1b9aece93560d9adf5b0cca1472a9467

Sharing

Copy URL Twitter E-mail

General

Target

1b9aece93560d9adf5b0cca1472a9467
Size

326KB
MD5

1b9aece93560d9adf5b0cca1472a9467
SHA1

2680ccf29fad0aa186153d48ea72a829d63d2b3b
SHA256

4430dfeffeedd2730e21589ead98ba819e31e7981c6cea7c1a25a45c9b2f03c6
SHA512

bc7e6cdd125f1d78052051ece674c68b9973e46419d80407e3dfd484de2c6a2107cb610832fdc904747e2d05233b58c4b1aff2df7c58b7af3e72723a6ecf54f5
SSDEEP

6144://gb+6FCmEmTxZsAjBJtohXNGXdcfMivZYcdwIKj:w7FCGTonGYMGZYc9Kj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b9aece93560d9adf5b0cca1472a9467

Files

1b9aece93560d9adf5b0cca1472a9467
.dll windows:6 windows x86 arch:x86

c40eae3545bf6f52ca343b069fb19b3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_unlock
__dllonexit
_lock
_onexit
bsearch
_vsnwprintf
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_vsnprintf
wcsncmp
_XcptFilter
_wcsicmp
_wcsnicmp
wcschr
memcpy
memset

ntdll

RtlUnwind

ieframe

ord159
ord163

gdi32

GetDeviceCaps

kernel32

ExpandEnvironmentStringsA
LoadResource
FindResourceExW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW
GetModuleHandleW
CreateActCtxW
ReleaseActCtx
LoadLibraryExW
Sleep
SystemTimeToFileTime
GetSystemTime
lstrlenW
MultiByteToWideChar
FormatMessageW
LocalFree
LocalAlloc
lstrlenA
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetProcAddress
LoadLibraryW
FreeLibrary
LocalReAlloc
GetUserDefaultLCID
CopyFileW
GlobalUnlock
GlobalLock
FileTimeToSystemTime
GetLocaleInfoW
GetTickCount
FormatMessageA
GetACP
LocalFileTimeToFileTime
CompareStringA
SetLastError
GetLastError
CloseHandle
CreateFileW
lstrcmpiA
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
GetSystemTimeAsFileTime
LoadLibraryA
ActivateActCtx
GetDateFormatW
GetWindowsDirectoryW
GetModuleFileNameW
GetVersionExW
DisableThreadLibraryCalls
lstrcmpA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
InterlockedExchange
GetTimeFormatW
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeactivateActCtx
RaiseException
GetPrivateProfileStringW
GetPrivateProfileStringA
lstrcmpW

user32

IsWindow
LoadStringW
LoadStringA
SendMessageW
PostMessageW
FindWindowW
GetWindowTextW
MessageBoxW
GetClientRect
GetSysColor
GetMenuItemCount
GetMenuItemInfoW
CreatePopupMenu
GetSubMenu
RemoveMenu
PeekMessageW
DispatchMessageW
GetPropW
SetPropW
RemovePropW
GetForegroundWindow
CheckDlgButton
GetParent
CheckRadioButton
EnableMenuItem
SetMenuDefaultItem
LoadIconW
GetDlgItemTextW
GetDlgItemInt
SendDlgItemMessageW
SetDlgItemInt
GetSystemMetrics
DestroyIcon
LoadImageW
LoadCursorW
SetCursor
LoadMenuW
DestroyMenu
RegisterClipboardFormatW
RegisterClassW
DefWindowProcW
EndDialog
SetWindowLongW
SetDlgItemTextW
ShowWindow
MessageBeep
GetDesktopWindow
SetDlgItemTextA
DialogBoxParamW
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
GetDlgItem
EnableWindow
CreateWindowExW
MessageBoxIndirectW
GetWindowLongW
IsDlgButtonChecked
KillTimer
SetTimer
RegisterWindowMessageW
DestroyWindow

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

shlwapi

StrSpnA
SHGetValueW
StrChrW
SHRegGetValueW
SHDeleteKeyW
StrCmpIW
ord158
StrCmpW
StrDupW
StrRChrW
ord15
PathFindFileNameW
PathCombineW
PathIsDirectoryW
ord215
StrCmpNIW
PathFindExtensionW
PathIsURLW
ord219
ord217
SHStrDupW
StrFormatByteSizeW
PathRemoveBlanksW
StrTrimW
UrlCompareW
ord354
SHEnumValueW
PathAppendW
PathStripPathW
ord388
ord346
UrlCombineW
StrCSpnA

iertutil

ord9
ord78
ord75
ord85
ord81

mlang

ord113

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c40eae3545bf6f52ca343b069fb19b3f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

ieframe

gdi32

kernel32

user32

advapi32

shlwapi

iertutil

mlang

Exports

Exports

Sections

.text Size: 165KB - Virtual size: 164KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 165KB - Virtual size: 164KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 8KB - Virtual size: 8KB