18c263d3dc3ce57743582325059cbe29

Sharing

Copy URL Twitter E-mail

General

Target

18c263d3dc3ce57743582325059cbe29
Size

500KB
MD5

18c263d3dc3ce57743582325059cbe29
SHA1

37ab65d9fffda5956cfcdf1281318986aee18898
SHA256

cb60b4e7865d5a3c46bebd7ee87f70d92c7fda4ec2574cfe95df85dd9f18360e
SHA512

000867577a1ec9c0fe91617215b686d76265f05b0f311cfd1287cde41b910bb94da94667d17871aa2de54f4a9373f27c97aa05bb79b3b2faea2222d4ea5a039c
SSDEEP

6144:1Il2baAIdfQMss79EpIkLawaeuUF84xeMlVcG2KdC8k/XxXXE6YN:uVMspEGwaoVcG2uCH/XGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18c263d3dc3ce57743582325059cbe29

Files

18c263d3dc3ce57743582325059cbe29
.dll regsvr32 windows:6 windows x86 arch:x86

d1781b2d33e1ba223662766b0ef30fbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

ungetc
_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
wcstombs
free
memcpy
??3@YAXPAX@Z
realloc
_wcsdup
memset
??2@YAPAXI@Z
memmove
wcsncmp
wcschr
ferror
wctomb
_itoa
_snprintf
localeconv
isxdigit
isleadbyte
mbtowc
calloc
iswctype
_onexit
_lock
__dllonexit
_unlock
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_iob
__mb_cur_max
_errno
_isnan
_ftime
fmod
atan2
pow
tan
sqrt
sin
log
exp
cos
atan
asin
acos
bsearch
_ismbblead
_wcslwr
isalpha
isdigit
_wasctime
ceil
_tzset
localtime
floor
_CIfmod
_vsnwprintf
iswxdigit
wcsstr
_CIlog
towlower
atoi
wcscspn
_statusfp
_clearfp
strrchr
_ultow
_ltow
longjmp
strtoul
_wcsicmp
_control87
_purecall
_setjmp3
_wcsnicmp
malloc

oleaut32

VariantChangeTypeEx
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
CreateTypeLi
SafeArrayRedim
LoadTypeLibEx
GetActiveObject
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString
CreateTypeLib2
LoadRegTypeLi
VariantCopy
VariantCopyInd
SysStringByteLen
SysStringLen
SysAllocStringByteLen
VariantInit
SafeArrayDestroy
SafeArrayCreate
GetErrorInfo
LoadTypeLi

ole32

CreateBindCtx
MkParseDisplayName
BindMoniker
CLSIDFromString
StringFromCLSID
CLSIDFromProgID
CoGetClassObject
CoTaskMemFree
CoCreateInstance

advapi32

RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegSetValueA
RegQueryValueExA
RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW

kernel32

FindResourceExW
LoadLibraryExW
MapViewOfFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetNumberFormatW
GetNumberFormatA
GetTimeFormatW
GetTimeFormatA
GetDateFormatW
GetDateFormatA
GetLocaleInfoW
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetLastError
GetVersion
MulDiv
GetSystemTime
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GetComputerNameA
MultiByteToWideChar
GetProcAddress
TlsSetValue
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
FreeLibrary
TlsFree
TlsAlloc
GetVersionExA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
GetModuleFileNameW
GetACP
GetSystemDefaultLCID
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetUserDefaultLCID
GetCurrentThreadId
InterlockedExchange
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
CreateFileMappingW
CreateFileW
GetVersionExW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
GetTimeZoneInformation
SearchPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1781b2d33e1ba223662766b0ef30fbb

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

ole32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 424KB - Virtual size: 423KB

.data Size: 20KB - Virtual size: 17KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 424KB - Virtual size: 423KB

.data
Size: 20KB - Virtual size: 17KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 20KB - Virtual size: 16KB