DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9545974e8356a72cbf1772457de4a2da22603e2f77c8f4bf726c0d87b8f8bbf0.dll
Resource
win7-20230712-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
9545974e8356a72cbf1772457de4a2da22603e2f77c8f4bf726c0d87b8f8bbf0.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
9545974e8356a72cbf1772457de4a2da22603e2f77c8f4bf726c0d87b8f8bbf0
-
Size
923KB
-
MD5
dd6d050f4d1c359a5960f9dd6c94bc81
-
SHA1
1cf432a82951bf240faf01eefbeed902de868db1
-
SHA256
9545974e8356a72cbf1772457de4a2da22603e2f77c8f4bf726c0d87b8f8bbf0
-
SHA512
e106e37aa5b0ca8c1dd42a1bd752a6c2c675ed01724cbf4fbe57d2e580b0995f256f845a5cec7e8b8e45b42d02624dab1cc486c83cf9532eea0d9896d9f7eb79
-
SSDEEP
12288:Dq7uAMCNsEydaVfREc04NipxyJWRcaUBf+s9+ioH8eQHnvl5m+l96aSV3uuDq6nw:Q2acRPWFG3BDZnw
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9545974e8356a72cbf1772457de4a2da22603e2f77c8f4bf726c0d87b8f8bbf0
Files
-
9545974e8356a72cbf1772457de4a2da22603e2f77c8f4bf726c0d87b8f8bbf0.dll regsvr32 windows x86
e7b430c6a26b6b5e4a673d9cf55f1866
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mfc90u
ord3071
ord5553
ord1034
ord6116
ord2370
ord5737
ord1556
ord310
ord3186
ord3737
ord4494
ord601
ord935
ord936
ord2695
ord814
ord2478
ord404
ord5535
ord3187
ord663
ord290
ord4490
ord2479
ord406
ord2490
ord2501
ord4322
ord3018
ord1553
ord665
ord3185
ord6013
ord1603
ord2694
ord5851
ord5979
ord4405
ord6698
ord938
ord3736
ord690
ord4324
ord1599
ord1313
ord909
ord286
ord811
ord280
ord600
ord296
ord813
ord1298
ord1254
ord2084
ord801
ord1248
ord1088
ord321
ord1092
ord794
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord1211
ord441
ord6415
ord1552
ord2702
ord2326
ord939
ord4235
ord5939
ord2676
ord1299
ord1607
ord285
ord3220
ord6630
ord403
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord1166
ord589
ord2447
ord4211
ord4043
ord4905
ord4681
ord799
ord265
ord266
ord2537
ord1250
ord605
ord1274
ord1241
ord1239
ord1264
ord1180
ord1233
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord1137
ord322
ord802
ord3670
msvcr90
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
tolower
strncmp
isspace
isalnum
isalpha
atof
fputc
ferror
fprintf
fopen_s
strpbrk
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
abort
exit
sprintf
memcpy
sscanf
vsprintf_s
strncpy_s
vprintf
strchr
strstr
strerror
realloc
printf
strcat_s
calloc
swprintf_s
_wfopen_s
_errno
_vsnwprintf
_wcsupr
_wtoi
fread
fseek
ftell
rewind
_wfopen
fwrite
fclose
swscanf_s
_vscprintf
_vsnprintf_s
atoi
wcsftime
_waccess
sprintf_s
_localtime64_s
_time64
wcscmp
strcpy_s
strlen
wcslen
strcmp
memmove_s
_purecall
malloc
_recalloc
wcsstr
memcpy_s
free
wcsncpy_s
wcscat_s
wcscpy_s
memcmp
_wcsnicmp
memset
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
sscanf_s
__CxxFrameHandler3
fread_s
kernel32
OutputDebugStringW
GetPrivateProfileStringW
MoveFileW
DeleteFileW
GetPrivateProfileIntW
WaitForSingleObject
CreateDirectoryW
RemoveDirectoryW
lstrcmpW
Sleep
lstrlenA
ProcessIdToSessionId
GetCurrentProcessId
OutputDebugStringA
CreateProcessW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
CreateFileW
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseMutex
CloseHandle
UnmapViewOfFile
GetTempFileNameW
GetTempPathW
FindClose
FindFirstFileW
GetVersionExW
GetFileAttributesW
SetFileAttributesW
FindNextFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
WTSGetActiveConsoleSessionId
LocalFree
LocalAlloc
FormatMessageW
GetTickCount
GetCurrentThreadId
GetLocalTime
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryW
LeaveCriticalSection
WideCharToMultiByte
lstrlenW
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
RaiseException
InitializeCriticalSection
SetThreadLocale
GetThreadLocale
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLastError
FreeLibrary
OpenMutexW
MultiByteToWideChar
EnterCriticalSection
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
CreateMutexW
ExpandEnvironmentStringsW
user32
SendMessageW
CharNextW
FindWindowW
advapi32
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
CreateProcessAsUserW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RevertToSelf
shell32
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
ord165
shlwapi
PathIsDirectoryW
PathRemoveFileSpecW
PathAddBackslashW
StrCatW
StrCmpW
PathFileExistsW
ole32
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
oleaut32
VariantClear
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
urlmon
URLDownloadToFileW
msvcp90
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$allocator@D@std@@QAE@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$allocator@D@std@@QAE@ABV01@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?max_size@?$allocator@D@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0locale@std@@QAE@XZ
??1locale@std@@QAE@XZ
?length@?$char_traits@D@std@@SAIPBD@Z
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?transform@?$collate@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@PBD0@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?is@?$ctype@D@std@@QBE_NFD@Z
??0locale@std@@QAE@ABV01@@Z
?_Xmem@tr1@std@@YAXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?max@?$numeric_limits@D@std@@SADXZ
?_Getcat@?$collate@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$collate@D@std@@2V0locale@2@A
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
ws2_32
WSAStartup
select
__WSAFDIsSet
getsockopt
gethostbyname
inet_ntoa
send
recv
WSAGetLastError
socket
htons
inet_addr
connect
closesocket
WSACleanup
enseccore
ECoreEncryptFileW
ECoreSetEnFileInfoExW
ECoreGetEnFileInfoExW
ECoreGetEnFileInfoW
ECoreGetErrInfoW
ECoreCloseHeaderContext
ECoreIsProcTrust
ECoreGetEnFileInfoByFileHeader
ECoreSetFileHeader
ECoreStreamDecryptData
ECoreCreateHeaderContext
ECoreCreateNewHeader
ECoreExportFileHeader
ECoreStreamEncryptData
ECoreInsertProcExW
ECoreGenAutFileExW
ECoreDecryptFileW
ECoreDecryptFileWithKeyW
ECoreGetFileTypeW
ECoreEncryptFileExW
ECoreIsEncryptFileExW
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
wininet
DeleteUrlCacheEntryW
crypt32
CryptStringToBinaryA
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
wtsapi32
WTSQueryUserToken
Exports
Exports
Sections
.text Size: 547KB - Virtual size: 546KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 250KB - Virtual size: 249KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