141fd6bfb96bf411a97f8ec5b16401bb

Sharing

Copy URL Twitter E-mail

General

Target

141fd6bfb96bf411a97f8ec5b16401bb
Size

168KB
MD5

141fd6bfb96bf411a97f8ec5b16401bb
SHA1

c57d35e970bf9a4d92303a2eeeda6bf156b0b014
SHA256

cb8424aec8e4ab5d1b15a40033b9807d5a6c5900d3098cdf49611f2d8ae27c76
SHA512

cdb7ec8f102da04efdaed932c2329d6a6c7a85217eb6cec4dbb12c09acc9fba41d33830c6c1c49afc1616a34f81288bdb08f2bc4a9f13e5a246dc9808df2f8b4
SSDEEP

3072:/dUI5OGny5eNbi5jXKgwuz6SRRJ/l7yAe:/Vy5qALVwu+IUL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
141fd6bfb96bf411a97f8ec5b16401bb

Files

141fd6bfb96bf411a97f8ec5b16401bb
.dll regsvr32 windows:4 windows x86 arch:x86

dd2c6b64a6728c22e9aceefb9e31b32a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SendMessageA
wvsprintfA
wsprintfA
CharNextA
CharLowerA

urlmon

URLDownloadToCacheFileA

advapi32

RegDeleteValueA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

kernel32

GetACP
GetOEMCP
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
CloseHandle
SetEvent
OpenEventA
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
WaitForSingleObject
OpenMutexA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
CreateThread
HeapAlloc
GetProcessHeap
GetLastError
VirtualQuery
CreateProcessA
CreateProcessW
GetLongPathNameW
GetVersionExA
HeapFree
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetFileSize
GetFileTime
CreateFileA
lstrcpyA
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CopyFileA
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
SetFilePointer
OutputDebugStringA
WriteFile
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
RaiseException
GetSystemInfo
FileTimeToDosDateTime
FileTimeToLocalFileTime
GlobalMemoryStatus
GetSystemTimeAsFileTime
IsBadReadPtr
DeleteFileA
ReadFile
GetLocaleInfoA
GetTimeZoneInformation
GetModuleHandleA
FindClose
FindFirstFileA
GetWindowsDirectoryA
SetFileAttributesA
SetEnvironmentVariableA
GetVolumeInformationA
TerminateProcess
GetCPInfo
IsBadCodePtr
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
HeapSize
ExitProcess
GetVersion
GetCommandLineA
HeapReAlloc
GetLocalTime
GetSystemTime
RtlUnwind
InterlockedExchange
Sleep

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreate
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
VariantInit
SysAllocString
VariantClear
VariantChangeType
LoadRegTypeLi
SafeArrayUnaccessData

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlA
InternetReadFile
InternetGetConnectedState
DeleteUrlCacheEntry
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd2c6b64a6728c22e9aceefb9e31b32a

Headers

File Characteristics

Imports

user32

urlmon

advapi32

kernel32

ole32

oleaut32

version

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 20KB - Virtual size: 90KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 20KB - Virtual size: 90KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 8KB