35fe04cb8f18cacf646e29d431f27f7d

Sharing

Copy URL Twitter E-mail

General

Target

35fe04cb8f18cacf646e29d431f27f7d
Size

324KB
MD5

35fe04cb8f18cacf646e29d431f27f7d
SHA1

ba7f9a63fe42f3dc196a990b310c6b8eb20913b9
SHA256

75e4f552152ae47eba4ac5e481b8666f597f5c44e4a189115f4622a2825cd03f
SHA512

d2ce99eee80ef0b079dd124b99942df97ece5c921121f5929e748a5922c896d982009b275b47bae08502b10806d679c2205c5b6d36cacf85f43f3c186674fe61
SSDEEP

6144:Z00k/Iy5pwbdK2UsHvvi8IQx4dn4Av//lO9NhZR:Vfy5pwbdK2UsHirQ4GU/90

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35fe04cb8f18cacf646e29d431f27f7d

Files

35fe04cb8f18cacf646e29d431f27f7d
.dll regsvr32 windows:4 windows x86 arch:x86

81929599deba65fcc3c9b94d9ac052d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lz32

LZOpenFileW
LZClose
LZCopy

wininet

InternetOpenUrlW
InternetReadFile
InternetOpenW
HttpQueryInfoW
InternetCanonicalizeUrlW
InternetCloseHandle

kernel32

lstrcpyW
GetLastError
RaiseException
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
GetCurrentThreadId
ReadFile
GetFileSize
CreateFileW
WriteFile
lstrlenA
GetProcAddress
LoadLibraryW
GetLocalTime
DeleteFileW
GetExitCodeThread
WaitForSingleObject
GetVersionExA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
GetModuleHandleW
LoadLibraryA
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcessId
GetModuleFileNameW
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocaleInfoA
GetThreadLocale
GetACP
InterlockedExchange
GetVersionExW
CloseHandle
HeapReAlloc
CreateThread
SetStdHandle
FlushFileBuffers
CreateFileA
SetEndOfFile
HeapFree
LocalFree
ExitProcess
IsBadReadPtr
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetCurrentProcess
TerminateProcess
GetModuleHandleA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind

user32

GetMessageW
LoadBitmapW
RegisterClassExW
TranslateMessage
DispatchMessageW
BeginPaint
GetDC
IsWindowVisible
FindWindowW
FindWindowExW
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
GetParent
LoadCursorW
GetWindowTextW
SetWindowsHookExW
CharNextW
DestroyWindow
SetWindowTextW
GetClientRect
FrameRect
DrawTextW
EndPaint
PostQuitMessage
DefWindowProcW
CreateWindowExW
SetTimer
ShowWindow
UpdateWindow
LoadIconW

gdi32

CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetTextColor
GetObjectW
CreateFontW
GetDeviceCaps

advapi32

RegOpenKeyExW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyW
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHAppBarMessage

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocString
VarUI4FromStr
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81929599deba65fcc3c9b94d9ac052d2

Headers

File Characteristics

Imports

lz32

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 214KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 24KB - Virtual size: 85KB

Shared Size: 4KB - Virtual size: 12B

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 24KB - Virtual size: 85KB

Shared
Size: 4KB - Virtual size: 12B

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 16KB - Virtual size: 15KB