c210d567e7079d6916f108ec3cc230df002b88fc8cc5af89a9c4178aacf24266

Sharing

Copy URL Twitter E-mail

General

Target

c210d567e7079d6916f108ec3cc230df002b88fc8cc5af89a9c4178aacf24266
Size

368KB
MD5

ab656e75b38b7a5d445d521c067c154a
SHA1

68bb7a2c0899f405333569eb4d5f6d54527d8025
SHA256

c210d567e7079d6916f108ec3cc230df002b88fc8cc5af89a9c4178aacf24266
SHA512

b5e6244b238f0feadff83547010c0095fcab76df75cae36bd514e6cd36033af67e3bb4c1ec4b020a9df207e530b656329fef7d6e34136535898109b1a5c4ea66
SSDEEP

6144:xYrC+vYGvBtMJ6rLxMeLPavq7bXSzb+/mxy7fNMlCdL013L15t/4Wyy:irC+v3vTMCTL57Lyb+Uy7FMlc454Wyy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c210d567e7079d6916f108ec3cc230df002b88fc8cc5af89a9c4178aacf24266

Files

c210d567e7079d6916f108ec3cc230df002b88fc8cc5af89a9c4178aacf24266
.dll regsvr32 windows x86

8842c9c11799ab41a1c3105282cebc1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExW
WaitForSingleObject
GetPrivateProfileStringW
HeapFree
LoadLibraryW
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetVersionExW
GetSystemDefaultLangID
GetFileAttributesW
FindFirstFileW
GetLongPathNameW
CreateFileW
FindNextFileW
FindClose
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetACP
InitializeCriticalSection
ReadFile
SetFilePointer
GetCurrentThreadId
OpenProcess
GetEnvironmentVariableW
WriteFile
GetFileSize
CreateDirectoryW
GetFullPathNameW
lstrlenW
GetTempPathW
InterlockedExchangeAdd
lstrcmpiW
GetCurrentProcessId
CreateMutexW
ReleaseMutex
CreateEventW
SetEvent
ResetEvent
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetConsoleMode
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
LCMapStringW
WriteConsoleW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetStringTypeW
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
DisableThreadLibraryCalls
MultiByteToWideChar
GetVersion
LeaveCriticalSection
EncodePointer
GetModuleFileNameW
EnterCriticalSection
SizeofResource
GlobalUnlock
WideCharToMultiByte
InterlockedIncrement
lstrcpynA
DeleteCriticalSection
GlobalLock
DecodePointer
RaiseException
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
lstrcpynW
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx

user32

GetIconInfo
LoadStringW
GetDesktopWindow
wsprintfW
SetRect
GetDC
ReleaseDC
LoadImageW
CharNextW
GetMenuItemInfoW
InsertMenuItemW
GetMenuItemCount
CreatePopupMenu
DestroyIcon
IsMenu
SetMenuItemInfoW
DestroyMenu
GetMenuInfo
AppendMenuW
DrawIconEx

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBits
DeleteDC
SetBkColor
ExtTextOutW
DeleteObject

advapi32

GetUserNameW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW
ShellExecuteExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance

oleaut32

VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8842c9c11799ab41a1c3105282cebc1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 258KB - Virtual size: 258KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 15KB - Virtual size: 15KB