072c1e00a3ae680ec1e5cb5cd6a35e8423d262b017fdf48dc4fdc870f2e3874b

Sharing

Copy URL

Twitter E-mail

General

Target

072c1e00a3ae680ec1e5cb5cd6a35e8423d262b017fdf48dc4fdc870f2e3874b
Size

851KB
MD5

e0dffebfd885ac2cf98e6778dac3935b
SHA1

4d18b68c1ff627998972a7e894392d61667cf404
SHA256

072c1e00a3ae680ec1e5cb5cd6a35e8423d262b017fdf48dc4fdc870f2e3874b
SHA512

924f5fc8c72b6a9c8e374a084e3acf10d32475519ef48ec09dec32125499cc58064d730c0698eda478771c9a694bd4bc087276bfa3c29c509669619a230a54e2
SSDEEP

12288:ALiFIfxkLWN38v0xJr61LsnJ6PilJGWt/1Vcsu8IsHJhYau5C:ALimfy48c/15LTTYF5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072c1e00a3ae680ec1e5cb5cd6a35e8423d262b017fdf48dc4fdc870f2e3874b

Files

072c1e00a3ae680ec1e5cb5cd6a35e8423d262b017fdf48dc4fdc870f2e3874b
.dll regsvr32 windows:4 windows x86 arch:x86

b9d826eb3ceb05ff3462a6a9c48a0f01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetSetOptionW
InternetReadFile
InternetCloseHandle
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetOpenUrlA
InternetSetOptionA
InternetQueryOptionW
HttpQueryInfoW
InternetGetCookieW
InternetOpenUrlW

kernel32

FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
GetVersionExW
GlobalUnlock
GlobalLock
WaitForSingleObject
OpenMutexW
CloseHandle
CreateMutexW
Sleep
GetCurrentProcessId
GetLocalTime
GetTickCount
SetLastError
FileTimeToSystemTime
GetPrivateProfileIntW
WritePrivateProfileStringW
SystemTimeToTzSpecificLocalTime
GetSystemDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ResumeThread
GetCurrentThreadId
CreateDirectoryW
GetDriveTypeW
DeleteFileW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
CreateEventW
SetEvent
ResetEvent
GetPrivateProfileStringW
GetProcAddress
LoadLibraryW
GetCurrentProcess
GetProcessHeap
GetSystemInfo
QueryPerformanceCounter
HeapFree
HeapAlloc
SetPriorityClass
GetTempFileNameW
GetLongPathNameW
CreateFileW
MoveFileW
GetTempPathW
DeviceIoControl
GetWindowsDirectoryW
GetFullPathNameW
SetFileTime
InterlockedDecrement
ExpandEnvironmentStringsW
TerminateProcess
LoadResource
CreateProcessW
FindClose
FindFirstFileW
WideCharToMultiByte
UnmapViewOfFile
LocalFree
GetLogicalDriveStringsW
GetVolumeInformationW
GetDiskFreeSpaceW
ExitThread
WaitForMultipleObjects
ReadFile
GetFileTime
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
ReleaseSemaphore
CreateSemaphoreW
GetModuleHandleA
LocalAlloc
CreateProcessA
lstrcmpW
VerifyVersionInfoW
VerSetConditionMask
FreeEnvironmentStringsA
OutputDebugStringW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
CreateThread
GetVersionExA
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
HeapSize
SizeofResource
MultiByteToWideChar
FreeLibrary
GetStringTypeW
GetStringTypeA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetHandleCount
GetFileType
GetStartupInfoA
lstrcmpA

user32

GetActiveWindow
GetSystemMetrics
DrawIconEx
InsertMenuW
InsertMenuItemW
DestroyIcon
LoadBitmapW
LoadImageW
CharNextW
UnregisterClassA

gdi32

DeleteObject

advapi32

RegEnumKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW

shell32

SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
DragQueryFileW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
ReleaseStgMedium

oleaut32

VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 636KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9d826eb3ceb05ff3462a6a9c48a0f01

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 636KB - Virtual size: 634KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 40KB - Virtual size: 38KB

.reloc Size: 52KB - Virtual size: 48KB

.text
Size: 636KB - Virtual size: 634KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 40KB - Virtual size: 38KB

.reloc
Size: 52KB - Virtual size: 48KB