ca138a41bbb9dd41bea0c27c16c2e9f9b2bf24bad5b323424761e4cf85202bf6

Sharing

Copy URL Twitter E-mail

General

Target

ca138a41bbb9dd41bea0c27c16c2e9f9b2bf24bad5b323424761e4cf85202bf6
Size

329KB
MD5

b2df0cc2a446c27f51ab3cb38f18783f
SHA1

d1b40a29571a9eb3162fbe816fdaad2dc89b25c2
SHA256

ca138a41bbb9dd41bea0c27c16c2e9f9b2bf24bad5b323424761e4cf85202bf6
SHA512

ffcc8546cdc587330505815def2b677238548d7a0e9a56c07f4232a73868478c0ba7994c82ee11f7876ce4f76563f47eab1ff9b7fa9aab6eab665fc76f217425
SSDEEP

3072:mybfIJzCkvoKMa3vNHhxHB50MBCKgN/rsMvx2WLAzwF9eKVYeipViZd0VrzQ:mofGz/vVVG0VrzQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca138a41bbb9dd41bea0c27c16c2e9f9b2bf24bad5b323424761e4cf85202bf6

Files

ca138a41bbb9dd41bea0c27c16c2e9f9b2bf24bad5b323424761e4cf85202bf6
.dll regsvr32 windows:4 windows x86

d13a79914f68ff6623f9e3462bbc5a2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CredEnumerateW
CredFree
CredWriteW

comctl32

InitCommonControls
ord410
ord412
ord413

kernel32

DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
EnumResourceNamesW
FindResourceW
GetEnvironmentVariableW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LeaveCriticalSection
LoadLibraryW
LoadResource
MultiByteToWideChar
RaiseException
SizeofResource
lstrcmpW

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
_strdup
_wcsicmp
free
fwrite
getenv
memcmp
memcpy
memmove
strchr
strcmp
strcspn
strlen
wcschr
wcsrchr

user32

CheckDlgButton
CreateWindowExW
DestroyWindow
DialogBoxParamW
EndDialog
GetDlgItem
GetDlgItemTextW
GetFocus
GetKeyState
GetParent
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
IsDlgButtonChecked
LoadStringW
LockSetForegroundWindow
SendMessageW
SetDlgItemTextW
SetFocus
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow

Exports

Exports

CredPackAuthenticationBufferW
CredUICmdLinePromptForCredentialsA
CredUICmdLinePromptForCredentialsW
CredUIConfirmCredentialsA
CredUIConfirmCredentialsW
CredUIInitControls
CredUIParseUserNameA
CredUIParseUserNameW
CredUIPromptForCredentialsA
CredUIPromptForCredentialsW
CredUIPromptForWindowsCredentialsW
CredUIReadSSOCredA
CredUIReadSSOCredW
CredUIStoreSSOCredA
CredUIStoreSSOCredW
CredUnPackAuthenticationBufferW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SspiPromptForCredentialsW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 196B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 4KB - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d13a79914f68ff6623f9e3462bbc5a2f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

kernel32

ntdll

ucrtbase

user32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 168B

.rodata Size: 4KB - Virtual size: 308B

.rdata Size: 4KB - Virtual size: 1KB

.bss Size: - Virtual size: 196B

.edata Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 98KB

.reloc Size: 4KB - Virtual size: 952B

/4 Size: 4KB - Virtual size: 224B

/19 Size: 68KB - Virtual size: 66KB

/31 Size: 8KB - Virtual size: 4KB

/45 Size: 20KB - Virtual size: 17KB

/57 Size: 4KB - Virtual size: 3KB

/70 Size: 4KB - Virtual size: 598B

/81 Size: 28KB - Virtual size: 25KB

/92 Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 168B

.rodata
Size: 4KB - Virtual size: 308B

.rdata
Size: 4KB - Virtual size: 1KB

.bss
Size: - Virtual size: 196B

.edata
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 98KB

.reloc
Size: 4KB - Virtual size: 952B

/4
Size: 4KB - Virtual size: 224B

/19
Size: 68KB - Virtual size: 66KB

/31
Size: 8KB - Virtual size: 4KB

/45
Size: 20KB - Virtual size: 17KB

/57
Size: 4KB - Virtual size: 3KB

/70
Size: 4KB - Virtual size: 598B

/81
Size: 28KB - Virtual size: 25KB

/92
Size: 4KB - Virtual size: 3KB