aa329092b6adfeab75c104bceff78e6d5d56eb4b8075f54b9cddc6dbc2ef886d

Sharing

Copy URL Twitter E-mail

General

Target

aa329092b6adfeab75c104bceff78e6d5d56eb4b8075f54b9cddc6dbc2ef886d
Size

238KB
MD5

bcda981c9be508ddf084c31f49d5fff8
SHA1

46ce5bfead746a513c59920f5a8c681483f31b70
SHA256

aa329092b6adfeab75c104bceff78e6d5d56eb4b8075f54b9cddc6dbc2ef886d
SHA512

0bae9137fc06d88ac985d9ff2cb7a7b3223529ef48a1c45c4f29dce21e12c02b058dd9061e0fccd04a252722cd26ae06184f88be7c6549ec7601ff66c60c086c
SSDEEP

6144:Opg4uonheEQ3dkznmHq4heLDpweo7/iTcU+t:umXEQ3ezmHFheLbp3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa329092b6adfeab75c104bceff78e6d5d56eb4b8075f54b9cddc6dbc2ef886d

Files

aa329092b6adfeab75c104bceff78e6d5d56eb4b8075f54b9cddc6dbc2ef886d
.dll regsvr32 windows:5 windows x86

228504c386820659d7c40df0e3c6edd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
CloseHandle
lstrcmpiW
lstrlenW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
FindResourceW
FindResourceExW
GetWindowsDirectoryW
GetVersionExW
SystemTimeToFileTime
FileTimeToSystemTime
InterlockedExchange
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
LeaveCriticalSection
GetSystemTime
LoadLibraryExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
EncodePointer
GetThreadLocale
SetThreadLocale
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
IsDebuggerPresent
GetCurrentThread
GetCurrentProcess
LocalFree
FreeLibrary
GetProcAddress
LockResource
RtlCaptureStackBackTrace
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
DecodePointer
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
CreateFileW
GetStringTypeW
GetFileType
GetStdHandle
GetACP
WideCharToMultiByte
GetModuleFileNameA
ExitProcess
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId

user32

CharLowerBuffW
IsCharAlphaW
SetMenuItemBitmaps
InsertMenuW
CreatePopupMenu
CharNextW

gdi32

SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyW
IsValidSid
GetTokenInformation
OpenProcessToken
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ReleaseStgMedium
CreateStreamOnHGlobal
StringFromGUID2

oleaut32

SysAllocString
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocStringLen

shlwapi

StrRChrW
StrStrIW
ord154
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindExtensionW
PathSearchAndQualifyW

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipAlloc
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteGraphics

secur32

GetUserNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

228504c386820659d7c40df0e3c6edd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

secur32

version

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 157KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 5KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 288B

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 158KB - Virtual size: 157KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 5KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 288B

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 10KB - Virtual size: 9KB