6728f23fd2c5fefe4b4d682f2b3e37cdd921f6b8e716dd4e30c70ed7d16f6756

Sharing

Copy URL Twitter E-mail

General

Target

6728f23fd2c5fefe4b4d682f2b3e37cdd921f6b8e716dd4e30c70ed7d16f6756
Size

212KB
MD5

022280314de8df2e99fa13c7df0951ce
SHA1

93eaadc747f5687f705da29bd1b3d2636abd0467
SHA256

6728f23fd2c5fefe4b4d682f2b3e37cdd921f6b8e716dd4e30c70ed7d16f6756
SHA512

d8ebd92b046c9e28e90e3318180b16b9b527cf26958f62c2b0b53141d31031c7b4f09e847c9d8d0ec307c23a0ee451086e3093f8f6bcacd6a3e9ed9fc6013358
SSDEEP

3072:C6ykOIRf4q36npY6kb66e2UPkorElwW6qwJuKRV5woKDFT7kMlfqQAY2:C6n7d66e2UPkg+aJuKcDFkM17x2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6728f23fd2c5fefe4b4d682f2b3e37cdd921f6b8e716dd4e30c70ed7d16f6756

Files

6728f23fd2c5fefe4b4d682f2b3e37cdd921f6b8e716dd4e30c70ed7d16f6756
.dll regsvr32 windows x86

942c4615e9bf1b2e91e9874598013933

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetStdHandle
WriteFile
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetTimeZoneInformation
GetConsoleMode
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
InitOnceComplete
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WTSGetActiveConsoleSessionId
GetWindowsDirectoryW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
OpenProcess
ReadProcessMemory
QueryDosDeviceW
LocalFree
InitOnceBeginInitialize
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
RaiseException
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
TerminateProcess
GetLastError
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot

msvcp140

?id@?$numpunct@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1facet@locale@std@@MAE@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Syserror_map@std@@YAPBDH@Z
_Xtime_get_ticks
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??Bid@locale@std@@QAEIXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??0facet@locale@std@@IAE@I@Z
?_Incref@facet@locale@std@@UAEXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Xbad_alloc@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ

shlwapi

PathRemoveBackslashW
PathRemoveFileSpecW
PathCanonicalizeW
PathAddBackslashW
PathAppendW
PathFileExistsW
PathIsRelativeW

vcruntime140

__CxxFrameHandler3
memmove
_except_handler4_common
__current_exception
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
__current_exception_context
__std_type_info_destroy_list
_CxxThrowException
memchr
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_resetstkoflw
_initterm_e
_initterm
_errno
_invalid_parameter_noinfo
_seh_filter_dll
_configure_narrow_argv
_wassert
abort
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate

api-ms-win-crt-heap-l1-1-0

free
_recalloc
malloc
_callnewh
calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strnlen
_wcsnicmp
_wcsicmp
wcsnlen
wmemcpy_s
isdigit

api-ms-win-crt-math-l1-1-0

_dclass
_fdclass
_ldsign
_ldclass
ceil
_dsign
_fdsign

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64_s
strftime

api-ms-win-crt-locale-l1-1-0

localeconv

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

rpcrt4

RpcObjectSetType
RpcServerListen
RpcServerRegisterIfEx
RpcServerUnregisterIfEx
NdrServerCall2
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
I_RpcBindingInqLocalClientPID

advapi32

OpenProcessToken
CheckTokenMembership
CopySid
DuplicateTokenEx
GetLengthSid
GetSidLengthRequired
GetSidSubAuthority
GetTokenInformation
InitializeSid
IsValidSid
SetTokenInformation
RegCloseKey
RegOpenKeyExW
ConvertSidToStringSidW
CreateProcessAsUserW

userenv

UnloadUserProfile
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

942c4615e9bf1b2e91e9874598013933

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

rpcrt4

advapi32

userenv

psapi

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 10KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 10KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB