537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482

Sharing

Copy URL

Twitter E-mail

General

Target

537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482
Size

2.2MB
MD5

12d377a96890a914ef853c7141433fc3
SHA1

5dd8d270761387f14642299d68e89e72de5522b9
SHA256

537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482
SHA512

24a3b6f2aacdfcd7ad800faf1c63b26bb01b29a2c96e415295fd06be1139bb43f1c6508c77d5d469c491e82e6a078abb4b76d6cc598d9416f8fdc3f02e4144e3
SSDEEP

49152:VX70OiJBC2d+wliw5QJatP/8xpT2sHBQp72O:VX7Jizd+wd5MaF8/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482

Files

537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482
.dll regsvr32 windows:6 windows x86

57113fe8744060ca2f12452a5f6a41f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFileTime
GetFileType
GetFileInformationByHandle
GetFileInformationByHandleEx
FreeResource
GetSystemInfo
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
GetDateFormatEx
GetTimeFormatEx
QueryPerformanceCounter
GetCurrentDirectoryW
CancelIo
GetUserPreferredUILanguages
GetLocaleInfoEx
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
GetFullPathNameW
OpenMutexW
GetEnvironmentVariableW
SetFileInformationByHandle
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
GetProcAddress
LoadLibraryA
GetModuleHandleA
CopyFileW
SetEndOfFile
SetFilePointer
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
WriteConsoleW
FindFirstFileExW
GetFinalPathNameByHandleW
ReplaceFileW
SetFileValidData
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetStdHandle
GetConsoleOutputCP
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapSize
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ReadFile
SetLastError
LocalFree
GetCurrentThreadId
GetLastError
DeleteFileW
MoveFileExW
CreateDirectoryW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
WriteFile
SetNamedPipeHandleState
CreateFileW
Sleep
CloseHandle
CreateProcessW
GetModuleHandleExW
lstrcpynW
lstrcpynA
GetFileAttributesW
LoadResource
LockResource
FindResourceW
SizeofResource
HeapAlloc
HeapFree
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStdHandle
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetStringTypeW
WakeAllConditionVariable
SleepConditionVariableSRW

user32

GetSystemMetrics
InsertMenuW
SetMenuInfo
SetMenuItemInfoW
CreateIconIndirect
ReleaseDC
GetDC
DestroyIcon
GetProcessWindowStation
GetIconInfo
GetUserObjectInformationW
LoadImageW
MessageBoxW

gdi32

DeleteDC
PatBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
CreateBitmap

ws2_32

recv
send
closesocket
WSAStartup
WSAGetLastError
WSASetLastError
WSACleanup
htonl
inet_ntop
ntohl

shell32

ord727
DuplicateIcon
SHChangeNotify
SHGetSpecialFolderPathW
DragQueryFileW
SHGetFileInfoW
SHGetStockIconInfo

advapi32

GetAce
CryptSignHashW
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetUserNameW
GetSecurityInfo
SetSecurityDescriptorControl
DeleteAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
EqualSid
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptEnumProvidersW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

gdiplus

GdiplusShutdown
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipDrawArcI
GdipDrawEllipseI
GdipFillEllipseI
GdipCloneBitmapAreaI
GdiplusStartup

shlwapi

PathFindExtensionW

mpr

WNetGetUniversalNameW

ntdll

RtlFreeHeap
RtlAllocateHeap

ncrypt

BCryptGenRandom

Exports

Exports

DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetExtVersion

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57113fe8744060ca2f12452a5f6a41f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

shell32

advapi32

crypt32

gdiplus

shlwapi

mpr

ntdll

ncrypt

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 424KB - Virtual size: 424KB

.data Size: 16KB - Virtual size: 62KB

.rsrc Size: 376KB - Virtual size: 376KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 424KB - Virtual size: 424KB

.data
Size: 16KB - Virtual size: 62KB

.rsrc
Size: 376KB - Virtual size: 376KB

.reloc
Size: 56KB - Virtual size: 55KB