8b25369461be09776713c7ad38a2dc01dca98b26e4ccfde5441b6de46b6193c0

Sharing

Copy URL Twitter E-mail

General

Target

8b25369461be09776713c7ad38a2dc01dca98b26e4ccfde5441b6de46b6193c0
Size

269KB
MD5

297e84e16e13e3e30317b557684514dc
SHA1

11f8ff11592da4fda4a5a0d4b33e00938c874dcc
SHA256

8b25369461be09776713c7ad38a2dc01dca98b26e4ccfde5441b6de46b6193c0
SHA512

2379992635109ef0a5b9c5f885765c5f30f79890734e9a7c650fe76f4f7949a1fc81632aac58f9f3cdb46565c06141a030257757af3e9969a7075ef33e7907ae
SSDEEP

6144:Egj5E9UYwvUl7Bc7EXjpfEUV3jOuluTfgXHQVcdI5:EgjewvUti7EXjpcUV3jOulifgg5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b25369461be09776713c7ad38a2dc01dca98b26e4ccfde5441b6de46b6193c0

Files

8b25369461be09776713c7ad38a2dc01dca98b26e4ccfde5441b6de46b6193c0
.dll regsvr32 windows x86

7c01dcae69756ac914d29ac88d458718

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ft_et99_api

et_FindToken
et_OpenToken
et_Verify
et_Write
et_Read
et_CloseToken

ft_nd_api

epas_DeleteContext
epas_ChangeCode
epas_OpenDevice
epas_CreateContext
epas_SetProperty
epas_Verify
epas_CloseDevice

kernel32

GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceW
LoadLibraryExW
OutputDebugStringW
SetThreadLocale
GetThreadLocale
lstrlenA
WideCharToMultiByte
LocalFree
LeaveCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FlushFileBuffers
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateFileA
ReadFile
CloseHandle
HeapDestroy
lstrcmpiW
SizeofResource
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
InitializeCriticalSection
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
DecodePointer
EncodePointer
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
ExitProcess
WriteFile
GetStdHandle
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA

user32

CharNextW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
VariantClear
VariantCopy
SysStringByteLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c01dcae69756ac914d29ac88d458718

Headers

DLL Characteristics

File Characteristics

Imports

ft_et99_api

ft_nd_api

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 21KB - Virtual size: 20KB