286118c6b506c8a02f6b993952a3a90c

Sharing

Copy URL Twitter E-mail

General

Target

286118c6b506c8a02f6b993952a3a90c
Size

276KB
MD5

286118c6b506c8a02f6b993952a3a90c
SHA1

6b1ff3bee58cfb025c85d3541bc7355eae860e15
SHA256

98c32df83cfbdfcf582107c4bf100873a5b7d4408df353425a87b162ddbb9a00
SHA512

8b9959c8f16a45858e16d62d03d7ee8dcdf0a2f49d65ab3e2a2ea69f584df9c7ad22d3e36369e4a4505c7f624a2656608249368644e9bd0d4bbaa9aa5fdc8c1a
SSDEEP

6144:MzB6Q/FT6LkH8PYi4wqm8NDpXIVEcVLkts:rwwvt6pXIBgs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
286118c6b506c8a02f6b993952a3a90c

Files

286118c6b506c8a02f6b993952a3a90c
.dll regsvr32 windows:4 windows x86 arch:x86

ef9c85ebc41b586490fdfb0e277fd904

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

UrlMkGetSessionOption

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCanonicalizeUrlA
InternetCloseHandle

kernel32

lstrlenW
RaiseException
GetLastError
lstrcmpiA
VirtualProtect
LockResource
SizeofResource
LoadResource
FindResourceA
CreateThread
GetModuleFileNameA
DisableThreadLibraryCalls
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
CreateFileA
GetTempPathA
WriteFile
ReadFile
SetFilePointer
CreateProcessA
Sleep
CreateMutexA
ExitThread
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcAddress
LocalFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedCompareExchange
WideCharToMultiByte
GetProcessHeap
lstrlenA
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameA
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
GetOEMCP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
ExitProcess
HeapCreate
HeapDestroy
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
GetSystemInfo
HeapReAlloc
MultiByteToWideChar
LCMapStringA
SetEvent
EnterCriticalSection
WaitForSingleObject
ResetEvent
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventA
HeapFree
InitializeCriticalSection
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
HeapAlloc
SetEnvironmentVariableA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter

user32

GetWindowTextLengthA
RegisterWindowMessageA
UnregisterClassA
GetWindowTextA
SetWindowTextA
PeekMessageA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetActiveWindow
GetSystemMetrics
SetForegroundWindow
SetActiveWindow
CreateAcceleratorTableA
LoadCursorA
GetClassInfoExA
IsWindow
GetDesktopWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
DefWindowProcA
SendMessageA
LockWindowUpdate
ShowWindow
DestroyWindow
CreateWindowExA
GetWindowLongA
SetWindowLongA
wsprintfA
CharNextA
SetTimer
KillTimer
RegisterClassExA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

ole32

CoUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoInitialize
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoMarshalInterface
CoReleaseMarshalData
CoUnmarshalInterface
OleLockRunning

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
DispCallFunc
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
VariantCopy

shlwapi

StrStrIA

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectA
GetStockObject
SelectObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef9c85ebc41b586490fdfb0e277fd904

Headers

File Characteristics

Imports

urlmon

wininet

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

gdi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 185KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 188KB - Virtual size: 185KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 18KB