18eab4e87ba05b66699019935bafe07cdb9b5f9271e941443905e6792fd34792

Sharing

Copy URL

Twitter E-mail

General

Target

18eab4e87ba05b66699019935bafe07cdb9b5f9271e941443905e6792fd34792
Size

160KB
MD5

7e2a0bc01d49c514fb4df605fbbea60e
SHA1

7eeac6b91b59ceab8133b84d62130ee71129f243
SHA256

18eab4e87ba05b66699019935bafe07cdb9b5f9271e941443905e6792fd34792
SHA512

68b78d1bc7ece041301b75a01edf8a944fc336c53a7544195d27e88e7d6cd9cea1f5b6e5e93a75d200faab22e947a0fcac87d5370ed27ee0d6acb4518807bff7
SSDEEP

3072:hmuSEEvdPdwZ2JxTL++sZNqoQTfsEvkPEMinQeVUxe69FNCR134Gv/V:hbYfwZ2J3sbqHXMPEMbeMeoNCR13

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18eab4e87ba05b66699019935bafe07cdb9b5f9271e941443905e6792fd34792

Files

18eab4e87ba05b66699019935bafe07cdb9b5f9271e941443905e6792fd34792
.dll regsvr32 windows x86

2f7873bda646df8cea85c7580e05f5ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSAStartup

kernel32

GetWindowsDirectoryW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CloseHandle
TerminateProcess
OpenProcess
GetCurrentProcess
QueryDosDeviceW
LocalFree
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
GetCurrentThreadId
GetTickCount
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
TerminateThread
VerifyVersionInfoW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
FreeLibrary
InitOnceComplete
IsDebuggerPresent
OutputDebugStringW
ResetEvent
TlsSetValue
TlsGetValue
TlsAlloc
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
QueryPerformanceCounter
HeapDestroy
GetLastError
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetSystemTimeAsFileTime
InitializeSListHead
TlsFree
InitOnceBeginInitialize

user32

CreateWindowExW
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
RegisterClassExW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
SetWinEventHook
GetWindowThreadProcessId
GetClassNameW
SetWindowLongW
GetParent
GetWindowRect
GetWindowTextW
IsWindowVisible
PostMessageW

ole32

CoTaskMemFree
StringFromCLSID
CoInitialize
CoUninitialize

advapi32

OpenProcessToken
CopySid
GetLengthSid
GetTokenInformation
IsValidSid
RegCloseKey
RegOpenKeyExW
ConvertSidToStringSidW
AddAce
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSidLengthRequired
GetSidSubAuthority
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
MakeAbsoluteSD
MakeSelfRelativeSD
SetSecurityDescriptorDacl

msvcp140

_Cnd_do_broadcast_at_thread_exit
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Throw_Cpp_error@std@@YAXH@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??Bid@locale@std@@QAEIXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
_Thrd_id
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
_Thrd_join

shlwapi

PathRemoveBackslashW
PathCanonicalizeW
PathAddBackslashW
PathRemoveFileSpecW
PathIsRelativeW
PathAppendW
PathFileExistsW

userenv

UnloadUserProfile

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

vcruntime140

__std_type_info_compare
_except_handler4_common
__std_type_info_destroy_list
memset
memcpy
memmove
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
abort
_invalid_parameter_noinfo_noreturn
_wassert
_cexit
_crt_atexit
_execute_onexit_table
_initterm
_resetstkoflw
terminate
_beginthreadex
_errno
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_initterm_e

api-ms-win-crt-math-l1-1-0

_dclass
_dsign

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vswprintf_s

api-ms-win-crt-string-l1-1-0

wmemcpy_s
iswspace
strnlen
_wcsicmp
wcsnlen
_wcsnicmp

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
_callnewh

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall2
NdrServerCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f7873bda646df8cea85c7580e05f5ea

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

ole32

advapi32

msvcp140

shlwapi

userenv

psapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

rpcrt4

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB