68b6903a83eebd93608c0fa3e7ea0366

Sharing

Copy URL

Twitter E-mail

General

Target

68b6903a83eebd93608c0fa3e7ea0366
Size

327KB
MD5

68b6903a83eebd93608c0fa3e7ea0366
SHA1

6d9b87661d4b970c8e963e008b2adf7f753dd922
SHA256

818c48f547c5cee6f63d30299c72d3e3aa1c9452088405e6d38c9816eed27c84
SHA512

81b4bf5f429c84464ff8a924704119d0b3a37690104a49922317db59d562f1bd84aee59d2f254abb7e1a5629edf6b2c0bc84687c353f72fc88e5e041a106c547
SSDEEP

6144:R60vBQcV0PPspp3Ke/QVCY9/Ob9ho+JVxfTPAKxu9755fu2v4ibqXtWXC19:R7A8TJPNPp84NibIt19

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

68b6903a83eebd93608c0fa3e7ea0366

resource
68b6903a83eebd93608c0fa3e7ea0366

Files

68b6903a83eebd93608c0fa3e7ea0366
.dll regsvr32 windows:4 windows x86 arch:x86

834bc3b20cb6ffaf57116eb1b62c459b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

fontsub

MergeFontPackage

kernel32

OpenMutexW
GetFileAttributesA
SetConsoleCursorPosition
FormatMessageA
LocalAlloc
GetExitCodeProcess
GetConsoleMode
FreeLibrary
CreateSemaphoreA
GetVersionExA
GetDiskFreeSpaceExA
LoadLibraryW
ResumeThread
EnterCriticalSection
InterlockedExchange
SetProcessAffinityMask
GetProcAddress
GetStdHandle
FindClose
WideCharToMultiByte
GetThreadContext
GetConsoleScreenBufferInfo
CreateProcessW
CreateThread
CreateMutexA
GetCurrentProcessId
ReleaseMutex
LeaveCriticalSection
GetCommandLineW
SetLastError
FindFirstFileW
GetFileType
LoadLibraryA
CloseHandle
FreeConsole
OpenMutexA
GetLastError
CreateEventA
DeleteCriticalSection
SetProcessWorkingSetSize
SetHandleInformation
GetTempFileNameW
WaitForSingleObject
AllocConsole
UnhandledExceptionFilter
FillConsoleOutputCharacterA
lstrlenA
ExpandEnvironmentStringsA
TerminateProcess
SetEvent
GetVersion
CreateMutexW
LocalFree
IsDebuggerPresent
GetModuleFileNameA
ExpandEnvironmentStringsW
CreateDirectoryW
lstrlenW
GetDriveTypeA
VirtualProtectEx
GetModuleFileNameW
GetLocalTime
RaiseException
OpenEventA
GetFullPathNameA
lstrcpynA
SetConsoleCtrlHandler
SetConsoleMode
OutputDebugStringA
WriteFile
CreateProcessA
GetTempPathW
GetCurrentProcess
CreateFileW
GetProcessHeap
GetFullPathNameW
GetPrivateProfileIntW
InitializeCriticalSection
FileTimeToLocalFileTime
VirtualAlloc
HeapAlloc
FlushFileBuffers
OpenThread
SetUnhandledExceptionFilter
lstrcatA
VirtualFree
GetModuleHandleA
GetComputerNameA
MultiByteToWideChar
GetPrivateProfileStringW
GetTickCount
WaitForMultipleObjects
InterlockedCompareExchange
GetStartupInfoA
SuspendThread
QueryPerformanceCounter
GetCurrentThreadId
lstrcpyA
DeleteFileW
GetCurrentThread
HeapFree
FillConsoleOutputAttribute
ReleaseSemaphore
SetConsoleTitleA
SetErrorMode
Sleep

Exports

Exports

DllCanUnloadNow
DllUnregisterServer
DllRegisterServer
DllGetClassObject

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

834bc3b20cb6ffaf57116eb1b62c459b

Headers

File Characteristics

Imports

fontsub

kernel32

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 202KB - Virtual size: 241KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 202KB - Virtual size: 241KB

.reloc
Size: 8KB - Virtual size: 8KB