1787aa511874073835bd1d56f18d0476403f63ff640a0b3401cbf95886aeb3bc

Sharing

Copy URL

Twitter E-mail

General

Target

1787aa511874073835bd1d56f18d0476403f63ff640a0b3401cbf95886aeb3bc
Size

79KB
MD5

f010dacd94cf59c8fee92ce1e0ffad0f
SHA1

73f6e3d5b03aa0e839e9a53559c020ad06ad00c4
SHA256

1787aa511874073835bd1d56f18d0476403f63ff640a0b3401cbf95886aeb3bc
SHA512

cd77c48e5a00a89631f8d19ec863c34c204a60f958eafdfd92b4c83af436f10795cf803fc47eaf03d9f9566addf84ac6e5a7e632cb5c48f3a70f5d1c2a32d1d7
SSDEEP

768:WTZ8sFXgHZmOMfd6GvgBOoY+6cAdvz3xOp1bnHMgm2elga75t5C3jKx1+ZzBCUnh:WH5z3xyHMYeeaXdwJOsconYvoS8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1787aa511874073835bd1d56f18d0476403f63ff640a0b3401cbf95886aeb3bc

Files

1787aa511874073835bd1d56f18d0476403f63ff640a0b3401cbf95886aeb3bc
.dll regsvr32 windows x86

cd68e710a88c03d41eba6d35f997d11d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

DbgPrint

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterServiceCtrlHandlerW
SetServiceStatus

kernel32

CloseHandle
CreateEventW
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
SetEvent
SetSystemTime
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
free
fwrite
memmove
memset
strncmp
vfprintf
wcslen
wcsncpy

ws2_32

WSACleanup
WSAStartup
gethostbyname
htons
ntohl
recvfrom
select
sendto
socket

user32

LoadStringW

Exports

Exports

DllRegisterServer
DllUnregisterServer
SvchostEntry_W32Time
W32TimeSyncNow
W32TmServiceMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 984B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd68e710a88c03d41eba6d35f997d11d

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

msvcrt

ws2_32

user32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 40B

.rdata Size: 35KB - Virtual size: 34KB

.bss Size: - Virtual size: 984B

.edata Size: 512B - Virtual size: 257B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 848B

.rossym Size: 23KB - Virtual size: 22KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 40B

.rdata
Size: 35KB - Virtual size: 34KB

.bss
Size: - Virtual size: 984B

.edata
Size: 512B - Virtual size: 257B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 848B

.rossym
Size: 23KB - Virtual size: 22KB