eb3227298b422e3c3ecfe91547628a7764979c90738bff01e637fd6c9abd99f0

Sharing

Copy URL Twitter E-mail

General

Target

eb3227298b422e3c3ecfe91547628a7764979c90738bff01e637fd6c9abd99f0
Size

219KB
MD5

018bf80bb9ad4431b449eab72faedf63
SHA1

34781163660defcbb4e54947fc720bb433f47b7d
SHA256

eb3227298b422e3c3ecfe91547628a7764979c90738bff01e637fd6c9abd99f0
SHA512

988401a15b6e0ec03ae69c7d74ca48d70fc9bb1bc93bab58d631475334ea98b6e6ca416afa12359614e8016bb00a0f813f469acf1fc40746f6f91c6e6e504d34
SSDEEP

6144:Ue4lQyhW0kc5sXZRei9xYiqNg1lASdAyRd:2dW+uXDr9xYBg0S2yRd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb3227298b422e3c3ecfe91547628a7764979c90738bff01e637fd6c9abd99f0

Files

eb3227298b422e3c3ecfe91547628a7764979c90738bff01e637fd6c9abd99f0
.dll regsvr32 windows:4 windows x86

250d9e812e12493a7b567c01ef7c9ebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

gdi32

CreateFontIndirectW
GetObjectW
GetStockObject
LineTo
MoveToEx
SelectObject
SetDCPenColor

kernel32

DisableThreadLibraryCalls
EnumResourceNamesW
FindResourceW
GetFileAttributesW
GetFullPathNameW
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetTickCount
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LoadLibraryW
LoadResource
MultiByteToWideChar
SizeofResource
Sleep
WideCharToMultiByte
lstrcmpW
lstrcmpiW
DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_lock
_strnicmp
_unlock
_vsnprintf
_wcsnicmp
atoi
isspace
memchr
memcmp
memcpy
strchr
strlen
strncmp
strstr
strtol
tolower
wcschr
wcsrchr
wcsstr
__p__iob
_iob
_strdup
abort
calloc
fputs
free
fwrite
getenv
vfprintf

ntdll

_snprintf
memmove
sprintf
strcmp
strcpy
strcspn

ole32

CoCreateInstance
OleCreate
OleInitialize
OleSetContainedObject
OleUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

PathCombineW

user32

BeginPaint
ClientToScreen
CreateWindowExW
DefWindowProcW
DestroyMenu
DestroyWindow
DispatchMessageW
EndPaint
FrameRect
GetClientRect
GetDesktopWindow
GetMessageW
GetParent
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextA
LoadBitmapW
LoadCursorW
LoadIconW
LoadMenuW
LoadStringW
MoveWindow
PostQuitMessage
RegisterClassExW
ReleaseCapture
SendMessageW
SetCapture
SetMenuItemInfoW
SetWindowLongW
SetWindowPos
ShowWindow
TrackPopupMenu
TranslateMessage
UpdateWindow
wsprintfW

Exports

Exports

DllGetClassObject
DllRegisterServer
DllUnregisterServer
HtmlHelpA
HtmlHelpW
doWinMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 292B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

250d9e812e12493a7b567c01ef7c9ebb

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

gdi32

kernel32

msvcrt

ntdll

ole32

oleaut32

shlwapi

user32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.data Size: 512B - Virtual size: 228B

.rodata Size: 512B - Virtual size: 40B

.rdata Size: 31KB - Virtual size: 31KB

.bss Size: - Virtual size: 292B

.edata Size: 46KB - Virtual size: 45KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 61KB - Virtual size: 60KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 71KB - Virtual size: 70KB

.data
Size: 512B - Virtual size: 228B

.rodata
Size: 512B - Virtual size: 40B

.rdata
Size: 31KB - Virtual size: 31KB

.bss
Size: - Virtual size: 292B

.edata
Size: 46KB - Virtual size: 45KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 61KB - Virtual size: 60KB

.reloc
Size: 3KB - Virtual size: 2KB