8ebf959c66bb7cea2b846154b66067e581497618d67e79156f7c9d9b91ce9b3e

Sharing

Copy URL Twitter E-mail

General

Target

8ebf959c66bb7cea2b846154b66067e581497618d67e79156f7c9d9b91ce9b3e
Size

251KB
MD5

37da424bb16f960fd68fef4447ed89e8
SHA1

faee7ab84b69a7cf53010c0ce32089f07f0ddca0
SHA256

8ebf959c66bb7cea2b846154b66067e581497618d67e79156f7c9d9b91ce9b3e
SHA512

58f1f040e90b04fbe093e1f80838d5bd0e3c856114ca18b0ce328432210a1801b8d865c6e5e34bdd8e8034299f000a7c38023b0a32968175177f805dc4cfcd5e
SSDEEP

3072:Pbt4AuuWerS30zAEvzVri+tVM6UA0t7N5ODw7238KHqOHjeoY4qOW4K+FqlyQdrM:PfWl0zAMricS6et7N0938mAohABkqn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ebf959c66bb7cea2b846154b66067e581497618d67e79156f7c9d9b91ce9b3e

Files

8ebf959c66bb7cea2b846154b66067e581497618d67e79156f7c9d9b91ce9b3e
.dll regsvr32 windows:5 windows x64 arch:x64

e0fe690f130ca59e0369a76784985b89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
SetEvent
LoadResource
SizeofResource
lstrcmpiW
CreateEventW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
MultiByteToWideChar
WaitForSingleObject
CloseHandle
LockResource
FindResourceExW
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringW
GetLastError
GetThreadLocale
SetThreadLocale
GetCurrentProcess
WriteFile
GetTickCount
LoadLibraryW
GetModuleFileNameA
GetCommandLineA
CreateDirectoryW
CreateFileW
QueryPerformanceCounter
WideCharToMultiByte
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
EncodePointer
DecodePointer
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetFileType
GetStdHandle
GetACP
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetCPInfo
LocalFree
IsDebuggerPresent
GetStringTypeW

user32

CharNextW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoMarshalInterface
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantTimeToSystemTime
VariantInit
VariantClear
VarUI4FromStr
LoadRegTypeLi
DispCallFunc
LoadTypeLi
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathFileExistsW
PathAppendW

rpcrt4

NdrAsyncClientCall
RpcBindingFree
RpcStringFreeW
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
RpcStringBindingComposeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0fe690f130ca59e0369a76784985b89

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB