96d54290fa11849294cc2dd52f9f26540c535ef520b022118e6a768da5baacae

Sharing

Copy URL

Twitter E-mail

General

Target

96d54290fa11849294cc2dd52f9f26540c535ef520b022118e6a768da5baacae
Size

268KB
MD5

68fa9a9444d65b26dbefd07cd3e691f9
SHA1

5a8db53939f32b94ab71bcc7421e80f89c365d6c
SHA256

96d54290fa11849294cc2dd52f9f26540c535ef520b022118e6a768da5baacae
SHA512

3604797d25d236ac7f7ee8d792e3ebcedad2b7082dabadda52083d576ce28a8e97cd87e5cad103776b5023c4e5a6ffb615365f57d1e6d3dc2f2b26da909ba340
SSDEEP

6144:08+WQ5Tboq8TFcZV1ARZrRIoCfy3JLAvYSpVmkTz0Gent5:08+J5TboqMcZV1ARZrRI0avYWU35

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96d54290fa11849294cc2dd52f9f26540c535ef520b022118e6a768da5baacae

Files

96d54290fa11849294cc2dd52f9f26540c535ef520b022118e6a768da5baacae
.dll regsvr32 windows x86

dd9b9c2efd16dbd9d787da0a2a504d45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
LocalFree
FormatMessageA
GetCurrentThreadId
GetLocalTime
GetTimeZoneInformation
GetFileSize
DeleteFileA
CreateFileA
FindClose
FindFirstFileA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
LocalAlloc
CompareFileTime
GetSystemTime
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetComputerNameA
CreateFileW
WriteFile
CloseHandle
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
lstrcatA
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentProcess
TerminateProcess
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
ExitProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
Sleep
InterlockedExchange
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
RaiseException
GetCommandLineA
GetVersion
GetEnvironmentVariableA

user32

wsprintfA
CharNextA
LoadStringA

advapi32

RegOpenKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
CryptDecrypt
CryptImportKey
CryptSetKeyParam
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptEncrypt
RevertToSelf
LogonUserA
ImpersonateLoggedOnUser
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
ProgIDFromCLSID
CoCreateGuid
OleRun
CoCreateInstance

oleaut32

SafeArrayCreate
SysFreeString
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SetErrorInfo
CreateErrorInfo
VariantChangeType
GetErrorInfo
SystemTimeToVariantTime
VariantInit
VariantTimeToSystemTime
VariantCopy

wsock32

setsockopt
socket
gethostbyname
ioctlsocket
sendto
WSAStartup
WSAGetLastError
gethostname
connect
send
recv
closesocket
htons
WSACleanup

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CryptImportPublicKeyInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd9b9c2efd16dbd9d787da0a2a504d45

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wsock32

crypt32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 52KB - Virtual size: 57KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 52KB - Virtual size: 57KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 11KB