05c6d4d16d707c402906b8d3a8b6cf9b

Sharing

Copy URL Twitter E-mail

General

Target

05c6d4d16d707c402906b8d3a8b6cf9b
Size

280KB
MD5

05c6d4d16d707c402906b8d3a8b6cf9b
SHA1

fbb7d51713a44a659c0385ffffd672b3662496f8
SHA256

77ed0c1a7c1d60a35e79b8f3131834ae6b3adb288108b0369f9c5b27bbfe1438
SHA512

8c2cc54a771b9aaf927cbb2cf4bf9e60fc86d00c89c02bd45656129ddf1d36072383c82a1db8d6f7e34f5533c4abadc0b81539d24835cec67064d07942a42016
SSDEEP

6144:JPWkHwzU9qUTCmyQQEsC+SWQeOOSx6ceWkHwzU9qUTCmyQQEsC+SWQeOOSxKbi:JPWiUU9q1haeWiUU9q1hJi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05c6d4d16d707c402906b8d3a8b6cf9b

Files

05c6d4d16d707c402906b8d3a8b6cf9b
.dll regsvr32 windows:4 windows x86 arch:x86

07330a9a255edf34a0e5a88b1214ed28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
GetLastError
GetCurrentProcessId
ExitProcess
Sleep
GetFileAttributesA
CopyFileA
SetFileAttributesA
GetTempFileNameA
CreateMutexA
GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynA
GetCurrentProcess
GetWindowsDirectoryA
OpenProcess
TerminateProcess
DuplicateHandle
LocalFree
DeleteFileA
OpenMutexA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
HeapAlloc
HeapFree
GetTickCount
GetProcessHeap
lstrlenW
VirtualFreeEx
VirtualAllocEx
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
WriteProcessMemory
ResumeThread
FindResourceA
FreeResource
LoadResource
UpdateResourceA
SizeofResource
LockResource
BeginUpdateResourceA
LoadLibraryExA
EndUpdateResourceA
GetVolumeInformationA
Process32First
Process32Next
CreateToolhelp32Snapshot
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
CloseHandle
ReadFile
WriteFile
GetFileSize
CreateFileA
GetLocalTime
MultiByteToWideChar
GetSystemDirectoryA
InterlockedDecrement
WideCharToMultiByte
CreateRemoteThread
lstrlenA

user32

SetWindowPos
PostMessageA
DispatchMessageA
GetClassNameA
GetClientRect
GetWindowLongA
GetWindowTextA
RegisterWindowMessageA
wsprintfA
DestroyWindow
SetForegroundWindow
GetForegroundWindow
SetCursorPos
GetCursorPos
SetTimer
RegisterClassExA
KillTimer
FindWindowExA
UnhookWinEvent
CreateWindowExA
DefWindowProcA
GetDesktopWindow
EnumChildWindows
ShowWindow
IsWindow
GetWindowThreadProcessId
SetWinEventHook
TranslateMessage
SetWindowLongA
SendMessageTimeoutA
GetMessageA

advapi32

SetEntriesInAclA
GetTokenInformation
RegSetValueExA
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
SetSecurityInfo
AdjustTokenPrivileges
RegCloseKey
LookupAccountSidA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
OpenProcessToken

ole32

CoInitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoCreateInstance
OleInitialize
CoTaskMemFree
OleRun
CoCreateGuid
OleSetContainedObject
CoGetClassObject

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

SHDeleteKeyA

oleacc

ObjectFromLresult

msvcr80

_onexit
_lock
__dllonexit
_encode_pointer
_unlock
memmove
memcpy
srand
rand
_strlwr
_mbscmp
wcsstr
??_U@YAPAXI@Z
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
__CxxFrameHandler3
_CxxThrowException
memset
_decode_pointer
_beginthreadex
realloc
??2@YAPAXI@Z
??_V@YAXPAX@Z
strncpy
atoi
malloc
free
sscanf
sprintf
_mbslwr
strstr
??3@YAXPAX@Z

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07330a9a255edf34a0e5a88b1214ed28

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

oleacc

msvcr80

wininet

netapi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 1.7MB

.rsrc Size: 144KB - Virtual size: 142KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 1.7MB

.rsrc
Size: 144KB - Virtual size: 142KB

.reloc
Size: 12KB - Virtual size: 10KB