9473fb505ad54ff8b8f90fb3695982c4e1ba6fc5aa436a9a675f05b3cca2c614

Sharing

Copy URL

Twitter E-mail

General

Target

9473fb505ad54ff8b8f90fb3695982c4e1ba6fc5aa436a9a675f05b3cca2c614
Size

4.6MB
MD5

eb39014293de06f7dd517efcad711fbe
SHA1

58416c66a1b7bf1ea7a2ae4393852b91b20a534a
SHA256

9473fb505ad54ff8b8f90fb3695982c4e1ba6fc5aa436a9a675f05b3cca2c614
SHA512

43324be0c6b51f8c233643d97ddba9a9c348357ea9f74be7387f0e0ea64d359f4d1ff140879368b7f4151b6e2cd2380b9b9b390e538ab5eb33236b33bde66254
SSDEEP

98304:wKGkaa14WbXTfDyfhZE0L0ltc+ybiiBmB8MbQD3I0KG5C4Oao5mOey:OxmbyPBU8btBm7bQD3Xd1o5mOt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9473fb505ad54ff8b8f90fb3695982c4e1ba6fc5aa436a9a675f05b3cca2c614

Files

9473fb505ad54ff8b8f90fb3695982c4e1ba6fc5aa436a9a675f05b3cca2c614
.dll regsvr32 windows x64

1d75fa36e1819f75e6ef082ae3ff56ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemPowerStatus
CompareFileTime
CreateDirectoryW
CreateFileW
DeleteFileW
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
LocalFileTimeToFileTime
RemoveDirectoryA
SetFileAttributesW
SetFileTime
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
MoveFileExW
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcess
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
VirtualFreeEx
SetProcessWorkingSetSize
K32EmptyWorkingSet
FindFirstFileA
FindNextFileA
GetCommandLineW
GetCurrentProcessId
TerminateProcess
OpenThread
TerminateThread
OpenProcess
ReadProcessMemory
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32FirstW
Module32NextW
K32GetProcessMemoryInfo
K32GetPerformanceInfo
GetModuleFileNameA
GetProcessTimes
CreateThread
CreateFileA
GetFileSizeEx
ReadFile
DeviceIoControl
InitializeCriticalSectionAndSpinCount
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
OpenEventW
WriteProcessMemory
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteTimerQueueTimer
CreateThreadpool
MulDiv
GlobalUnlock
CloseThreadpool
QueryFullProcessImageNameA
RemoveDirectoryW
WriteFile
ExitProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetNativeSystemInfo
IsWow64Process
GlobalFree
K32GetProcessImageFileNameW
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetExitCodeProcess
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
LCMapStringEx
LocalFree
OutputDebugStringW
IsDebuggerPresent
VerifyVersionInfoW
SetThreadExecutionState
WinExec
SetThreadpoolThreadMaximum
GlobalAlloc
LockResource
FindResourceExW
TrySubmitThreadpoolCallback
GetPhysicallyInstalledSystemMemory
GetWindowsDirectoryW
GetSystemDirectoryW
SetLocalTime
GetLocalTime
GlobalMemoryStatusEx
GetSystemTimes
CreateProcessW
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
Beep
GetTempPathW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GlobalLock
VerSetConditionMask
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
EncodePointer
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
SetThreadpoolThreadMinimum
RtlUnwind
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ExitWindowsEx
CharNextW
UnregisterClassW
DrawIcon
GetWindowDC
RedrawWindow
MessageBoxA
MessageBoxW
GetClassLongPtrW
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
KillTimer
GetSystemMetrics
DrawTextW
GetDC
ReleaseDC
GetDesktopWindow
DefWindowProcW
PostQuitMessage
SendMessageW
ChangeDisplaySettingsW
EnumDisplaySettingsW
SystemParametersInfoW
MonitorFromWindow
GetMonitorInfoW
GetWindowThreadProcessId
SendMessageTimeoutW
PostMessageW
AttachThreadInput
GetDoubleClickTime
SetDoubleClickTime
GetFocus
GetKeyState
GetForegroundWindow
GetCursorPos
GetIconInfo
BlockInput
GetCursorInfo
GetAncestor
IsWindow
IsHungAppWindow
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
IsWindowVisible
IsIconic
IsZoomed
SetFocus
EnableWindow
IsWindowEnabled
SetForegroundWindow
SetWindowTextW
GetWindowTextA
GetClientRect
GetWindowRect
GetWindow
ClientToScreen
RegisterClassExW
CreateWindowExW
ScreenToClient
WindowFromPoint
FillRect
MapVirtualKeyW
SendInput
SetTimer
UpdateWindow
BeginPaint
EndPaint
SetWindowRgn
GetWindowTextW
GetClassNameW
LoadCursorW
GetWindowLongPtrW
SetWindowLongPtrW
EnumChildWindows
EnumWindows
GetClassNameA
LoadImageW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreatePen
CreateFontW
CreateCompatibleDC
CreateSolidBrush
DeleteDC
RealizePalette
SelectPalette
DeleteObject
GetDeviceCaps
GetTextExtentPoint32W
RoundRect
SelectObject
SetBkMode
SetTextColor
GetPixel
CreateDIBSection
SetDIBColorTable
GetObjectW
LineTo
SetBkColor
GetObjectA
MoveToEx
GetDIBits
CreateEllipticRgn
CreateRoundRectRgn
BitBlt
CreateCompatibleBitmap
GetStockObject

