4fcad8f0fed12c31aefef1141d768763

Sharing

Copy URL

Twitter E-mail

General

Target

4fcad8f0fed12c31aefef1141d768763
Size

157KB
MD5

4fcad8f0fed12c31aefef1141d768763
SHA1

476f1264ce28e2927a971b95b40c6f3442119867
SHA256

791b17dfbc7f209f7bc186670786d1e33e388972775a936a605fa1c1e9f48c9c
SHA512

7f937d30ffcfbbf473e8682fd120c654907a887b747dba2a7058cd39956a78e9a6ad80a5594f62a92b7503570c1313eb403582e1f1677f7d73087b1f3f356666
SSDEEP

3072:MBl94wLNOc4AGJOV82EclA5HodonoQkzlYEhxFyVU75cThliJ:MBFZTlATvkzeE8275cTiJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fcad8f0fed12c31aefef1141d768763

Files

4fcad8f0fed12c31aefef1141d768763
.dll regsvr32 windows:4 windows x86 arch:x86

723fec2b1f73d3af8271f5ccba5d73de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeExA
GetThreadLocale
CopyFileA
DeleteFileA
InterlockedIncrement
WinExec
lstrcmpA
CreateDirectoryA
GetEnvironmentVariableA
GetTempFileNameA
GetSystemDirectoryA
CreateThread
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
HeapReAlloc
SetUnhandledExceptionFilter
HeapFree
GetVersion
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
OutputDebugStringA
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
CloseHandle
DebugBreak
Sleep
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
OpenMutexA
CreateMutexA
InterlockedDecrement
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualFree
HeapDestroy
GetModuleFileNameA
GetModuleHandleA
GetLastError
HeapSize
ReadFile
SetFilePointer
GetCurrentProcess
TerminateProcess
WriteFile
CreateFileA
GetFileSize
lstrlenA
GetOEMCP
ExitProcess

user32

wvsprintfA
CharNextA
DestroyWindow
SendMessageA
KillTimer
LoadStringA
BringWindowToTop
SetFocus
SetForegroundWindow
SetActiveWindow
SetWindowPos
ShowWindow
SetWindowLongA
GetWindowLongA
SetTimer
ReleaseDC
GetDC
CharLowerA

gdi32

GetDeviceCaps

advapi32

RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
SysAllocStringLen

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

netapi32

Netbios

urlmon

URLDownloadToFileA

atl

ord30
ord21
ord16
ord15
ord18
ord57

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

723fec2b1f73d3af8271f5ccba5d73de

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

netapi32

urlmon

atl

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB