23d635ca9e45243b20eda5321d9adac5

Sharing

Copy URL Twitter E-mail

General

Target

23d635ca9e45243b20eda5321d9adac5
Size

136KB
MD5

23d635ca9e45243b20eda5321d9adac5
SHA1

7005f5f6f86a1071b3c2e2eadbc0202f3959a028
SHA256

77f381c29dcc29904a9e2769b5b35b8ef5da3c4f92b0820cde039d215daa7ce3
SHA512

cab48556f1d12da129f5757d79e469cc2c1a0f54ab3a496e5a89edbf5e9a4743f43a2d7f4b1023ba3d804ad5ea8b0dc5aefe4468160dc805e306d243d26d38e0
SSDEEP

1536:hTB6h/WhuAAqVmK93MoWf4gXxrTUpT4Oqi7SCgl6Q2DyqmBGsUHGZakl4Ilif:h1g/mxK7fhrYRK5YGckl4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23d635ca9e45243b20eda5321d9adac5

Files

23d635ca9e45243b20eda5321d9adac5
.dll regsvr32 windows:4 windows x86 arch:x86

37bf7e83e7e5010cf7c7b9fc519f93fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowRect
wsprintfA
GetSysColorBrush
GetSysColor
IsZoomed
GetWindow
CharNextA
GetClientRect
GetTopWindow
CharLowerA
GetSystemMetrics
SendMessageA
IsWindow

urlmon

URLDownloadToCacheFileA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shlwapi

SHGetValueA

shell32

SHGetSpecialFolderPathA

kernel32

IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
IsBadCodePtr
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
CreateMutexA
CloseHandle
SetEvent
OpenEventA
ReleaseMutex
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
UnmapViewOfFile
CreateThread
HeapAlloc
GetProcessHeap
MapViewOfFile
OpenFileMappingA
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetFileSize
GetFileTime
CreateFileA
lstrcpyA
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
HeapFree
GetSystemDirectoryA
CopyFileA
GetSystemDefaultLCID
GetSystemDefaultLangID
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
GetVersionExA
GetLocaleInfoA
GetTimeZoneInformation
ReadFile
GetLastError
VirtualQuery
OpenMutexA
CreateProcessA
CreateProcessW
GetLongPathNameW
GetModuleHandleA
FindClose
FindFirstFileA
WriteFile
SetFilePointer
GetWindowsDirectoryA
DeleteFileA
SetFileAttributesA
SetEnvironmentVariableA
GetVolumeInformationA
Sleep
TerminateProcess
FormatMessageA
GetCPInfo
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
GetCurrentProcess
ExitProcess
RaiseException
GetLocalTime
GetSystemTime
GetVersion
GetCommandLineA
HeapReAlloc
RtlUnwind
InterlockedExchange

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

VariantChangeType
SysFreeString
VariantClear
VariantInit
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
RegisterTypeLi
LoadTypeLi

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlA
InternetGetConnectedState
DeleteUrlCacheEntry
InternetCloseHandle
InternetReadFile
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37bf7e83e7e5010cf7c7b9fc519f93fb

Headers

File Characteristics

Imports

user32

urlmon

advapi32

shlwapi

shell32

kernel32

ole32

oleaut32

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 89KB

.rsrc Size: 4KB - Virtual size: 536B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 89KB

.rsrc
Size: 4KB - Virtual size: 536B

.reloc
Size: 12KB - Virtual size: 8KB