54ba522754306fc5af3c2c06c24afec7

Sharing

Copy URL Twitter E-mail

General

Target

54ba522754306fc5af3c2c06c24afec7
Size

20KB
MD5

54ba522754306fc5af3c2c06c24afec7
SHA1

45af15f09626beade21868af4e532c7a40a17888
SHA256

f0063c81fa11abe8df7099a55c71278c2c311542b7fda7326c160fa7cc65ce70
SHA512

d09cb7bc13fcb0a6ad6b09f00f73065329f3c0f5061c90add0a19d0588eeee1bb05ce5515823678d81ce3108be32d915cb2efdb992f41edd9b166da04fc9ecc8
SSDEEP

384:K6KoadZmrRTNxEnUkIM2+EVH7KbTmQcsKUHBK4CgbbTQV9:KPouoRhxEnUn1JJQBK4CgbbTG9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54ba522754306fc5af3c2c06c24afec7

Files

54ba522754306fc5af3c2c06c24afec7
.dll regsvr32 windows:4 windows x86 arch:x86

d0e9f598dbc59e16f632758d91543ab7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetProcAddress
lstrcmpA
Sleep
IsBadStringPtrA
GetModuleHandleA
lstrcpyW
GetTickCount
VirtualProtect
GetCurrentProcess
WriteProcessMemory
WideCharToMultiByte
GetModuleFileNameA
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExA
lstrlenW
SetEvent
CloseHandle
WaitForSingleObject
HeapFree
ExitThread
lstrlenA
GetProcessHeap
lstrcatW
lstrcpyA
CreateThread
GetLastError
CreateEventA
CompareStringW
CompareStringA
HeapAlloc
HeapReAlloc
lstrcatA
GetSystemDirectoryA
ReadFile
WriteFile
SetFilePointer
CreateMutexA
CreateFileA
ReleaseMutex
SetEndOfFile

user32

wsprintfA
CharUpperW
CharLowerA
wsprintfW

advapi32

InitializeSecurityDescriptor
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
SetSecurityDescriptorDacl
CryptReleaseContext

ole32

StringFromIID
CoGetMalloc

oleaut32

SysFreeString
SysAllocString

wininet

InternetConnectA
InternetCrackUrlA
InternetCrackUrlW

urlmon

CoInternetCombineUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0e9f598dbc59e16f632758d91543ab7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

urlmon

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 336B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 336B

.reloc
Size: 1KB - Virtual size: 1KB