04df299104fe53b638fb58107d27782b

Sharing

Copy URL Twitter E-mail

General

Target

04df299104fe53b638fb58107d27782b
Size

88KB
MD5

04df299104fe53b638fb58107d27782b
SHA1

624e1ee04e3604a13682f838ab4120f8d075d5dd
SHA256

a09e4b49cc0f1bb0c62e64b4cd903856a5afe5cefe976288a1bac7c0ef8e0ffb
SHA512

aad5e60fc00dbf565213fa56a0d1116ccb599cf26ee0a4fff8eada0667756a3da5b22713cc0795e55fc8632420bd5d27a1070d0c9e5d66ad9a53396bf315e542
SSDEEP

1536:9RVcHcnXH/oXbtuK9If1La7r7KYd3qrJI7LPVbyMnD41xOCH6:+HiXubEBfY7r7Kw3qrJI7LNvCVH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04df299104fe53b638fb58107d27782b

Files

04df299104fe53b638fb58107d27782b
.dll regsvr32 windows:4 windows x86 arch:x86

742ba446bf4692ab50225739849c4982

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueA
SHGetValueA
SHDeleteValueA
StrStrIA
SHSetValueW
PathFileExistsA
SHGetValueW
SHDeleteKeyA

kernel32

GetModuleHandleA
lstrcatA
lstrcpyA
GetTempFileNameA
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
ReadFile
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
GetACP
GetCurrentProcess
CreateThread
SetEvent
WriteFile
WaitForMultipleObjects
ResetEvent
CreateEventA
MoveFileExA
CopyFileA
CreateDirectoryA
GetEnvironmentVariableA
LoadLibraryExA
SetErrorMode
LockResource
SizeofResource
LoadResource
FindResourceA
lstrlenA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
HeapDestroy
GetShortPathNameA
lstrlenW
CloseHandle
GetLastError
CreateMutexA
GetTickCount
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetExitCodeThread
WaitForSingleObject
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
WinExec
LocalFree
InterlockedDecrement
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection

user32

SetWindowLongA
SetWindowLongW
IsWindowUnicode
CallWindowProcA
CallWindowProcW
IsWindow
GetAncestor
GetCapture
GetDC
GetMessagePos
GetSysColor
ReleaseDC
SetCapture
ReleaseCapture
LoadCursorA
SetCursor
BeginPaint
GetWindowTextA
GetClientRect
DrawTextA
EndPaint
GetDesktopWindow
ExitWindowsEx
SetDlgItemTextA
KillTimer
RemovePropA
GetDlgItem
EnableWindow
GetPropA
InvalidateRect
CheckDlgButton
IsDlgButtonChecked
EndDialog
SetPropA
GetWindowRect
ScreenToClient
SetTimer
SetWindowTextA
LoadStringA
DialogBoxParamA
SendMessageA
GetForegroundWindow
FindWindowA
SetForegroundWindow
ShowWindow
FindWindowExA
PostMessageA
wsprintfA

gdi32

GetObjectA
GetPixel
SelectObject
SetTextColor
GetNearestColor
SetBkColor
DeleteDC
CreateBitmap
BitBlt
Rectangle
CreateSolidBrush
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
DeleteObject
CreateFontIndirectA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteA

ole32

CoTaskMemFree
StringFromCLSID
OleUninitialize
OleInitialize
CoCreateInstance
StringFromIID
CoGetMalloc

oleaut32

SysStringLen
LoadRegTypeLi
VariantClear
SysAllocString
SysFreeString
LoadTypeLi
RegisterTypeLi

urlmon

URLDownloadToFileA

msvcrt

sprintf
strncpy
strstr
_except_handler3
strchr
strrchr
sscanf
strcmp
free
__CxxFrameHandler
_beginthreadex
malloc
_mbsstr
strcpy
memset
strlen
_snprintf
time
wcslen
??2@YAPAXI@Z
memcpy
_purecall
memcmp
fprintf
fseek
fopen
strcat
_ftol
memmove
atol
_mbscmp
_mbsnbcpy
_mbsnbcmp
_strnicmp
fgets
rewind
_CxxThrowException
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
fclose
_stricmp
_itoa

wininet

InternetGetConnectedState
InternetCrackUrlA
HttpQueryInfoA
InternetSetStatusCallback
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

Action
ActionEx
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IShareO
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

742ba446bf4692ab50225739849c4982

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

msvcrt

wininet

setupapi

version

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 5KB

.IShareO Size: 4KB - Virtual size: 4B

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 5KB

.IShareO
Size: 4KB - Virtual size: 4B

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 3KB