280c376ff6d0e176950e14c71ee067a52b711186399fa0442b800fcc06bb100a

Sharing

Copy URL

Twitter E-mail

General

Target

280c376ff6d0e176950e14c71ee067a52b711186399fa0442b800fcc06bb100a
Size

301KB
MD5

953ab43fab041ca22308fc45d3b26a00
SHA1

c8c004769eed1cb26ad81175a84c0664014d2c7d
SHA256

280c376ff6d0e176950e14c71ee067a52b711186399fa0442b800fcc06bb100a
SHA512

6afe858aaa87b2f0be761893bddac8d21487a24ab9cf758ca37baa0127c1711e4b6da7f1e2250f348882014b16199fc76a37722444e2b5513a9a0328e7677b06
SSDEEP

6144:tikMrOjM6kYo2GEE5MHNkymtExduhlo1I4PBpf:gvOjM6kmbDtkyqYwC1zP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
280c376ff6d0e176950e14c71ee067a52b711186399fa0442b800fcc06bb100a

Files

280c376ff6d0e176950e14c71ee067a52b711186399fa0442b800fcc06bb100a
.dll regsvr32 windows:5 windows x64

d2bc5f01d0936c6a6cc8a450353f38ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
lstrlenW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
FindResourceW
FindResourceExW
GetWindowsDirectoryW
GetVersionExW
SystemTimeToFileTime
FileTimeToSystemTime
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
CloseHandle
LoadLibraryExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
EncodePointer
GetThreadLocale
SetThreadLocale
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SizeofResource
LoadResource
IsDebuggerPresent
GetCurrentThread
LocalFree
GetCurrentProcess
GetProcAddress
FreeLibrary
LockResource
RtlCaptureStackBackTrace
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetSystemTime
DecodePointer
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetStringTypeW
CreateFileW
GetFileType
GetStdHandle
GetACP
WideCharToMultiByte
GetModuleFileNameA
ExitProcess
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetLastError
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext

user32

CharLowerBuffW
IsCharAlphaW
SetMenuItemBitmaps
InsertMenuW
CreatePopupMenu
CharNextW

gdi32

SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyW
IsValidSid
GetTokenInformation
OpenProcessToken
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ReleaseStgMedium
CreateStreamOnHGlobal
StringFromGUID2

oleaut32

SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
SysStringLen

shlwapi

StrStrIW
StrRChrW
ord154
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindExtensionW
PathSearchAndQualifyW

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipAlloc
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteGraphics

secur32

GetUserNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2bc5f01d0936c6a6cc8a450353f38ec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

secur32

version

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 224B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 224B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 3KB