8635f01a85a808eb91d5021a0d35310f

Sharing

Copy URL

Twitter E-mail

General

Target

8635f01a85a808eb91d5021a0d35310f
Size

327KB
MD5

8635f01a85a808eb91d5021a0d35310f
SHA1

a47c97327bc124b65de4cd080968888f09a41352
SHA256

a846cc8bc2c20dac4e2d96c8f7529d012c725d8ba80651696c9c6a56445a2c39
SHA512

53f0c2a21b3b854b56253d4932964d7e369f6f1868e14bfc4e47c6fa2e2795468ffb17c6c4d41295d327eb2d4a13178ca4c064ef5132be79e6a4e5a7a5aa1b95
SSDEEP

6144:R60vBQcV0PPspp3Ke/QVCY9/Ob9ho+JVxfTPAKxu9755fu2v4ibqXtWXC11:R7A8TJPNPp84NibIt11

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

8635f01a85a808eb91d5021a0d35310f

resource
8635f01a85a808eb91d5021a0d35310f

Files

8635f01a85a808eb91d5021a0d35310f
.dll regsvr32 windows:4 windows x86 arch:x86

834bc3b20cb6ffaf57116eb1b62c459b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

fontsub

MergeFontPackage

kernel32

OpenMutexW
GetFileAttributesA
SetConsoleCursorPosition
FormatMessageA
LocalAlloc
GetExitCodeProcess
GetConsoleMode
FreeLibrary
CreateSemaphoreA
GetVersionExA
GetDiskFreeSpaceExA
LoadLibraryW
ResumeThread
EnterCriticalSection
InterlockedExchange
SetProcessAffinityMask
GetProcAddress
GetStdHandle
FindClose
WideCharToMultiByte
GetThreadContext
GetConsoleScreenBufferInfo
CreateProcessW
CreateThread
CreateMutexA
GetCurrentProcessId
ReleaseMutex
LeaveCriticalSection
GetCommandLineW
SetLastError
FindFirstFileW
GetFileType
LoadLibraryA
CloseHandle
FreeConsole
OpenMutexA
GetLastError
CreateEventA
DeleteCriticalSection
SetProcessWorkingSetSize
SetHandleInformation
GetTempFileNameW
WaitForSingleObject
AllocConsole
UnhandledExceptionFilter
FillConsoleOutputCharacterA
lstrlenA
ExpandEnvironmentStringsA
TerminateProcess
SetEvent
GetVersion
CreateMutexW
LocalFree
IsDebuggerPresent
GetModuleFileNameA
ExpandEnvironmentStringsW
CreateDirectoryW
lstrlenW
GetDriveTypeA
VirtualProtectEx
GetModuleFileNameW
GetLocalTime
RaiseException
OpenEventA
GetFullPathNameA
lstrcpynA
SetConsoleCtrlHandler
SetConsoleMode
OutputDebugStringA
WriteFile
CreateProcessA
GetTempPathW
GetCurrentProcess
CreateFileW
GetProcessHeap
GetFullPathNameW
GetPrivateProfileIntW
InitializeCriticalSection
FileTimeToLocalFileTime
VirtualAlloc
HeapAlloc
FlushFileBuffers
OpenThread
SetUnhandledExceptionFilter
lstrcatA
VirtualFree
GetModuleHandleA
GetComputerNameA
MultiByteToWideChar
GetPrivateProfileStringW
GetTickCount
WaitForMultipleObjects
InterlockedCompareExchange
GetStartupInfoA
SuspendThread
QueryPerformanceCounter
GetCurrentThreadId
lstrcpyA
DeleteFileW
GetCurrentThread
HeapFree
FillConsoleOutputAttribute
ReleaseSemaphore
SetConsoleTitleA
SetErrorMode
Sleep

Exports

Exports

DllCanUnloadNow
DllUnregisterServer
DllRegisterServer
DllGetClassObject

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

834bc3b20cb6ffaf57116eb1b62c459b

Headers

File Characteristics

Imports

fontsub

kernel32

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 202KB - Virtual size: 241KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 202KB - Virtual size: 241KB

.reloc
Size: 8KB - Virtual size: 8KB