c3367556d5ff4ad097dcf99ba0377ac7abb00c80d465bf9d51e493919c040ee4

Sharing

Copy URL Twitter E-mail

General

Target

c3367556d5ff4ad097dcf99ba0377ac7abb00c80d465bf9d51e493919c040ee4
Size

70KB
MD5

c44b118e2ff309a2638b64ebc1dd13f5
SHA1

0fd3989a7cf81dbaa34fd8e72cc6e4288ddf2058
SHA256

c3367556d5ff4ad097dcf99ba0377ac7abb00c80d465bf9d51e493919c040ee4
SHA512

6d1c83bee7c5ebd5159b3de021772ce0d59b4db1952e6ce926a6f7f4c4c3b7b1e5ed37bd354eba377c020782b9c139a057a7d5a7561e54b9669560c7eb868649
SSDEEP

1536:sBB1ERKa52HXqEo16Vc4inA9Ozke0hN/:wUR35EXs16Vcghp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3367556d5ff4ad097dcf99ba0377ac7abb00c80d465bf9d51e493919c040ee4

Files

c3367556d5ff4ad097dcf99ba0377ac7abb00c80d465bf9d51e493919c040ee4
.dll regsvr32 windows x86

436f6cc1e114fb283082187ef64d5a0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

DbgPrint
RtlRaiseException

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

kernel32

DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

mpr

WNetCancelConnection2W
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
free
fwrite
memmove
memset
strncmp
vfprintf

user32

CopyImage
DestroyIcon
DialogBoxParamW
EnableWindow
EndDialog
GetDlgItem
GetSystemMetrics
LoadImageW
LoadStringW
SendMessageW

Exports

Exports

AddNetPlaceRunDll
ClearAutoLogon
DllCanUnloadNow
DllGetClassObject
DllInstall
DllMain
DllRegisterServer
DllUnregisterServer
NetAccessWizard
NetPlacesWizardDoModal
PassportWizardRunDll
PublishRunDll
SHDisconnectNetDrives
UsersRunDll

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 952B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 425B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

436f6cc1e114fb283082187ef64d5a0e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

comctl32

kernel32

mpr

msvcrt

user32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 24B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 952B

.edata Size: 512B - Virtual size: 425B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 1024B - Virtual size: 584B

.rossym Size: 20KB - Virtual size: 20KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 24B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 952B

.edata
Size: 512B - Virtual size: 425B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 1024B - Virtual size: 584B

.rossym
Size: 20KB - Virtual size: 20KB