303cb2445f0f6f414aa54023fafbcb94e597cce237aa0470addf27b987030586

Sharing

Copy URL Twitter E-mail

General

Target

303cb2445f0f6f414aa54023fafbcb94e597cce237aa0470addf27b987030586
Size

1.8MB
MD5

e25e7c3055dff52d07cb25eee9639b74
SHA1

6109ea8483a55f6243c4b849f6310b6b84e78e30
SHA256

303cb2445f0f6f414aa54023fafbcb94e597cce237aa0470addf27b987030586
SHA512

76bf9ccbd1f9c6486d9d0b40940637304e1127d82c4919be518d0d28e0542f470938bf52a8d945caab1ffbf268b98489f0c18b78e494a7c561aa31f689575d23
SSDEEP

24576:a3JS52Sy3zy+Vh4aj7UbR+rVeOF5PHFZEVNbLAlaW:1dy3zy+AKUbR+Ze+kBgx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
303cb2445f0f6f414aa54023fafbcb94e597cce237aa0470addf27b987030586

Files

303cb2445f0f6f414aa54023fafbcb94e597cce237aa0470addf27b987030586
.dll regsvr32 windows x86

34088ffdbb31aafd5152811eef54d0e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

vDbgPrintExWithPrefix

advapi32

IsTextUnicode
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW

comctl32

ord320
ord327
ord321
ord323
ord324
ord413
GetEffectiveClientRect
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ImageList_LoadImageW
InitCommonControlsEx
PropertySheetW
ord412
ord410

kernel32

CloseHandle
CreateEventW
CreateFileMappingW
CreateFileW
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushInstructionCache
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
SetEvent
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
lstrcmpiW
lstrlenW

mpr

WNetDisconnectDialog

msvcrt

__dllonexit
_amsg_exit
_beginthreadex
_initterm
_iob
_lock
_memicmp
_onexit
_snwprintf
_strnicmp
_unlock
_vscwprintf
_vsnprintf
_vsnwprintf
_wcsicmp
_wcsnicmp
abort
bsearch
calloc
free
fwrite
iswspace
malloc
memcmp
memcpy
memmove
memset
realloc
sprintf
strchr
strcmp
strcpy
strcspn
strncmp
strrchr
vfprintf
vsprintf
vswprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcspbrk
wcsrchr
wcsstr
wcstol
wcstoul

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CreateStreamOnHGlobal
DoDragDrop
GetHGlobalFromStream
OleFlushClipboard
OleInitialize
OleUninitialize
RegisterDragDrop
RevokeDragDrop
StringFromGUID2

oleaut32

SafeArrayCreateVector
SysAllocString
SysFreeString
VariantClear
VariantInit

shell32

ILClone
ILCombine
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ord15
ord186
ILGetNext
ILGetSize
ILIsEqual
ILRemoveLastID
ReadCabinetState
SHAlloc
SHBindToParent
SHBrowseForFolderW
SHChangeNotifyRegister
SHCoCreateInstance
SHCreateShellFolderView
SHFree
SHGetDesktopFolder
SHGetFolderLocation
SHGetFolderPathAndSubDirW
SHGetImageList
SHGetInstanceExplorer
SHGetPathFromIDListW
SHGetSetSettings
SHGetSpecialFolderLocation
SHMapPIDLToSystemImageListIndex
SHOpenFolderAndSelectItems
SHParseDisplayName
SHSetInstanceExplorer
ShellAboutW
ShellExecuteExW
ShellMessageBoxW
Shell_GetImageLists
Shell_MergeMenus

shlwapi

ChrCmpIW
ord270
ord164
ord175
ord172
ord481
ord509
ord176
ord163
ord174
ord478
ord479
PathAddBackslashW
PathCombineW
PathFileExistsW
PathFindFileNameW
PathGetArgsW
PathIsDirectoryW
PathIsRelativeW
PathIsRootW
PathMatchSpecW
PathRemoveArgsW
PathStripToRootW
PathUnquoteSpacesW
ord7
SHAutoComplete
ord182
ord16
SHCreateThreadRef
ord278
ord181
ord460
ord10
ord193
ord192
SHGetValueW
ord279
ord439
ord8
ord178
SHRegGetBoolUSValueW
SHRegGetUSValueW
SHRegSetUSValueW
SHSetValueW
SHStrDupW
ord217
ord9
StrChrW
StrCmpIW
StrCmpLogicalW
StrCmpNIW
StrCmpW
StrDupW
StrFromTimeIntervalW
StrRetToBufW
StrRetToStrW
StrToIntW
wnsprintfW

uxtheme

SetWindowTheme

gdi32

BeginPath
BitBlt
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
EndPath
ExtTextOutW
GetObjectW
GetStockObject
GetTextMetricsW
LineTo
MoveToEx
OffsetWindowOrgEx
PathToRegion
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetWindowOrgEx

user32

AdjustWindowRectEx
AllowSetForegroundWindow
AppendMenuW
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcW
CharNextW
CharPrevW
CheckDlgButton
CheckMenuItem
ChildWindowFromPoint
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawTextW
EnableWindow
EndDeferWindowPos
EndPaint
EqualRect
FillRect
FindWindowW
GetAncestor
GetCapture
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDlgCtrlID
GetDlgItem
GetDlgItemTextW
GetFocus
GetKeyState
GetMenuItemCount
GetMenuItemInfoW
GetMessagePos
GetMessageW
GetMonitorInfoW
GetParent
GetScrollInfo
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageW
IsDlgButtonChecked
IsIconic
IsMenu
IsWindow
IsWindowVisible
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
LockWindowUpdate
MapWindowPoints
MessageBoxW
MonitorFromWindow
MoveWindow
OffsetRect
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetCapture
SetCursor
SetDlgItemTextW
SetFocus
SetMenuItemInfoW
SetParent
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowWindow
ShowWindowAsync
SystemParametersInfoW
TrackPopupMenu
TrackPopupMenuEx
TranslateAcceleratorW
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
wsprintfW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATL
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 761KB - Virtual size: 761KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34088ffdbb31aafd5152811eef54d0e6

Headers

File Characteristics

Imports

ntdll

advapi32

comctl32

kernel32

mpr

msvcrt

ole32

oleaut32

shell32

shlwapi

uxtheme

gdi32

user32

Exports

Exports

Sections

.text Size: 385KB - Virtual size: 384KB

.data Size: 3KB - Virtual size: 3KB

ATL Size: 512B - Virtual size: 8B

.rdata Size: 92KB - Virtual size: 92KB

.bss Size: - Virtual size: 5KB

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 11KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 583KB - Virtual size: 583KB

.reloc Size: 35KB - Virtual size: 35KB

.rossym Size: 761KB - Virtual size: 761KB

.text
Size: 385KB - Virtual size: 384KB

.data
Size: 3KB - Virtual size: 3KB

ATL
Size: 512B - Virtual size: 8B

.rdata
Size: 92KB - Virtual size: 92KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 583KB - Virtual size: 583KB

.reloc
Size: 35KB - Virtual size: 35KB

.rossym
Size: 761KB - Virtual size: 761KB