c8cab5d18e649c46e1176d5ce1b4f01e3d551a6155486b05fa288c4fa3e9528f

Sharing

Copy URL Twitter E-mail

General

Target

c8cab5d18e649c46e1176d5ce1b4f01e3d551a6155486b05fa288c4fa3e9528f
Size

367KB
MD5

19e39845523977b23aa2d1313cba9f10
SHA1

25a68630ef9da4e3031bee3fed105cf74f680fb3
SHA256

c8cab5d18e649c46e1176d5ce1b4f01e3d551a6155486b05fa288c4fa3e9528f
SHA512

63ca8aee333fc5223986a48acc0140309cd2f0e098848e32b3ddf19b3fa656efb7bef0f63a95671180e3223310432e7274999e2197eb2a7f4a68d3b8c72d0c22
SSDEEP

6144:CJl6g9eZHihdZ2iEf7B5WxWTa9NrLZsiR/kvE81/LjpDH:8n8dihdZcf7i9/8/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8cab5d18e649c46e1176d5ce1b4f01e3d551a6155486b05fa288c4fa3e9528f

Files

c8cab5d18e649c46e1176d5ce1b4f01e3d551a6155486b05fa288c4fa3e9528f
.dll regsvr32 windows:5 windows x64

2e7d577f438e8fa08f7a5136299ff33a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

uxtheme

GetThemeFont
CloseThemeData
DrawThemeParentBackground
GetThemeColor
OpenThemeData
IsAppThemed

gdi32

CreateFontIndirectW
DeleteObject
CreateSolidBrush

advapi32

RegOpenKeyExA
RegEnumKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
OpenProcessToken
RegQueryValueExA
RegCreateKeyExW
RegCloseKey

kernel32

HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
Sleep
CreateThread
CreateMutexW
WaitForSingleObject
ReleaseMutex
FindResourceA
FreeLibrary
LoadResource
UpdateResourceA
EndUpdateResourceW
SizeofResource
SetLastError
BeginUpdateResourceW
LoadLibraryA
LockResource
BeginUpdateResourceA
UpdateResourceW
EndUpdateResourceA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetModuleHandleW
OpenProcess
LoadLibraryW
GetVersionExW
GetFileAttributesA
TerminateProcess
CompareStringW
GetProcAddress
Process32FirstW
GetSystemInfo
GetModuleFileNameA
Process32NextW
CreateToolhelp32Snapshot
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalDeleteAtom
TerminateThread
CreateProcessA
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFindAtomW
SetEvent
GetModuleFileNameW
lstrlenW
DisableThreadLibraryCalls
CreateEventW
OpenEventW
GlobalAddAtomW
GetCurrentProcessId
GetVersion
RtlCaptureContext
RtlVirtualUnwind
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
GetCommandLineA
FlsSetValue
GetCurrentThreadId
ExitProcess
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
FlsGetValue
FlsFree
FlsAlloc
HeapSize
CreateDirectoryA
SetEnvironmentVariableA
SetHandleCount
GetStdHandle
GetStartupInfoW
HeapSetInformation
HeapCreate
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
HeapDestroy

user32

GetSysColor
FillRect
GetWindowTextLengthW
GetSysColorBrush
SystemParametersInfoW
CallNextHookEx
FindWindowW
GetWindowTextW
FindWindowExW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
SetTimer
UnregisterClassW
KillTimer
LoadCursorW
GetWindowLongPtrW
SetFocus
PtInRect
InvalidateRect
ShowWindow
IsWindow
CreateWindowExW
RegisterClassW
SetWindowLongPtrW
SendMessageW
UpdateWindow
DefWindowProcW
GetWindowLongW
GetSystemMetrics
PostMessageW
SetWindowLongW

shell32

SHGetSpecialFolderPathW
SHLoadInProc
SHGetFolderPathA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
StringFromGUID2

imagehlp

MakeSureDirectoryPathExists

ws2_32

__WSAFDIsSet
closesocket
socket
send
getsockopt
inet_ntoa
recv
htons
select
WSAStartup
connect
gethostbyname

netapi32

Netbios

gdiplus

GdiplusStartup
GdiplusShutdown

shlwapi

PathFileExistsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetClassObjectEx
DllGetClassObjectNew
DllRegisterServer
DllShowBar
DllUnregisterServer
UnInstall

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e7d577f438e8fa08f7a5136299ff33a

Headers

DLL Characteristics

File Characteristics

Imports

uxtheme

gdi32

advapi32

kernel32

user32

shell32

ole32

imagehlp

ws2_32

netapi32

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 17KB - Virtual size: 28KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 17KB - Virtual size: 28KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB