f44c7179aa3435ebdaad1f324d9972bd8a4999c148e9d15f974aebb499e924a7

Sharing

Copy URL Twitter E-mail

General

Target

f44c7179aa3435ebdaad1f324d9972bd8a4999c148e9d15f974aebb499e924a7
Size

823KB
MD5

9c082eb3803afa7043d2ceee2c37c0be
SHA1

4726a74936e4667f8e5dd8cd5a70a40cdeda6239
SHA256

f44c7179aa3435ebdaad1f324d9972bd8a4999c148e9d15f974aebb499e924a7
SHA512

0c33c0661b4840843523fb9901c691acf73b26c03658290f25a9451c09e554e682d4e396df26ccd65e4906f160b4b6d11b827ea8a10561a9b29713158a44a7ba
SSDEEP

24576:5Rs7+1AvLcIj+lNvcNs4s1Qc8QJCDSjET7m0f:5R+nQIjQhcs4P+JCujETK0f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f44c7179aa3435ebdaad1f324d9972bd8a4999c148e9d15f974aebb499e924a7

Files

f44c7179aa3435ebdaad1f324d9972bd8a4999c148e9d15f974aebb499e924a7
.dll regsvr32 windows x86

a7fb5a1ad4fcab95caf90aea25017d18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
FindFirstFileA
FindNextFileA
FindClose
FormatMessageA
LocalFree
GlobalAlloc
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
CloseHandle
GetFileSizeEx
CreateFileA
DeleteFileA
RemoveDirectoryA
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
SetThreadLocale
GetThreadLocale
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
lstrcmpiA
GetProcAddress
GetModuleHandleA
FreeLibrary
lstrcatA
lstrlenA
lstrcpynA
CreateDirectoryA
GetTempPathA
DeleteCriticalSection
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
GetProcessHeap
InterlockedIncrement
QueryPerformanceCounter
CreateFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
WriteFile
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
SetLastError
Sleep
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetFileAttributesA
MoveFileA
GetCurrentThreadId
GetCommandLineA
RtlUnwind
HeapReAlloc
ExitProcess
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

wsprintfA
ReleaseDC
CharNextA
CharNextW
GetDC
GetSysColor

gdi32

CreateCompatibleDC
SelectObject
SetBkColor
ExtTextOutA
GetEnhMetaFilePaletteEntries
DeleteDC
CreatePalette
SelectPalette
RealizePalette
PlayEnhMetaFile
GetDIBits
SetEnhMetaFileBits
GetEnhMetaFileHeader
DeleteEnhMetaFile
GetDeviceCaps
SetWinMetaFileBits
DeleteObject
CreateCompatibleBitmap

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA
RegOpenKeyExW

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
SysFreeString
VarUI4FromStr
VarBstrCat
SysStringLen
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 647KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7fb5a1ad4fcab95caf90aea25017d18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 647KB - Virtual size: 647KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 17KB - Virtual size: 51KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 647KB - Virtual size: 647KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 17KB - Virtual size: 51KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 30KB - Virtual size: 30KB