fa1549bcaae9871c680670ac075f9058c44f3ec58b7e6d6238730aa9ba5eff80

Sharing

Copy URL

Twitter E-mail

General

Target

fa1549bcaae9871c680670ac075f9058c44f3ec58b7e6d6238730aa9ba5eff80
Size

1.8MB
MD5

3fa12f9085ee941ab0bb8cbdb3cc0ba4
SHA1

3cca9a82c3d7e5f40e88d86acfd7528b8b222859
SHA256

fa1549bcaae9871c680670ac075f9058c44f3ec58b7e6d6238730aa9ba5eff80
SHA512

849e81f01d6e04d494ff00b0e4669a35872acf74996d0668c3f93384bc7bd69d0b4af81b50310118ebce4e743d0ab4ebd2ea5ae3fa7f0076568311dfe9f0cb36
SSDEEP

12288:DVcKBN5CtDYyC6jK/n6cRbLTFCzuZHJHZmnsiL2r3t:DTNYRqSUWpkt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa1549bcaae9871c680670ac075f9058c44f3ec58b7e6d6238730aa9ba5eff80

Files

fa1549bcaae9871c680670ac075f9058c44f3ec58b7e6d6238730aa9ba5eff80
.dll regsvr32 windows:4 windows x86

86c3e4a595b7f7e160404bba9c3d2651

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueA
RegQueryValueExA
RegQueryValueW
RegSetValueExW

gdi32

BitBlt
CreateBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
EnumFontFamiliesExW
GdiGetCharDimensions
GetCurrentObject
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetObjectW
GetPaletteEntries
GetTextFaceW
GetTextMetricsW
PlayEnhMetaFile
PlayMetaFile
SelectObject
SetBkColor
SetEnhMetaFileBits
SetMapMode
SetMetaFileBitsEx
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StretchBlt

kernel32

CloseHandle
CompareStringW
ConvertDefaultLocale
CreateFileMappingW
CreateFileW
DebugBreak
DelayLoadFailureHook
DisableThreadLibraryCalls
EnterCriticalSection
EnumResourceNamesW
FindActCtxSectionGuid
FindResourceExW
FindResourceW
FreeLibrary
FreeResource
GetCurrencyFormatW
GetEnvironmentVariableW
GetFileSize
GetFinalPathNameByHandleW
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetNumberFormatW
GetProcAddress
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemTime
GetTickCount
GetTimeFormatW
GetVersion
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
IsWow64Process
LZClose
LZOpenFileW
LZRead
LZSeek
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ResolveDelayLoadedAPI
RtlUnwind
SearchPathW
SizeofResource
UnmapViewOfFile
WideCharToMultiByte
WriteFile
lstrcmpiW

ntdll

_vsnprintf

ole32

CLIPFORMAT_UserFree
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserUnmarshal
CoCreateInstance
CoGetMalloc
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CreateBindCtx
CreateErrorInfo
CreateItemMoniker
CreateStreamOnHGlobal
GetErrorInfo
GetRunningObjectTable
HACCEL_UserFree
HACCEL_UserMarshal
HACCEL_UserSize
HACCEL_UserUnmarshal
HDC_UserFree
HDC_UserMarshal
HDC_UserSize
HDC_UserUnmarshal
HPALETTE_UserFree
HPALETTE_UserMarshal
HPALETTE_UserSize
HPALETTE_UserUnmarshal
HWND_UserFree
HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal
SetErrorInfo
StringFromGUID2
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserUnmarshal

rpcrt4

CreateProxyFromTypeInfo
CreateStubFromTypeInfo
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrAllocate
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrClearOutParameters
NdrComplexArrayBufferSize
NdrComplexArrayMarshall
NdrComplexArrayUnmarshall
NdrComplexStructBufferSize
NdrComplexStructMarshall
NdrComplexStructUnmarshall
NdrConformantArrayBufferSize
NdrConformantArrayFree
NdrConformantArrayMarshall
NdrConformantArrayUnmarshall
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrConformantStringUnmarshall
NdrConformantVaryingArrayBufferSize
NdrConformantVaryingArrayMarshall
NdrConformantVaryingArrayUnmarshall
NdrConvert
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrInterfacePointerBufferSize
NdrInterfacePointerFree
NdrInterfacePointerMarshall
NdrInterfacePointerUnmarshall
NdrOleAllocate
NdrOleFree
NdrPointerBufferSize
NdrPointerFree
NdrPointerMarshall
NdrPointerUnmarshall
NdrProxyErrorHandler
NdrProxyFreeBuffer
NdrProxyGetBuffer
NdrProxyInitialize
NdrProxySendReceive
NdrSimpleStructBufferSize
NdrSimpleStructMarshall
NdrSimpleStructUnmarshall
NdrSimpleTypeMarshall
NdrSimpleTypeUnmarshall
NdrStubForwardingFunction
NdrStubGetBuffer
NdrStubInitialize
NdrUserMarshalBufferSize
NdrUserMarshalFree
NdrUserMarshalMarshall
NdrUserMarshalUnmarshall
RpcRaiseException

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_s
_assert
_create_locale
_free_locale
_strdup
_strnicmp
_wcsdup
_wcsicmp
_wcsnicmp
bsearch
fmod
free
fwrite
getenv
iswalpha
iswspace
malloc
memcmp
memcpy
memmove
memset
pow
strchr
strcmp
strcpy
strcspn
strlen
strtol
towlower
towupper
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsrchr
wcsspn
wcstod
wcstol
wcstoul

user32

CopyIcon
CreateIconFromResourceEx
DestroyIcon
GetClientRect
GetDC
GetIconInfo
GetSysColor
GetWindowLongW
ReleaseDC
SetWindowLongW

