ea6dd7c7c94cb332586b31b0aeec5471c68811ec5acca6124dd5cb14cc5c3d96

Sharing

Copy URL Twitter E-mail

General

Target

ea6dd7c7c94cb332586b31b0aeec5471c68811ec5acca6124dd5cb14cc5c3d96
Size

212KB
MD5

bf59c5303550debc6992bdcec5186899
SHA1

adb2a9a6da9b4f2dbc4fc173751331d851617acf
SHA256

ea6dd7c7c94cb332586b31b0aeec5471c68811ec5acca6124dd5cb14cc5c3d96
SHA512

75bd7b1636ff3f0ab73c797fa37d3b230f7515b0bb0c0195919c9cd74c56717cf35204ad9a5a99c596f72fe30084693d26a13f30970868b657a56d60101ba3e0
SSDEEP

1536:ukcduhJDJcsevZt+upwF1c2L7xiuR/7WsnFWlEAFsEEuKop21MbcPwG+RdlpALsq:unWJcjZkn0uR/7BN+RFAEQD6Sojw5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea6dd7c7c94cb332586b31b0aeec5471c68811ec5acca6124dd5cb14cc5c3d96

Files

ea6dd7c7c94cb332586b31b0aeec5471c68811ec5acca6124dd5cb14cc5c3d96
.dll regsvr32 windows:4 windows x86

d3147db51bc90090fb2da596fdff9a7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrlenA
lstrcatA
lstrlenW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
CloseHandle
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetCommandLineA
GetVersion
ExitProcess
FatalAppExitA
IsBadWritePtr
IsBadReadPtr
HeapValidate
TerminateProcess
GetCurrentProcess
GetLastError
SetConsoleCtrlHandler
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetFilePointer
LCMapStringA
LCMapStringW
RtlUnwind
SetStdHandle
Sleep
FlushFileBuffers
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA

user32

CharNextA

ole32

CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3147db51bc90090fb2da596fdff9a7d

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 166KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 16KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 168KB - Virtual size: 166KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 16KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB