3bb48004b57719eb8e80729fc1000bbc

Sharing

Copy URL Twitter E-mail

General

Target

3bb48004b57719eb8e80729fc1000bbc
Size

172KB
MD5

3bb48004b57719eb8e80729fc1000bbc
SHA1

6fe391a55128b6d3e194c5edac05abe118e9a416
SHA256

c26fdf560c69d5501ef011e0cf1c1474ab31c3e48a686914baecbc0a32abb198
SHA512

dfe955ee0b331c0e8d023919a9813703fd7dc34798056c7fc413069a790e7f2da2cd7ce732313f4cc115437cd40c22cc977476090ac628b4376e6e01b85e314d
SSDEEP

3072:GtETPuxexMcDh5WIihtAbLC7IR01/4WWZeQCsTJTa84tN0n:Gmys9WIStuLC024g0xaHN0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bb48004b57719eb8e80729fc1000bbc

Files

3bb48004b57719eb8e80729fc1000bbc
.dll regsvr32 windows:4 windows x86 arch:x86

6214c466e56bac796aa135ca30430064

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

wininet

HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetCloseHandle

netapi32

Netbios

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

oleaut32

SysAllocString
SysFreeString
VariantClear
GetErrorInfo

user32

wsprintfA
CloseClipboard
OpenClipboard
SetWindowPos
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetClassNameA
GetWindowThreadProcessId
SetTimer
EnumWindows
KillTimer
EnumChildWindows
DefWindowProcA
SystemParametersInfoA

msvcrt

strerror
islower
isalpha
printf
wcscmp
wcslen
?what@exception@@UBEPBDXZ
srand
strstr
fclose
fwrite
fopen
tmpnam
atoi
strtol
__dllonexit
_onexit
__mb_cur_max
_initterm
_adjust_fdiv
wctomb
tolower
malloc
free
isxdigit
isalnum
isspace
ispunct
??1exception@@UAE@XZ
??0exception@@QAE@XZ
strchr
_CxxThrowException
??0exception@@QAE@ABV0@@Z
isupper
??2@YAPAXI@Z
strtok
??3@YAXPAX@Z
__CxxFrameHandler
toupper
strncpy
isgraph
??1type_info@@UAE@XZ

ole32

CoCreateGuid
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

winmm

timeGetTime

advapi32

RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegOpenKeyExA

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

rpcrt4

UuidToStringA

kernel32

DeleteFileA
CreateProcessA
CloseHandle
FreeLibrary
WaitForSingleObject
MoveFileExA
GetLocalTime
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
SleepEx
lstrcmpA
lstrcmpiA
lstrcpynA
GetWindowsDirectoryA
GetCurrentProcessId
GetProcessTimes
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersionExA
GetSystemDirectoryA
MultiByteToWideChar
GetSystemInfo
GetCurrentThread
Sleep
GetThreadTimes
FormatMessageA
GetVersion
CreateFileA
HeapSize
CreateRemoteThread
WriteProcessMemory
GetProcAddress
VirtualAllocEx
GetCurrentProcess
OpenProcess
HeapAlloc
GetProcessHeap
lstrcpyA
GetCurrentDirectoryA
lstrlenA
GetLastError
SetLastError
GetFullPathNameA
LocalFree
HeapFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6214c466e56bac796aa135ca30430064

Headers

File Characteristics

Imports

psapi

wininet

netapi32

version

oleaut32

user32

msvcrt

ole32

winmm

advapi32

shlwapi

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 24KB - Virtual size: 23KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 24KB - Virtual size: 23KB

.reloc
Size: 12KB - Virtual size: 8KB