2b02a5739005d49f2252ebc26a3be3ea

Sharing

Copy URL Twitter E-mail

General

Target

2b02a5739005d49f2252ebc26a3be3ea
Size

709KB
MD5

2b02a5739005d49f2252ebc26a3be3ea
SHA1

28e903a4f9ebdd0a5aad541418675ba188bd60aa
SHA256

e61a832e5630d00d33b78037013ac655c77bff9118a9c941444ef16b45573480
SHA512

a77dc69824eae0de96b86e174c212e733de6e27cf33c51e7d82046f8c09307e089d200c1dd974d1a42f27ab5ca73182888f635bedc4024636c505ad5ced3f798
SSDEEP

12288:x4dtaW5DRxGf62Z6XiXiGpSlrrXhAoTe:x4vbhRgCSpSlrrxAme

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b02a5739005d49f2252ebc26a3be3ea

Files

2b02a5739005d49f2252ebc26a3be3ea
.dll regsvr32 windows:5 windows x86 arch:x86

1a9e262f75fcb7fedff4cfeab8466562

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetCurrentProcessId
WideCharToMultiByte
GetPrivateProfileStringW
MultiByteToWideChar
ExpandEnvironmentStringsW
TerminateProcess
GetTempPathW
CreateProcessW
WaitForSingleObject
ReleaseMutex
OpenMutexW
LocalFree
CreateMutexW
CreateDirectoryW
DeleteFileW
CopyFileW
GetTempFileNameW
FindFirstFileW
FindNextFileW
FindClose
SetErrorMode
CreateThread
OutputDebugStringW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GlobalHandle
GlobalFree
lstrcpyW
GetExitCodeProcess
GetFullPathNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
CompareStringW
lstrcmpiW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
DebugBreak
SetFilePointer
CreateFileW
WriteFile
CloseHandle
HeapAlloc
FormatMessageW
HeapFree
GetProcessHeap
GetThreadLocale
SetThreadLocale
GetCurrentThreadId
FreeLibrary
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LoadLibraryA
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedIncrement
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
lstrlenW
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
GetVersionExW

user32

DestroyWindow
SetWindowLongW
GetClientRect
ClientToScreen
InvalidateRect
IsWindow
SetWindowPos
AppendMenuW
CreatePopupMenu
SendMessageW
CharLowerW
LoadStringW
GetDC
ReleaseDC
GetSysColor
DefWindowProcW
CallWindowProcW
MoveWindow
GetWindowRect
ShowWindow
IsWindowVisible
GetParent
SetParent
LoadCursorW
PtInRect
CopyRect
RegisterClassExW
GetClassInfoExW
GetMonitorInfoW
MonitorFromPoint
IsChild
GetWindowLongW
DestroyMenu
CharNextW
wvsprintfW
EnumWindows
GetClassNameW
PostMessageW
SetWindowTextW
IsMenu
ModifyMenuW
RealGetWindowClassW
LoadImageW
GetSystemMetrics
LoadBitmapW
UnregisterClassA
DialogBoxParamW
TrackPopupMenu
SetTimer
KillTimer
DestroyAcceleratorTable
GetWindowDC
DrawTextExW
SetRect
EndDialog
EnableWindow
MonitorFromWindow
MapWindowPoints
SetActiveWindow
SetDlgItemTextW
SetCursor
GetCursorPos
SetRectEmpty
DrawTextW
OffsetRect
CallNextHookEx
IsDialogMessageW
GetActiveWindow
UnhookWindowsHookEx
SetWindowsHookExW
CopyImage
CreateDialogParamW
AnimateWindow
MessageBoxW
FrameRect
DispatchMessageW
TranslateMessage
GetKeyState
AdjustWindowRectEx
GetMenu
GetDlgCtrlID
SystemParametersInfoW
GetCapture
DrawFocusRect
InflateRect
DrawEdge
IsWindowEnabled
UpdateWindow
MapDialogRect
SetWindowContextHelpId
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
GetFocus
SetFocus
GetWindow
GetDlgItem
RedrawWindow
CreateAcceleratorTableW
ScreenToClient
SetCapture
CreateWindowExW
ReleaseCapture
FillRect
InvalidateRgn
GetDesktopWindow

gdi32

MoveToEx
SetTextColor
CreateFontIndirectW
SetBkMode
ExtTextOutW
SetBkColor
SetViewportOrgEx
CreateSolidBrush
CreateCompatibleDC
BitBlt
GetStockObject
GetObjectW
GetDeviceCaps
DeleteDC
DeleteObject
CreateCompatibleBitmap
SelectObject
LineTo
GetPixel

winspool.drv

ord203

advapi32

RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
StringFromGUID2
OleRun
CoTaskMemFree
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoInitialize

oleaut32

RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicturePath
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysAllocString
VariantClear
VariantInit
SysStringLen
SysFreeString
GetErrorInfo
UnRegisterTypeLi

shlwapi

PathFileExistsW
PathIsDirectoryW
PathAddBackslashW
PathAppendW

msvcp90

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

msvcr90

free
vswprintf_s
_vscwprintf
_wcsicmp
_CxxThrowException
memcpy_s
wcslen
memmove_s
__CxxFrameHandler3
wcsstr
??_V@YAXPAX@Z
memcpy
memset
??3@YAXPAX@Z
_recalloc
??2@YAPAXI@Z
_wtol
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
abs
swprintf_s
wcscpy_s
_purecall
wcsncpy_s
wcscat_s
_wcsnicmp
memmove
_time64
iswdigit
_wtoi
wcsftime
_localtime64_s
_itow_s
wcsnlen
malloc
_strlwr_s
strncmp
_ultoa_s
wcstol
swscanf_s
_ltow_s
wcsrchr
_mktime64
wcsncmp
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
calloc

wininet

InternetReadFile
HttpQueryInfoW
InternetQueryOptionW
InternetGetConnectedState
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle
InternetCrackUrlW
HttpSendRequestW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a9e262f75fcb7fedff4cfeab8466562

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp90

msvcr90

wininet

Exports

Exports

Sections

.text Size: 295KB - Virtual size: 294KB

.rdata Size: 102KB - Virtual size: 101KB

.data Size: 15KB - Virtual size: 16KB

.rsrc Size: 258KB - Virtual size: 257KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 295KB - Virtual size: 294KB

.rdata
Size: 102KB - Virtual size: 101KB

.data
Size: 15KB - Virtual size: 16KB

.rsrc
Size: 258KB - Virtual size: 257KB

.reloc
Size: 37KB - Virtual size: 37KB