b345e36239444efdf24efc5dcda33cfd7a7d0a6de272c4d803954a05c219c152

Sharing

Copy URL

Twitter E-mail

General

Target

b345e36239444efdf24efc5dcda33cfd7a7d0a6de272c4d803954a05c219c152
Size

8.9MB
MD5

0e54aff3326a49ef961b5072a4eb4ff8
SHA1

3783b856bc57b2e954cb4de73b9886bc3e30d28a
SHA256

b345e36239444efdf24efc5dcda33cfd7a7d0a6de272c4d803954a05c219c152
SHA512

4b17b6da79e5e1db6331a3cea1476a2f29a793cc51e65448a276b6a27a26afcfd4c49f400efe2b9d7325826deaa01d530e1d92fdd9f6c719863e530fc96e0d6e
SSDEEP

196608:y6C4rKpLoIr5BpWo7+VPNgCzrDPjzfDgDAeFdJsSMlc:yl4r0vr5B17+VJPfDgAkJsv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b345e36239444efdf24efc5dcda33cfd7a7d0a6de272c4d803954a05c219c152

Files

b345e36239444efdf24efc5dcda33cfd7a7d0a6de272c4d803954a05c219c152
.dll regsvr32 windows:6 windows x86

7829cd8358f91f5bfca2c32d1080d9a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemPowerStatus
CompareFileTime
CreateDirectoryW
CreateFileW
DeleteFileW
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
LocalFileTimeToFileTime
RemoveDirectoryA
SetFileAttributesW
SetFileTime
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
MoveFileExW
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcess
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
VirtualFreeEx
SetProcessWorkingSetSize
K32EmptyWorkingSet
FindFirstFileA
FindNextFileA
GetCommandLineW
GetCurrentProcessId
TerminateProcess
OpenThread
TerminateThread
OpenProcess
ReadProcessMemory
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32FirstW
Module32NextW
K32GetProcessMemoryInfo
K32GetPerformanceInfo
GetModuleFileNameA
GetProcessTimes
CreateThread
CreateFileA
GetFileSizeEx
ReadFile
DeviceIoControl
InitializeCriticalSectionAndSpinCount
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
OpenEventW
WriteProcessMemory
CreateFileMappingW
OpenFileMappingW
GlobalUnlock
UnmapViewOfFile
MulDiv
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpool
QueryFullProcessImageNameA
RemoveDirectoryW
WriteFile
ExitProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetNativeSystemInfo
IsWow64Process
GlobalFree
K32GetProcessImageFileNameW
GlobalAlloc
LockResource
FindResourceExW
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetExitCodeProcess
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
LocalFree
OutputDebugStringW
IsDebuggerPresent
VerifyVersionInfoW
SetThreadExecutionState
WinExec
DeleteTimerQueueTimer
TrySubmitThreadpoolCallback
GetPhysicallyInstalledSystemMemory
GlobalLock
GetWindowsDirectoryW
GetSystemDirectoryW
SetLocalTime
GetLocalTime
GlobalMemoryStatusEx
GetSystemTimes
CreateProcessW
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
Beep
GetTempPathW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
VerSetConditionMask
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
MapViewOfFile
EncodePointer
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

TranslateMessage
DispatchMessageW
UnregisterClassW
CharNextW
ExitWindowsEx
SendMessageW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
wsprintfW
GetClassLongW
MessageBoxW
MessageBoxA
RedrawWindow
InvalidateRect
GetWindowDC
UpdateWindow
DrawIcon
MapVirtualKeyW
SendInput
LoadImageW
DefWindowProcW
EmptyClipboard
KillTimer
GetSystemMetrics
DrawTextW
GetDC
ReleaseDC
GetDesktopWindow
ChangeDisplaySettingsW
EnumDisplaySettingsW
SystemParametersInfoW
MonitorFromWindow
PostQuitMessage
RegisterClassExW
GetMessageW
GetMonitorInfoW
GetWindowThreadProcessId
SendMessageTimeoutW
PostMessageW
AttachThreadInput
GetDoubleClickTime
SetDoubleClickTime
GetFocus
GetKeyState
GetForegroundWindow
GetCursorPos
GetIconInfo
BlockInput
GetCursorInfo
GetAncestor
IsWindow
IsHungAppWindow
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
IsWindowVisible
IsIconic
IsZoomed
SetFocus
EnableWindow
IsWindowEnabled
SetForegroundWindow
SetWindowTextW
GetWindowTextA
GetClientRect
GetWindowRect
ClientToScreen
ScreenToClient
WindowFromPoint
FillRect
LoadCursorW
GetWindowLongW
GetWindow
GetClassNameA
SetWindowLongW
CreateWindowExW
SetTimer
EnumWindows
EnumChildWindows
BeginPaint
EndPaint
SetWindowRgn
GetWindowTextW
GetClassNameW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
DeleteDC
CreateSolidBrush
DeleteObject
GetDeviceCaps
GetTextExtentPoint32W
RoundRect
CreatePen
GetObjectW
LineTo
SetBkColor
GetObjectA
MoveToEx
GetDIBits
CreateEllipticRgn
CreateRoundRectRgn
GetStockObject
RealizePalette
SelectPalette
SelectObject
SetBkMode
SetTextColor
GetPixel
SetDIBColorTable
CreateDIBSection

advapi32

RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
CloseServiceHandle
InitiateSystemShutdownExW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListEx
SHFileOperationA
Shell_NotifyIconW
SHBrowseForFolderW
ShellExecuteW
SHGetKnownFolderPath

ole32

CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

ws2_32

getaddrinfo
freeaddrinfo

shlwapi

PathFileExistsW
PathFindExtensionW

urlmon

URLDownloadToFileW

winmm

timeGetTime

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipSaveAddImage
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSetPropertyItem
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipLoadImageFromFile
GdipGetImageEncoders
GdipDrawImageRectI

msimg32

TransparentBlt

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmDisableIME

powrprof

PowerGetActiveScheme
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerReadDCValue
PowerReadACValue
SetSuspendState
PowerSetActiveScheme

bcrypt

BCryptEncrypt
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptOpenAlgorithmProvider

dxgi

CreateDXGIFactory

iphlpapi

GetAdaptersAddresses

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7829cd8358f91f5bfca2c32d1080d9a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

urlmon

winmm

gdiplus

msimg32

dwmapi

imm32

powrprof

bcrypt

dxgi

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 20KB - Virtual size: 20KB

.upx0 Size: 2.2MB - Virtual size: 2.2MB

.upx1 Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 40KB - Virtual size: 40KB

.l1 Size: 18KB - Virtual size: 18KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 20KB - Virtual size: 20KB

.upx0
Size: 2.2MB - Virtual size: 2.2MB

.upx1
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 40KB - Virtual size: 40KB

.l1
Size: 18KB - Virtual size: 18KB