0636815aa5fc1a9ab62965cb693e2f2130df51b59bd2fc0f02252c6663507940

Sharing

Copy URL Twitter E-mail

General

Target

0636815aa5fc1a9ab62965cb693e2f2130df51b59bd2fc0f02252c6663507940
Size

270KB
MD5

2f42ac474e44c8a7e6a1ca1412a1fc34
SHA1

3bb2dea53448c86fd9695b3d730f472a860beff1
SHA256

0636815aa5fc1a9ab62965cb693e2f2130df51b59bd2fc0f02252c6663507940
SHA512

c0002900d818c1de39351e6caa2f8b0e3764f3c155c1900a6ee7c591987205ab642899eca4fd6d2b4b4cd49579b30c06500b09a3277d53f57fbb15938c046e78
SSDEEP

6144:TGk38d1/K8vq2hZrrVKU4ZPbTwUi0/FErpLXZOs28wXkpXFUWT+OyNNYOlZCKbKU:h8vq2hZrrVKU4ZPbBFEbO8Qkpj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0636815aa5fc1a9ab62965cb693e2f2130df51b59bd2fc0f02252c6663507940

Files

0636815aa5fc1a9ab62965cb693e2f2130df51b59bd2fc0f02252c6663507940
.dll regsvr32 windows x86

1ff84a5dd4bc8877b1e4ea6c29d95385

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

vDbgPrintExWithPrefix

advapi32

RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateFileW
CreateSemaphoreW
DeleteCriticalSection
DeleteFileW
DisableThreadLibraryCalls
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindResourceW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetEnvironmentVariableA
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
SetFileAttributesW
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiW
lstrlenW

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_memicmp
_onexit
_unlock
_vsnprintf
_vsnwprintf
_wcsicmp
abort
bsearch
calloc
free
fwrite
iswspace
malloc
memcmp
memmove
memset
sprintf
strchr
strcmp
strcpy
strcspn
strncmp
strrchr
vfprintf
vsprintf
wcscat
wcschr
wcscpy
wcslen
wcstol
wcstoul

shell32

CDefFolderMenu_Create2
ord83
ILClone
ILCombine
ILFree
ILGetNext
SHChangeNotify
SHCreateFileExtractIconW
SHCreateShellFolderView
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteExW

user32

InsertMenuItemW
LoadStringW
RegisterClipboardFormatW
SendMessageW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATL
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ff84a5dd4bc8877b1e4ea6c29d95385

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

msvcrt

shell32

user32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 78KB

.data Size: 1KB - Virtual size: 1KB

ATL Size: 512B - Virtual size: 8B

.rdata Size: 17KB - Virtual size: 17KB

.bss Size: - Virtual size: 6KB

.edata Size: 512B - Virtual size: 164B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 5KB

.rossym Size: 152KB - Virtual size: 152KB

.text
Size: 79KB - Virtual size: 78KB

.data
Size: 1KB - Virtual size: 1KB

ATL
Size: 512B - Virtual size: 8B

.rdata
Size: 17KB - Virtual size: 17KB

.bss
Size: - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 164B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 5KB

.rossym
Size: 152KB - Virtual size: 152KB