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
CloseServiceHandle
InitiateSystemShutdownExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHFileOperationA
SHGetKnownFolderPath
ShellExecuteW
SHCreateDirectoryExW
SHGetPathFromIDListEx
Shell_NotifyIconW

ole32

CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr
LoadTypeLi
SysStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadRegTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString

ws2_32

freeaddrinfo
socket
recv
htons
connect
closesocket
WSAStartup
ntohl
getaddrinfo
WSACleanup

shlwapi

PathFindExtensionW
PathFileExistsW

urlmon

URLDownloadToFileW

winmm

timeGetTime

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipLoadImageFromFile
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSetPropertyItem
GdipCreateFromHDC
GdipLoadImageFromFileICM
GdipSaveAddImage
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipGetImageHeight
GdipImageGetFrameDimensionsList
GdipGetImageEncoders
GdipDrawImageRectI

msimg32

TransparentBlt

dwmapi

DwmEnableBlurBehindWindow
ord102

imm32

ImmDisableIME

powrprof

PowerSetActiveScheme
PowerReadACValue
PowerReadDCValue
PowerWriteDCValueIndex
PowerWriteACValueIndex
SetSuspendState
PowerGetActiveScheme

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptEncrypt
BCryptDestroyHash
BCryptFinishHash
BCryptDecrypt
BCryptHashData

dxgi

CreateDXGIFactory

iphlpapi

GetAdaptersAddresses

wininet

InternetOpenW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d75fa36e1819f75e6ef082ae3ff56ee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

urlmon

winmm

gdiplus

msimg32

dwmapi

imm32

powrprof

bcrypt

dxgi

iphlpapi

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 207KB

.data Size: - Virtual size: 23KB

.pdata Size: - Virtual size: 55KB

_RDATA Size: - Virtual size: 244B

.upx0 Size: - Virtual size: 2.4MB

.upx1 Size: 4.6MB - Virtual size: 4.6MB

.reloc Size: 512B - Virtual size: 196B

.rsrc Size: 40KB - Virtual size: 262KB

.text
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 207KB

.data
Size: - Virtual size: 23KB

.pdata
Size: - Virtual size: 55KB

_RDATA
Size: - Virtual size: 244B

.upx0
Size: - Virtual size: 2.4MB

.upx1
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 512B - Virtual size: 196B

.rsrc
Size: 40KB - Virtual size: 262KB