043b0a73a0565de1e96a8016d7210d5d

Sharing

Copy URL Twitter E-mail

General

Target

043b0a73a0565de1e96a8016d7210d5d
Size

71KB
MD5

043b0a73a0565de1e96a8016d7210d5d
SHA1

d4298f215f980f30a23928c3fcede5f3c91f8c6e
SHA256

3c58dcaff19fee559a87e8aeaec3ba61ee03a66a9087717ddddb168e684f24ca
SHA512

27b6bf560f58f10573bf42b17fdf525d58ced2be9260294e5c10c297a4dab3ce952eabdae1b83503e00467b67a85d35a965c850b5176950f0528c37ee68b1158
SSDEEP

768:fly5TU8i7BvJXI2cCloU7QWo5kP7yJLH8Mi66tjBIR25s7vAUanWhmlbZ95MaXOg:ayNJXI2cC37QSedDi6krMaW696igdQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
043b0a73a0565de1e96a8016d7210d5d

Files

043b0a73a0565de1e96a8016d7210d5d
.dll windows:6 windows x86 arch:x86

56c93674f2bf3e6890cdb364912b83bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

bsearch
_wcsnicmp
_wcsicmp
wcsncmp
memcpy
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_CxxThrowException
_vsnwprintf

kernel32

MultiByteToWideChar
SearchPathW
FindResourceW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
FreeLibrary
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
FindResourceExW
LoadResource
LocalReAlloc
GetPrivateProfileStringA
lstrlenA
GetLastError
WideCharToMultiByte
ReadFile
GetFileAttributesW
HeapFree
LocalFree
GetProcessHeap
CompareStringW
HeapReAlloc
HeapAlloc
lstrlenW
GetPrivateProfileStringW
CloseHandle
LocalAlloc
GetFileSize
CreateFileW
SetLastError
WritePrivateProfileSectionW
WritePrivateProfileStringW
lstrcmpW
GetPrivateProfileSectionW
GetModuleFileNameW
GetVersionExW
DeleteCriticalSection
DeleteAtom
FindAtomA
InitializeCriticalSection
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalAlloc
AddAtomA
WriteFile
SetFilePointer
lstrcmpiW
InterlockedDecrement
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FormatMessageW
SetUnhandledExceptionFilter

user32

DrawTextW
SetWindowPos
CreateWindowExW
GetScrollInfo
GetDC
ReleaseDC
GetParent
GetWindowRect
GetWindowTextW
DialogBoxParamW
CallWindowProcW
GetDlgItem
EnableWindow
GetDlgItemTextW
MessageBoxW
SetDlgItemTextW
EndDialog
SetWindowTextW
SendMessageW
MoveWindow
DestroyWindow
LoadCursorW
RegisterClassA
CreateWindowExA
GetWindowLongW
DefWindowProcW
SetScrollPos
SetWindowLongW
GetClientRect
LoadStringW
SetScrollRange
ShowWindow
UnregisterClassA

gdi32

GetTextExtentPoint32W
SelectObject
DeleteObject
GetStockObject
GetTextMetricsW
CreateFontIndirectW
GetDeviceCaps

shlwapi

ord217
PathFindFileNameW
ord346
StrCmpW
StrRChrW
StrCSpnW
StrSpnW
StrCmpNW
StrDupW
StrToIntW
StrCmpIW

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringLen
SysAllocString

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

comctl32

ord16

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

mlang

ord113
ord112

Exports

Exports

AdmClose
AdmFinished
AdmInit
AdmReset
AdmSaveData
CheckDuplicateKeys
CreateAdmUi
DllMain
GetAdmCategories
GetFontInfo
IsAdmDirty
ResetAdmDirtyFlag

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56c93674f2bf3e6890cdb364912b83bd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

shlwapi

oleaut32

ole32

comctl32

advapi32

mlang

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 1024B - Virtual size: 53KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 53KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 6KB - Virtual size: 5KB