c5ff36082810732395c07ac9cbdb36978680a14902c4771a19b1b05c081d3baf

Sharing

Copy URL

Twitter E-mail

General

Target

c5ff36082810732395c07ac9cbdb36978680a14902c4771a19b1b05c081d3baf
Size

3.2MB
MD5

3565d83491fa1a9c0ba12612cda01119
SHA1

2a0c26a1a074e18f604c5b5a980c6986807737ae
SHA256

c5ff36082810732395c07ac9cbdb36978680a14902c4771a19b1b05c081d3baf
SHA512

67cf4bee0e1986dc1bfc150e9249f90a0d927e33f9062b098085db0dba1d83c909203d4bc67f46ebaf0df6b9e0909afb91050b0040e7811dae9826b5771acb21
SSDEEP

49152:9trJyBbgrefAORYKdcF80kBDLrjl4m0iiLeM4Kn674jnPqyzzK8kL2PRBA/:9trQBLYO9dcmDLrjlC5747dyq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5ff36082810732395c07ac9cbdb36978680a14902c4771a19b1b05c081d3baf

Files

c5ff36082810732395c07ac9cbdb36978680a14902c4771a19b1b05c081d3baf
.dll regsvr32 windows:6 windows x86 arch:x86

bdd8bff0331c5fae8ca00f1769c5020b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
shutdown
socket
setsockopt
connect
closesocket
send
WSAStartup
WSASetLastError
getservbyname
recv
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
gethostbyname
select
ntohs
getsockopt
ioctlsocket

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalFree
FormatMessageA
GetCurrentThreadId
GetTickCount
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
TerminateThread
VerifyVersionInfoW
DeleteFileW
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
GetSystemTime
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
RaiseException
GetTempPathA
Sleep
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
VirtualLock
VirtualUnlock
MoveFileExW
GetEnvironmentVariableW
VirtualFree
GetFileType
GetStdHandle
GetModuleHandleExW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetFileSizeEx
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetModuleHandleW
LoadLibraryW
LoadLibraryExW
GetProcAddress
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindNextFileW
FindFirstFileW
FindClose
GetACP
GetSystemDirectoryA
GetModuleFileNameW
FreeLibrary
GetLastError
FileTimeToSystemTime
GetSystemTimeAsFileTime
FormatMessageW
InitOnceBeginInitialize
InitOnceComplete
IsDebuggerPresent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead

user32

GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

ole32

CoInitialize
CoUninitialize

msvcp140

?_Xlength_error@std@@YAXPBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Thrd_detach
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??Bid@locale@std@@QAEIXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Query_perf_frequency
_Query_perf_counter
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z

shlwapi

PathIsRelativeW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

vcruntime140

__std_exception_destroy
_CxxThrowException
__std_exception_copy
__std_terminate
__CxxFrameHandler3
memset
memcpy
memmove
memchr
_purecall
strchr
strrchr
strstr
wcsstr
__std_type_info_compare
_except_handler4_common
__current_exception
__current_exception_context
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

signal
_initterm_e
abort
_invalid_parameter_noinfo_noreturn
terminate
_crt_atexit
_initialize_narrow_environment
_execute_onexit_table
_beginthreadex
_initterm
_invalid_parameter_noinfo
raise
_exit
strerror_s
_cexit
_configure_narrow_argv
_seh_filter_dll
_endthreadex
_wassert
_errno
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

strtod
atoi
strtol
strtoull
wcstol
strtoll
strtoul

api-ms-win-crt-stdio-l1-1-0

_setmode
setvbuf
fputs
fseek
_fileno
fflush
feof
__stdio_common_vfprintf
fclose
fopen_s
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
fgets
ferror
fwrite
ftell
fread
fopen
_wfopen

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_dsign
_dclass
ceil

api-ms-win-crt-string-l1-1-0

strncmp
strnlen
strspn
wcsnlen
isspace
wmemcpy_s
strncpy
strcmp
tolower
isdigit
strcpy_s
strcat_s
strncpy_s
strcspn

api-ms-win-crt-heap-l1-1-0

free
malloc
_msize
realloc
calloc
_recalloc
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_gmtime64_s
strftime
_localtime64_s
_time64

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore
CertOpenStore

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptAcquireContextW
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

bcrypt

BCryptGenRandom

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdd8bff0331c5fae8ca00f1769c5020b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

ole32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

crypt32

advapi32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

bcrypt

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 618KB - Virtual size: 618KB

.data Size: 25KB - Virtual size: 42KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 115KB - Virtual size: 114KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 618KB - Virtual size: 618KB

.data
Size: 25KB - Virtual size: 42KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 115KB - Virtual size: 114KB