2c8965a42c0571defc3864faed0f8cf76fcb9e7de53c44f729d26d57d59ab3bd

Sharing

Copy URL Twitter E-mail

General

Target

2c8965a42c0571defc3864faed0f8cf76fcb9e7de53c44f729d26d57d59ab3bd
Size

7.0MB
MD5

d355f00ecb1ffbec80958b037da4abcc
SHA1

ee4edc67a3135d8a2badee5eee3c977f31da1394
SHA256

2c8965a42c0571defc3864faed0f8cf76fcb9e7de53c44f729d26d57d59ab3bd
SHA512

786828ab58ac1d6ecbb6245bfdf28f134a719c75a877b245c36031179dce307d1dd53d38127e5891ff89489f62e0b11dc42e28dcc47b7d56464a1ffb40bfaa9a
SSDEEP

196608:p5mjnvdZXm0TcRnwzrIkzwl/pv1Buik2:p5mBBrvzwBpv1But2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c8965a42c0571defc3864faed0f8cf76fcb9e7de53c44f729d26d57d59ab3bd

Files

2c8965a42c0571defc3864faed0f8cf76fcb9e7de53c44f729d26d57d59ab3bd
.dll regsvr32 windows x64

d4ec139f7ec3345e70209de319b7484a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wsock32

listen
WSAStartup
htonl
gethostbyname
send
ntohl
htons
ioctlsocket
gethostbyaddr
getsockname
ntohs
getsockopt
getpeername
WSASetLastError
recvfrom
__WSAFDIsSet
select
inet_ntoa
gethostname
inet_addr
WSACleanup
connect
accept
recv
WSACancelBlockingCall
socket
WSAGetLastError
setsockopt
bind
sendto
shutdown
closesocket

ws2_32

WSASendTo
WSAGetOverlappedResult
WSAAddressToStringA
WSACreateEvent
WSAResetEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
getaddrinfo
WSAIoctl
freeaddrinfo
WSASocketA
WSARecvFrom

kernel32

LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryA
Sleep
FileTimeToSystemTime
GetCurrentThreadId
FreeResource
LockResource
GetCurrentProcessId
CloseHandle
_lclose
_lwrite
_lcreat
CreateMutexA
ReleaseMutex
WaitForSingleObject
GetComputerNameA
GetTickCount
GetCurrentProcess
GetSystemTime
GetTempPathA
GetComputerNameExA
LocalFree
SetEvent
ResetEvent
CreateThread
CreateEventA
GetExitCodeThread
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
WritePrivateProfileSectionA
GetPrivateProfileIntA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetWindowsDirectoryA
DeleteCriticalSection
GetFileTime
CreateFileA
lstrcpyA
SetLastError
SizeofResource
Process32Next
Process32First
CreateToolhelp32Snapshot
VerifyVersionInfoW
SleepEx
QueryPerformanceFrequency
FormatMessageW
SetEndOfFile
CreateFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
VerSetConditionMask
GetEnvironmentVariableA
PeekNamedPipe
WaitForMultipleObjects
MoveFileExA
GetFileSizeEx
FreeLibrary
IsDBCSLeadByte
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcmpiA
lstrlenA
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
InitializeCriticalSectionAndSpinCount
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetCommandLineA
FlsSetValue
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
VirtualQuery
GetSystemInfo
VirtualAlloc
GetModuleHandleA
GetProcAddress
TerminateProcess
GetLastError
SetConsoleMode
GetConsoleMode
FileTimeToLocalFileTime
GetDriveTypeA
GetFileAttributesA
GetFileInformationByHandle
GetFullPathNameA
GetCurrentDirectoryA
lstrcpynA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
FlushFileBuffers
GetStartupInfoA
SetHandleCount
GetConsoleCP
ReadFile
GetTimeZoneInformation
HeapSize
HeapDestroy
HeapCreate
HeapSetInformation
WriteFile
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
GetVersion
GetFileType
GetStdHandle
RtlVirtualUnwind
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryW
GetVersionExW
FlushConsoleInputBuffer
HeapFree
GetProcessHeap
HeapAlloc
RtlPcToFileHeader
RtlUnwindEx
VirtualProtect
LCMapStringA

user32

wsprintfA
CharNextW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxW
CharNextA

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
GetUserNameA
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
ReportEventW
RegDeleteValueA
DeregisterEventSource
RegQueryValueExA

ole32

OleRun
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocStringLen
VariantCopy
VariantClear
VariantInit
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
GetErrorInfo

crypt32

CertFreeCertificateContext
CertCloseStore
CryptStringToBinaryA
CertFindCertificateInStore
PFXImportCertStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptQueryObject
CryptDecodeObjectEx
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertOpenStore
CertCreateCertificateChainEngine

wldap32

ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord200
ord60
ord45
ord30
ord26
ord50
ord143
ord22
ord46
ord211
ord217

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4ec139f7ec3345e70209de319b7484a

Headers

File Characteristics

Imports

wsock32

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

crypt32

wldap32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 576KB - Virtual size: 576KB

.data Size: 183KB - Virtual size: 202KB

.pdata Size: 99KB - Virtual size: 99KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 576KB - Virtual size: 576KB

.data
Size: 183KB - Virtual size: 202KB

.pdata
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 40KB - Virtual size: 40KB