9a6e6b9438e5e0929de66d481a3d16c39cf0c06959c34d4c063085566132d7e9

Sharing

Copy URL Twitter E-mail

General

Target

9a6e6b9438e5e0929de66d481a3d16c39cf0c06959c34d4c063085566132d7e9
Size

153KB
MD5

30265b2c8286847c87fcaa0f3f0b6bdc
SHA1

6562c3b1ed52ce1da47fa70102600be67e7c6a17
SHA256

9a6e6b9438e5e0929de66d481a3d16c39cf0c06959c34d4c063085566132d7e9
SHA512

80754f9e2ffd3104e85c91eb2f4f413b7140526966ae35af736a2aa0293661be1bb7ebf810cdfca69a22472819ae47ac3d49939cec47285b0aace34df2fd782d
SSDEEP

3072:9Inqq93lG8b0pwu3mNTKUda4r7bVPou41US+9oyR9Jdch4:q1n7u3mNndjr7bVPoRUp9oG9Jdc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a6e6b9438e5e0929de66d481a3d16c39cf0c06959c34d4c063085566132d7e9

Files

9a6e6b9438e5e0929de66d481a3d16c39cf0c06959c34d4c063085566132d7e9
.dll regsvr32 windows x86

9fafef661c701a975bfb5aa3063c709c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc110

ord2950
ord2245
ord1059
ord361
ord12843
ord5073
ord449
ord2464
ord6330
ord3816
ord2466
ord6410
ord2384
ord4746
ord8166
ord12695
ord4594
ord1517
ord1038
ord306
ord310
ord316
ord7991
ord5732
ord4256
ord1652
ord2144
ord8273
ord7470
ord1459
ord8191
ord12028
ord305
ord12701
ord12638
ord4519
ord7808
ord300
ord5769
ord2937
ord4595
ord14149
ord8571
ord6634
ord892
ord12859
ord13054
ord8623
ord8170
ord4579
ord4578
ord4102
ord2322
ord6590
ord14059
ord2931
ord12125
ord14338
ord12182
ord14391
ord4941
ord1520
ord968
ord13704
ord13018
ord1438
ord554
ord8312
ord1646
ord1177
ord6403
ord3540
ord1519
ord8130
ord5212
ord2430
ord12318
ord12317
ord14329
ord7734
ord14327
ord9203
ord4084
ord4023
ord12720
ord7753
ord1978
ord11766
ord11765
ord14201
ord12307
ord7811
ord14401
ord6192
ord14403
ord6194
ord14402
ord6193
ord987
ord1498
ord265
ord10228
ord266
ord2329
ord2327
ord2333
ord3783
ord323
ord1043
ord4804
ord9016
ord10047
ord8027
ord5264
ord6694
ord3786
ord5765
ord12020
ord8025
ord12032
ord12000
ord5107
ord5404
ord5614
ord9155
ord5380
ord5617
ord5110
ord5266
ord5091
ord7537
ord7538
ord1501
ord324
ord1044
ord2305
ord2189
ord2352
ord2355
ord2318
ord2354
ord484
ord2211
ord2316
ord2128
ord2242
ord2343
ord485
ord7528
ord1500

msvcr110

abs
memcpy
__CxxFrameHandler3
_resetstkoflw
_recalloc
malloc
free
sprintf_s
_mbsstr
_mbsnbcpy_s
wcsncpy_s
wcslen
strlen
strcat_s
strcpy_s
memset
memmove_s
_CxxThrowException
_purecall
memcmp
_initterm_e
__clean_type_info_names_internal
atoi
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
atof
memcpy_s

kernel32

EnterCriticalSection
LeaveCriticalSection
SetLastError
DeleteCriticalSection
LoadResource
SizeofResource
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
InterlockedDecrement
HeapAlloc
HeapFree
GetProcessHeap
InterlockedCompareExchange
MultiByteToWideChar
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
lstrlenA
lstrlenW
InterlockedIncrement
DecodePointer
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
LocalAlloc
LocalFree
WideCharToMultiByte
MulDiv
IsDBCSLeadByte
FindResourceA
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
LoadLibraryExA
lstrcmpiA
EncodePointer

user32

EqualRect
InflateRect
SetRect
IsRectEmpty
LoadCursorA
GetParent
SetWindowLongA
GetWindowLongA
PtInRect
OffsetRect
UnionRect
IntersectRect
CopyRect
SetRectEmpty
GetClientRect
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint
ReleaseDC
GetDC
GetKeyState
GetFocus
SetFocus
CharNextW
CharNextA
SetWindowPos
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
CallWindowProcA
DefWindowProcA
UnregisterClassA

gdi32

SetWindowExtEx
TextOutA
GetMapMode
CreateCompatibleDC
CreateCompatibleBitmap
SetTextAlign
SaveDC
RestoreDC
GetDeviceCaps
DeleteMetaFile
CreateRectRgnIndirect
CreateMetaFileA
GetWindowExtEx
SetWindowOrgEx
CloseMetaFile

advapi32

RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

ole32

OleRun
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
OleSaveToStream
WriteClassStm
ReadClassStm
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
VariantCopy
GetErrorInfo
SetErrorInfo
CreateErrorInfo

dasavebmp

?SaveDIB@@YAHPBDPAVCBitmap@@H@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fafef661c701a975bfb5aa3063c709c

Headers

DLL Characteristics

File Characteristics

Imports

mfc110

msvcr110

kernel32

user32

gdi32

advapi32

ole32

oleaut32

dasavebmp

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 10KB - Virtual size: 9KB