bad2daec8b60e1909631148afb83fe0a21979ecde3007aa4c7f5cdf75b2bce51

Sharing

Copy URL Twitter E-mail

General

Target

bad2daec8b60e1909631148afb83fe0a21979ecde3007aa4c7f5cdf75b2bce51
Size

82KB
MD5

f3db1718eb92e7331fe1b118ab517794
SHA1

07ef09b5874726f24ba2d67b8dfdd7184b37c3d7
SHA256

bad2daec8b60e1909631148afb83fe0a21979ecde3007aa4c7f5cdf75b2bce51
SHA512

c6a14cabfa40affdc27d62ace3a6cb65b285a44a0c9f0442fe35952caab8e6cedcb50fec1bc0e5a27027690770df483f57e217bdb3eb046426d9824e3a54cb31
SSDEEP

1536:m/NE0r/1Chi8u4WqosHwScMkQ2bB1c0Oits:8S07Mhi8powwScMkQwBWZi2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bad2daec8b60e1909631148afb83fe0a21979ecde3007aa4c7f5cdf75b2bce51

Files

bad2daec8b60e1909631148afb83fe0a21979ecde3007aa4c7f5cdf75b2bce51
.dll windows x86

590abe6088e0bf229b2acc937c3e7ec0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc110

ord12468
ord12375
ord1177
ord3175
ord4780
ord262
ord259
ord4025
ord1102
ord6607
ord5372
ord840
ord839
ord3253
ord12345
ord7933
ord4594
ord14155
ord14149
ord6410
ord4805
ord3816
ord6333
ord357
ord4804
ord12858
ord13054
ord884
ord1380
ord11949
ord3203
ord3309
ord3308
ord3874
ord11905
ord2626
ord5277
ord13875
ord5782
ord13449
ord12801
ord11501
ord13296
ord5282
ord13228
ord6710
ord8566
ord14328
ord7735
ord14330
ord2995
ord4424
ord9495
ord5643
ord4432
ord4870
ord4837
ord4831
ord4867
ord4889
ord4846
ord4875
ord4885
ord493
ord4858
ord4862
ord4850
ord4879
ord4842
ord1724
ord1715
ord1719
ord1711
ord1702
ord12038
ord12040
ord13619
ord3204
ord9063
ord10795
ord6809
ord8773
ord14322
ord11719
ord3772
ord11870
ord8947
ord11510
ord11509
ord5507
ord10085
ord10081
ord10083
ord10084
ord10082
ord8018
ord1646
ord3240
ord3243
ord6375
ord3104
ord3341
ord1641
ord457
ord10266
ord11180
ord10808
ord8848
ord11953
ord9017
ord2704
ord13498
ord6064
ord11912
ord7311
ord2245
ord6071
ord500
ord1134
ord4026
ord6160
ord6590
ord2322
ord14186
ord948
ord970
ord1401
ord13017
ord13703
ord922
ord6643
ord8270
ord1520
ord1517
ord1038
ord310
ord300
ord316
ord5732
ord1652
ord6345
ord1440
ord8273
ord7470
ord1459
ord8191
ord12028
ord10228
ord12701
ord12638
ord4519
ord7808
ord8130
ord5212
ord2430
ord12318
ord12317
ord14329
ord7734
ord14327
ord9203
ord4084
ord4023
ord12720
ord7753
ord1978
ord11766
ord11765
ord14201
ord12307
ord7811
ord14401
ord6192
ord14403
ord6194
ord14402
ord6193
ord987
ord6694
ord3786
ord5765
ord12020
ord8025
ord12032
ord12000
ord5107
ord5404
ord5614
ord9155
ord5380
ord5617
ord5110
ord5266
ord8312
ord554
ord14391
ord12182
ord14338
ord12125
ord1133
ord2826
ord14340
ord11745
ord499
ord5369
ord6399
ord4746
ord8166
ord8571
ord12538
ord2931
ord10052
ord7991
ord5091
ord7537
ord7538
ord7528
ord5264
ord8027
ord10047
ord9016
ord1043
ord323
ord3783
ord2333
ord12557
ord3340
ord5367
ord2343
ord2242
ord2128
ord2316
ord2211
ord2327
ord2329
ord266
ord265
ord1498
ord4854
ord1501
ord324
ord1044
ord2305
ord2189
ord2352
ord2355
ord2318
ord2354
ord484
ord1500

msvcr110

malloc
free
_mbsstr
_mbsnbcpy_s
_recalloc
__clean_type_info_names_internal
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_time64
_mktime64
_localtime64_s
strftime
atoi
_vsnprintf
_mbsrchr
_mbsicmp
_mbsnbcpy
_purecall
memset
__CxxFrameHandler3
_resetstkoflw
memcpy_s

kernel32

RaiseException
GetProcAddress
FreeLibrary
InterlockedDecrement
LeaveCriticalSection
GetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
LocalFree
LocalAlloc
GetWindowsDirectoryA
GetCurrentThreadId
GetFileAttributesA
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
FindResourceA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryExA
lstrcmpiA
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
InterlockedIncrement

user32

GetSysColor
GetWindowRect
SetWindowTextA
InvalidateRect
GetDC
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetKeyState
SetWindowPos
ShowWindow
AttachThreadInput
SendMessageA
GetWindowThreadProcessId
EnumWindows
IsWindowEnabled
EnableWindow
CharNextA
GetWindowLongA

gdi32

Rectangle

advapi32

RegQueryInfoKeyW
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString

oleaut32

SysAllocString
VariantInit
VariantClear
VarUI4FromStr

Exports

Exports

GetCAPlugin

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

590abe6088e0bf229b2acc937c3e7ec0

Headers

DLL Characteristics

File Characteristics

Imports

mfc110

msvcr110

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 7KB