04dfb55696255f887534100d71726968

Sharing

Copy URL Twitter E-mail

General

Target

04dfb55696255f887534100d71726968
Size

64KB
MD5

04dfb55696255f887534100d71726968
SHA1

c93353a199313b721e1de5b01d3bf39eee66b165
SHA256

b9641e9fce4abb728fc760b631ae8daee69486fa8e3bb78c209531b8bedddfc2
SHA512

c795a1b49757b8a5cf1cb6a43fc07bba4fde72f16c9e6b4c366f528f6fbe13ba28020bc1bcd33710d237fceefd0d7971ad189729c77730f945f85b597ce38fe4
SSDEEP

768:ReAZ8CqYHSwrED3RH4r1Tw8VuDrPvVF+J0coKknrjGn0gM+lhYBixs4:PcJDiRTw7ntMAwlhYBixs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04dfb55696255f887534100d71726968

Files

04dfb55696255f887534100d71726968
.dll regsvr32 windows:4 windows x86 arch:x86

f3c24e3054d707215ce720d28c28555c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
EnumChildWindows
RealGetWindowClassA
GetWindowTextA
GetWindowThreadProcessId
SetWindowLongW
CallWindowProcW
CallWindowProcA
SetWindowLongA
SendMessageA
GetForegroundWindow
GetWindow
CharNextA

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

kernel32

lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
lstrcatA
lstrcpyA
GetProcAddress
LoadLibraryA
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
CreateThread
lstrcmpiA
GetCurrentProcessId
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
CloseHandle
CreateProcessA
ReadFile
CreateFileA
GetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
SystemTimeToFileTime
GetLocalTime
lstrcmpA
GetCommandLineA
GetVersion
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
SetUnhandledExceptionFilter

shlwapi

StrStrIA
StrStrA

ole32

CoCreateInstance

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3c24e3054d707215ce720d28c28555c

Headers

File Characteristics

Imports

user32

oleaut32

kernel32

shlwapi

ole32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB