c9f22144bcabc8c1ede48ddc7e4ba1b3b6dac2698ebeaf5a9545992ef60a05e6

Sharing

Copy URL Twitter E-mail

General

Target

c9f22144bcabc8c1ede48ddc7e4ba1b3b6dac2698ebeaf5a9545992ef60a05e6
Size

466KB
MD5

bddbbb7faba0a4fc26af4a58864a47df
SHA1

eaf380052ec1ef744c2b77f7844c12f259339f9b
SHA256

c9f22144bcabc8c1ede48ddc7e4ba1b3b6dac2698ebeaf5a9545992ef60a05e6
SHA512

de304f6a706c3c941e7781f6f8049a8161ec7ce0da36a04bfbf31a3c752d7534acb0492e39871739dd9c9a7ab4cb0702222fe50ffa35d2867ea175658d8a5cd1
SSDEEP

6144:l87e5eaiAwWhJEcyE7RwZo1jjR7VZRHmcGW8LqK9idL9Ap9traRB+l48ZIS+:l87nR1E7mCjj7rGfLqE0+l48ZIS+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9f22144bcabc8c1ede48ddc7e4ba1b3b6dac2698ebeaf5a9545992ef60a05e6

Files

c9f22144bcabc8c1ede48ddc7e4ba1b3b6dac2698ebeaf5a9545992ef60a05e6
.dll regsvr32 windows:6 windows x64

9f65c5ab4a25a2dc070ef83c205cc2ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

urlmon

CreateAsyncBindCtx
CreateURLMonikerEx2
CreateURLMoniker
CoInternetParseUrl
ReleaseBindInfo

shell32

ShellExecuteW
ShellExecuteExW
ShellAboutW
SHGetFolderPathW

comctl32

ImageList_Destroy
ImageList_LoadImageW
CreateStatusWindowW

shlwapi

SHRegOpenUSKeyW
SHRegEnumUSValueW
SHRegCloseUSKey
PathAppendW
PathFindExtensionW
PathCreateFromUrlW
PathIsURLW
UrlApplySchemeW
ord167
SHRegQueryUSValueW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
VariantInit
SysAllocString
SafeArrayGetElement
SafeArrayGetDim
VariantClear
LoadRegTypeLib
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayCreateVector

ole32

PropVariantClear
StgCreateStorageEx
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoInitialize
OleRegGetUserType

user32

SetFocus
ReleaseDC
GetDC
DdeGetLastError
DdeNameService
DdeCmpStringHandles
DdeGetData
DdeCreateStringHandleW
DdeUninitialize
DdeInitializeW
UnregisterClassW
TranslateMessage
SetWindowPos
SetWindowLongPtrW
PostQuitMessage
LoadStringW
LoadMenuW
LoadImageW
LoadIconW
LoadCursorW
InsertMenuItemW
InflateRect
GetWindowTextLengthW
GetWindowTextW
GetWindowLongPtrW
DdeFreeStringHandle
GetSubMenu
GetMessageW
GetMenuItemInfoW
GetMenuItemCount
GetDlgItem
EndDialog
EnableWindow
DispatchMessageW
DialogBoxParamW
DestroyIcon
CreatePopupMenu
ShowWindow
SetMenu
IsWindowVisible
SetPropW
SendMessageW
RegisterClassExW
PostMessageW
GetPropW
DestroyWindow
DefWindowProcW
CreateWindowExW
GetClientRect
GetSystemMetrics

gdi32

GetDeviceCaps

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey

msvcrt

memcpy
_initterm
_amsg_exit
free
_vsnprintf
bsearch
strcspn
strchr
memmove
strlen
strcmp
strcpy
_assert
wcstol
swprintf
wcschr
memset
_wcsnicmp
memcmp
sprintf

kernel32

GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
lstrlenW
GetLastError
DisableThreadLibraryCalls
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleW
lstrcmpiW
lstrcmpW
lstrcpyW
CloseHandle
CreateFileW
CreateProcessW
GetPrivateProfileStringW
GetSystemDirectoryW
lstrcatW
lstrlenA
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalFree
MulDiv
GetEnvironmentVariableA
LocalAlloc
LocalFree
LocalReAlloc
SetLastError
EnumResourceNamesW
FindResourceW
HeapReAlloc
GetProcAddress
LoadLibraryW
LoadResource
SizeofResource
Sleep
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime

ntdll

vDbgPrintExWithPrefix

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IEGetWriteableHKCU
OpenURL

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f65c5ab4a25a2dc070ef83c205cc2ca

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

shell32

comctl32

shlwapi

oleaut32

ole32

user32

gdi32

advapi32

msvcrt

kernel32

ntdll

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 141KB - Virtual size: 141KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 141KB - Virtual size: 141KB

.reloc
Size: 3KB - Virtual size: 3KB