestroyMenu
CreatePopupMenu
EnableWindow
GetKeyState
GetActiveWindow
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetDlgCtrlID
SetDlgItemTextW
GetDlgItem
DialogBoxParamW

gdi32

GetTextExtentExPointW
GetTextExtentPoint32W
SelectObject

shell32

DragQueryFileW
ShellExecuteW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop

oleaut32

SysAllocString
LoadRegTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a508e9932d08d142416515dfda0f89b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 645KB - Virtual size: 645KB

.rdata Size: 311KB - Virtual size: 310KB

.data Size: 36KB - Virtual size: 48KB

.pdata Size: 38KB - Virtual size: 37KB

.gfids Size: 512B - Virtual size: 388B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 181KB - Virtual size: 181KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 645KB - Virtual size: 645KB

.rdata
Size: 311KB - Virtual size: 310KB

.data
Size: 36KB - Virtual size: 48KB

.pdata
Size: 38KB - Virtual size: 37KB

.gfids
Size: 512B - Virtual size: 388B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 181KB - Virtual size: 181KB

.reloc
Size: 12KB - Virtual size: 11KB