44eba4b328053460947c18138f674dd7

Sharing

Copy URL Twitter E-mail

General

Target

44eba4b328053460947c18138f674dd7
Size

322KB
MD5

44eba4b328053460947c18138f674dd7
SHA1

0ced3c308b868b6ad3ec55e12a0020fcc5d80f5c
SHA256

8fbf6303030a78d9d41fa31dcb8f7aca2593b9842d3cd7d3d1d0af59e50bb53f
SHA512

55ca6dcfd9d0aeb4b55778c5c2c4669d99373836574c303fe8de05871508437501e33fd8efd2fddb7c3bdeefe00f6c7700c921730d8f7862662ceaed028761c6
SSDEEP

6144:qH0ofZkTGJR0CH8nD3r3yH6xqrq4JxhrqiqDDi:qH0qkTGJR/H8nyoqrq4Lho

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44eba4b328053460947c18138f674dd7

Files

44eba4b328053460947c18138f674dd7
.dll windows:4 windows x86 arch:x86

3b911ee75d76e1a7018da2969371e7ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

kernel32

CloseHandle
CreateFileA
EnterCriticalSection
ExitProcess
FindResourceW
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessPriorityBoost
GetStartupInfoA
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadResource
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
RtlUnwind
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
SizeofResource
Sleep
TerminateProcess
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
lstrcmpiW
lstrlenW

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SysFreeString
SysStringLen
UnRegisterTypeLi
VarUI4FromStr

user32

CharNextW

ole32

CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoCreateInstance

Exports

Exports

ExtendInittab
GetPointer
SimpleStringFlags
SyntaxLocation
WithFilenameObject
info_init_3

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b911ee75d76e1a7018da2969371e7ba

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

user32

ole32

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 35KB - Virtual size: 35KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 35KB - Virtual size: 35KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 7KB - Virtual size: 6KB