4accdf2e9e984db94f8087d7c6b5e00c

Sharing

Copy URL Twitter E-mail

General

Target

4accdf2e9e984db94f8087d7c6b5e00c
Size

33KB
MD5

4accdf2e9e984db94f8087d7c6b5e00c
SHA1

6bf447173afa1cba64645db4138d8921248327d0
SHA256

e3a708eae1791750512e0deeea1e0aea0bfafed6643f1102fd338f6db93399cd
SHA512

9fd5f10f13b0749eadad6f0455cd22808e006019779e2556b969719174ae724a84782627ff498ce1d858bb2f801d16bbe152414448d0242971086fafcd385c76
SSDEEP

768:ThgUVv7u5XcnRaZ4BZ5DV1JC9l4uq5jJrxpk9d5RP:TiKaeRaqZxfEAuq5jJrrkP5R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4accdf2e9e984db94f8087d7c6b5e00c

Files

4accdf2e9e984db94f8087d7c6b5e00c
.dll regsvr32 windows:4 windows x86 arch:x86

bc95eee2bff2debc46f644811115131d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RaiseException
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
lstrcatA
lstrcpyA
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
HeapReAlloc
DebugBreak
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
lstrcpynA
lstrcmpiA
IsDBCSLeadByte
DisableThreadLibraryCalls
FreeLibrary
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
HeapFree
HeapSize
HeapAlloc
GetProcessHeap

user32

CharNextA
MessageBoxA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
VarUI4FromStr
SysStringLen
LoadRegTypeLi
SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc95eee2bff2debc46f644811115131d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 636B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 636B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB