046a1ecb0565965464c5abbd3d7decde

Sharing

Copy URL Twitter E-mail

General

Target

046a1ecb0565965464c5abbd3d7decde
Size

69KB
MD5

046a1ecb0565965464c5abbd3d7decde
SHA1

0a477feb45d3f703d64ed261611a4f02ce2ce77f
SHA256

3c4c24895f5a63d3eeeb89158ce5f76ad4cebdd24d0e002c2afb7f4020cf6df1
SHA512

c5a3f2ebdc8c167968d515acf3daf27fef9475204c97d145e5c6663dac03a0cedfeec384e2b882ee72b36d9c30f68a9d62559761a9c9c191453be828585652f0
SSDEEP

1536:QLn7xo6tyOSplO3Qr1m/pKvlANDqYRcj/lz2Fz:QLnV9tyOT301aKtecj/lz2Fz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
046a1ecb0565965464c5abbd3d7decde

Files

046a1ecb0565965464c5abbd3d7decde
.dll regsvr32 windows:5 windows x86 arch:x86

0f6924e350c6927f2e1ead8b3c6f9c05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
SetEvent
MulDiv
CreateThread
DuplicateHandle
QueueUserAPC
CreateSemaphoreW
QueryPerformanceCounter
ResetEvent
lstrcmpW
CreateEventW
DisableThreadLibraryCalls
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
GetCurrentThread
lstrcpynW
GetModuleFileNameW
lstrlenW
lstrcatW
HeapDestroy
WaitForSingleObject
GetCurrentProcess
CloseHandle
GetCurrentThreadId
lstrlenA
MultiByteToWideChar
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
lstrcpyW
ReleaseSemaphore

user32

CharNextW
wsprintfW
IsRectEmpty

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VariantInit
SysStringLen
SysFreeString
VariantClear
SysAllocString
VariantChangeType
VarI4FromStr
LoadTypeLi
RegisterTypeLi
SetErrorInfo
LoadRegTypeLi
SysAllocStringLen

ddraw

DirectDrawCreate

msvcrt

_adjust_fdiv
_initterm
_purecall
free
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
malloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f6924e350c6927f2e1ead8b3c6f9c05

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ddraw

msvcrt

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.data Size: 512B - Virtual size: 500B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.data
Size: 512B - Virtual size: 500B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB