5dba200ca5709734d234e2d021fa08e544044da1e223f517036d8fe402f1558d

Sharing

Copy URL Twitter E-mail

General

Target

5dba200ca5709734d234e2d021fa08e544044da1e223f517036d8fe402f1558d
Size

1.6MB
MD5

55dd23871229b2458a6a3cc6a6f26eb1
SHA1

c6af30bdc7f39d7b7234543e10cd6387fbbadcbc
SHA256

5dba200ca5709734d234e2d021fa08e544044da1e223f517036d8fe402f1558d
SHA512

56565a74d13ebd1e14599cfe9e8755435ed354ef871cb663a051fdf7ebb28a5402dc96bcfb679c8217e58fe837485cb11675f3613fb2a23690c907e6819ccc94
SSDEEP

24576:hPE6T4sArpNuAGbzh4aj7UbR+6R3NVx9:2ODZAGb6KUbR+Ob

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dba200ca5709734d234e2d021fa08e544044da1e223f517036d8fe402f1558d

Files

5dba200ca5709734d234e2d021fa08e544044da1e223f517036d8fe402f1558d
.dll regsvr32 windows x86

be3e0aa7700986645920d564775696ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

vDbgPrintExWithPrefix

advapi32

RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegQueryValueW
RegSetValueExW

comctl32

ord320
ord327
ord321
ord323
ord324
GetEffectiveClientRect
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ImageList_LoadImageW
InitCommonControlsEx
PropertySheetW

kernel32

CloseHandle
CreateEventW
CreateFileMappingW
CreateFileW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushInstructionCache
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
SetEvent
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
lstrcmpiW
lstrlenW

mpr

WNetDisconnectDialog

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_memicmp
_onexit
_snwprintf
_strnicmp
_unlock
_vscwprintf
_vsnprintf
_vsnwprintf
_wcsnicmp
abort
bsearch
calloc
fputc
fputs
free
fwrite
iswspace
malloc
memcmp
memcpy
memmove
memset
realloc
sprintf
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strrchr
swprintf
vfprintf
vsprintf
vswprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcspbrk
wcsrchr
wcsstr
wcstol
wcstoul
_write

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CreateStreamOnHGlobal
DoDragDrop
GetHGlobalFromStream
OleFlushClipboard
OleInitialize
OleUninitialize
RegisterDragDrop
RevokeDragDrop
StringFromGUID2

oleaut32

LoadTypeLib
RegisterTypeLib
SafeArrayCreateVector
SysAllocString
SysFreeString
SysStringLen
UnRegisterTypeLib
VariantClear
VariantInit

shell32

ILClone
ILCombine
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ord186
ILGetNext
ILGetSize
ILIsEqual
ILRemoveLastID
ReadCabinetState
SHAlloc
SHBindToParent
SHBrowseForFolderW
SHChangeNotifyRegister
SHCoCreateInstance
SHCreateShellFolderView
SHFree
SHGetDesktopFolder
SHGetFolderLocation
SHGetFolderPathAndSubDirW
SHGetImageList
SHGetInstanceExplorer
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHMapPIDLToSystemImageListIndex
SHOpenFolderAndSelectItems
SHParseDisplayName
SHSetInstanceExplorer
ShellAboutW
ShellExecuteExW
ShellMessageBoxW
Shell_GetImageLists
Shell_MergeMenus

shlwapi

ord270
ord164
ord175
ord172
ord481
ord509
ord176
ord163
ord174
ord478
ord479
PathAddBackslashW
PathCombineW
PathFileExistsW
PathFindFileNameW
PathGetArgsW
PathIsDirectoryW
PathIsRootW
PathMatchSpecW
PathStripToRootW
ord7
SHAutoComplete
ord182
ord16
SHCreateThreadRef
ord278
ord181
ord10
ord193
ord192
SHGetValueW
ord279
ord8
ord178
SHRegGetBoolUSValueW
SHRegSetUSValueW
SHSetValueW
ord9
StrChrW
StrCmpIW
StrCmpLogicalW
StrDupW
StrFromTimeIntervalW
StrRetToBufW
StrToIntW
wnsprintfW

uxtheme

SetWindowTheme

gdi32

BitBlt
CreateCompatibleDC
CreateFontIndirectW
DeleteDC
DeleteObject
ExtTextOutW
GetObjectW
OffsetWindowOrgEx
SelectObject
SetBkColor
SetWindowOrgEx

user32

AllowSetForegroundWindow
AppendMenuW
BeginDeferWindowPos
BeginPaint
CallWindowProcW
CharNextW
CharPrevW
CheckDlgButton
CheckMenuItem
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawTextW
EnableWindow
EndDeferWindowPos
EndPaint
FindWindowW
GetAncestor
GetClientRect
GetDlgCtrlID
GetDlgItem
GetDlgItemTextW
GetFocus
GetKeyState
GetMenuItemCount
GetMenuItemInfoW
GetMessagePos
GetMessageW
GetParent
GetPropW
GetShellWindow
GetSubMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageW
IsDlgButtonChecked
IsIconic
IsMenu
IsWindow
IsWindowVisible
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
LockWindowUpdate
MapWindowPoints
MessageBoxW
PostMessageW
PostQuitMessage
PostThreadMessageW
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
RemoveMenu
RemovePropW
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetCapture
SetCursor
SetDlgItemTextW
SetFocus
SetMenuItemInfoW
SetParent
SetPropW
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TrackPopupMenuEx
TranslateAcceleratorW
TranslateMessage
UpdateWindow
wsprintfW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 569KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be3e0aa7700986645920d564775696ee

Headers

File Characteristics

Imports

ntdll

advapi32

comctl32

kernel32

mpr

msvcrt

ole32

oleaut32

shell32

shlwapi

uxtheme

gdi32

user32

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 320KB

.data Size: 21KB - Virtual size: 20KB

.rdata Size: 68KB - Virtual size: 67KB

/4 Size: 512B - Virtual size: 500B

.bss Size: - Virtual size: 5KB

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 10KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 569KB - Virtual size: 569KB

.reloc Size: 28KB - Virtual size: 27KB

.rossym Size: 614KB - Virtual size: 614KB

.text
Size: 320KB - Virtual size: 320KB

.data
Size: 21KB - Virtual size: 20KB

.rdata
Size: 68KB - Virtual size: 67KB

/4
Size: 512B - Virtual size: 500B

.bss
Size: - Virtual size: 5KB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 10KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 569KB - Virtual size: 569KB

.reloc
Size: 28KB - Virtual size: 27KB

.rossym
Size: 614KB - Virtual size: 614KB