Exports

Exports

BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
ClearCustData
CreateDispTypeInfo
CreateErrorInfo
CreateStdDispatch
CreateTypeLib
CreateTypeLib2
DispCallFunc
DispGetIDsOfNames
DispGetParam
DispInvoke
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
GetVarConversionLocaleSetting
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLib
LoadTypeLib
LoadTypeLibEx
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPictureFileEx
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLib
RegisterActiveObject
RegisterTypeLib
RegisterTypeLibForUser
RevokeActiveObject
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetRecordInfo
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SetOaNoCache
SetVarConversionLocaleSetting
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
UnRegisterTypeLib
UnRegisterTypeLibForUser
UserBSTR_free_inst
UserBSTR_free_local
UserBSTR_from_local
UserBSTR_to_local
UserEXCEPINFO_free_inst
UserEXCEPINFO_free_local
UserEXCEPINFO_from_local
UserEXCEPINFO_to_local
UserHWND_free_inst
UserHWND_free_local
UserHWND_from_local
UserHWND_to_local
UserMSG_free_inst
UserMSG_free_local
UserMSG_from_local
UserMSG_to_local
UserVARIANT_free_inst
UserVARIANT_free_local
UserVARIANT_from_local
UserVARIANT_to_local
VARIANT_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAbs
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromI8
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBoolFromUI8
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromI8
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarBstrFromUI8
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFix
VarCyFromBool
VarCyFromDate
VarCyFromDec
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromI8
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyFromUI4
VarCyFromUI8
VarCyInt
VarCyMul
VarCyMulI4
VarCyMulI8
VarCyNeg
VarCyRound
VarCySub
VarDateFromBool
VarDateFromCy
VarDateFromDec
VarDateFromDisp
VarDateFromI1
VarDateFromI2
VarDateFromI4
VarDateFromI8
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUI8
VarDateFromUdate
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmp
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromBool
VarDecFromCy
VarDecFromDate
VarDecFromDisp
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecFromI8
VarDecFromR4
VarDecFromR8
VarDecFromStr
VarDecFromUI1
VarDecFromUI2
VarDecFromUI4
VarDecFromUI8
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarDecSub
VarDiv
VarEqv
VarFix
VarFormat
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatNumber
VarFormatPercent
VarI1FromBool
VarI1FromCy
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI2
VarI1FromI4
VarI1FromI8
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI1FromUI8
VarI2FromBool
VarI2FromCy
VarI2FromDate
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromI8
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI2FromUI8
VarI4FromBool
VarI4FromCy
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromI8
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI2
VarI4FromUI4
VarI4FromUI8
VarI8FromBool
VarI8FromCy
VarI8FromDate
VarI8FromDec
VarI8FromDisp
VarI8FromI1
VarI8FromI2
VarI8FromR4
VarI8FromR8
VarI8FromStr
VarI8FromUI1
VarI8FromUI2
VarI8FromUI4
VarI8FromUI8
VarIdiv
VarImp
VarInt
VarMod
VarMonthName
VarMul
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarPow
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromI8
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI2
VarR4FromUI4
VarR4FromUI8
VarR8FromBool
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromDisp
VarR8FromI1
VarR8FromI2
VarR8FromI4
VarR8FromI8
VarR8FromR4
VarR8FromStr
VarR8FromUI1
VarR8FromUI2
VarR8FromUI4
VarR8FromUI8
VarR8Pow
VarR8Round
VarRound
VarSub
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDec
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarUI1FromI8
VarUI1FromR4
VarUI1FromR8
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI1FromUI8
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromI8
VarUI2FromR4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI2FromUI8
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDec
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromI8
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VarUI4FromUI1
VarUI4FromUI2
VarUI4FromUI8
VarUI8FromBool
VarUI8FromCy
VarUI8FromDate
VarUI8FromDec
VarUI8FromDisp
VarUI8FromI1
VarUI8FromI2
VarUI8FromI8
VarUI8FromR4
VarUI8FromR8
VarUI8FromStr
VarUI8FromUI1
VarUI8FromUI2
VarUI8FromUI4
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToDosDateTime
VariantTimeToSystemTime
VectorFromBstr

Sections

.text
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86c3e4a595b7f7e160404bba9c3d2651

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

ntdll

ole32

rpcrt4

ucrtbase

user32

Exports

Exports

Sections

.text Size: 708KB - Virtual size: 706KB

.data Size: 116KB - Virtual size: 114KB

.rodata Size: 4KB - Virtual size: 2KB

.rdata Size: 120KB - Virtual size: 118KB

/4 Size: 104KB - Virtual size: 100KB

.edata Size: 120KB - Virtual size: 118KB

.idata Size: 12KB - Virtual size: 9KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 708KB - Virtual size: 706KB

.data
Size: 116KB - Virtual size: 114KB

.rodata
Size: 4KB - Virtual size: 2KB

.rdata
Size: 120KB - Virtual size: 118KB

/4
Size: 104KB - Virtual size: 100KB

.edata
Size: 120KB - Virtual size: 118KB

.idata
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 40KB - Virtual size: 39KB