0765a47de00cb1a3c7f80b213f9aa9b8

Sharing

Copy URL Twitter E-mail

General

Target

0765a47de00cb1a3c7f80b213f9aa9b8
Size

244KB
MD5

0765a47de00cb1a3c7f80b213f9aa9b8
SHA1

e23b7f1111bc4856dbc4f52f91f2e9977b5986f1
SHA256

43faa6c7eeb8d7a4f33ccad7856844f7b9c5ce5ead8eafc59e20fd9022312726
SHA512

2402d9e8668abd856778aeb22c53c4ccd8c5b918c2424b8c66e24258786751ebdc8a6aabe98769d77829ace7d6ef0220d5e1427cd16bc5890a4f86201853c6ac
SSDEEP

1536:dY0yRLWrpiGIEkuBPCqKnqWRj1fbJzWg6V1GZ0bE2zSQexrfd8+2VEpBvL:2RLWrgGt/PCPZ1fbJzJ0Q0pzUZdJBD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0765a47de00cb1a3c7f80b213f9aa9b8

Files

0765a47de00cb1a3c7f80b213f9aa9b8
.dll regsvr32 windows:6 windows x86 arch:x86

0e5ba7e5edab4cfa30d2343d811ec82a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

msvcrt

??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_CxxThrowException
_callnewh
_errno
free
_XcptFilter
_initterm
_amsg_exit
realloc
_unlock
__dllonexit
_lock
_onexit
memcpy
??1type_info@@UAE@XZ
_vsnprintf
fwscanf
_wcsicmp
_purecall
memset
_wfopen
fclose
_vsnwprintf
fwprintf
__wcserror
_resetstkoflw
calloc
malloc

ntdll

RtlUnwind

kernel32

WriteFile
GetDateFormatA
GetSystemTime
SetFilePointer
CreateFileW
GetTimeFormatA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
InterlockedCompareExchange
Sleep
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryExW
LoadLibraryW
GetFileAttributesW
CopyFileW
FindResourceExA
LockResource
CloseHandle
GetVersionExA
GetThreadLocale
SetThreadLocale
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
lstrlenW
lstrcmpiA
lstrlenA
LocalFree
LocalAlloc

advapi32

RegDeleteValueA
RegOpenKeyExW
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExW

ole32

StringFromCLSID
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantInit
SysFreeString
GetErrorInfo

user32

CharNextA
UnregisterClassA
LoadStringW

shell32

SHGetFileInfoA
SHFileOperationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 234KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e5ba7e5edab4cfa30d2343d811ec82a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

ole32

oleaut32

user32

shell32

Exports

Exports

Sections

.text Size: 234KB - Virtual size: 235KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 234KB - Virtual size: 235KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB