585eb9285cac3a41848b6682d7a08061

Sharing

Copy URL Twitter E-mail

General

Target

585eb9285cac3a41848b6682d7a08061
Size

736KB
MD5

585eb9285cac3a41848b6682d7a08061
SHA1

bbbfe178f894bcc9cc5d453b5eadaf4f2a59e436
SHA256

8637df0e69311e08742c6232eda8744ab19195d8d75651f05728d1596794a0bd
SHA512

27d268944f87ada63d0357d4be59e8b034f21e333bbd67e8ae88624e387346748d584fd8eec9c1ae1b1f9b7023cafefafb6071800a8cda4570393be884a8a16c
SSDEEP

12288:FGOuOSwk7T6O3sRRTj5+n5o4pLqpBP0z8mxcFb08KlppID48mM:Fa3sRRv5+n+4m188qch3Kw48

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
585eb9285cac3a41848b6682d7a08061

Files

585eb9285cac3a41848b6682d7a08061
.dll regsvr32 windows:4 windows x86 arch:x86

fc995a3f4c36c00d04b85acf93b383fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetCurrentDirectoryA
RtlUnwind
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
ExitThread
TerminateProcess
HeapSize
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
WritePrivateProfileStringA
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
FindResourceExA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetFileTime
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
VirtualProtect
GetProfileIntA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalReAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
SetThreadPriority
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalFree
TlsAlloc
CreateThread
FindFirstChangeNotificationA
Sleep
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
OpenEventA
SetEvent
OpenProcess
DuplicateHandle
CreateEventA
TlsFree
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindClose
MoveFileA
GetFileSize
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
FlushInstructionCache
GetSystemDirectoryA
FreeResource
GlobalAlloc
CompareStringW
CompareStringA
GlobalSize
TlsSetValue
lstrcmpA
CopyFileA
lstrcatA
lstrcpyA
MulDiv
GetTickCount
TerminateThread
GetCurrentProcess
SetPriorityClass
GetShortPathNameA
DeviceIoControl
FormatMessageA
LocalFree
CreateFileA
SetFilePointer
WriteFile
CloseHandle
lstrcmpW
LoadLibraryA
lstrcpyW
TlsGetValue
GlobalLock
GlobalUnlock
FreeLibrary
GetModuleFileNameA
IsDBCSLeadByte
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
lstrcpynA
LoadLibraryExA
OutputDebugStringA
GetModuleFileNameW
SetLastError
LoadLibraryW
WaitForSingleObject
DeleteFileA
lstrcmpiA
lstrlenA
GetLastError
SuspendThread
ResumeThread
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetCurrentProcessId

user32

SetRect
MapDialogRect
GetAsyncKeyState
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessageA
ValidateRect
GetMenuStringA
SetMenuItemBitmaps
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckDlgButton
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClassInfoA
RegisterClassA
GetDlgCtrlID
OffsetRect
IntersectRect
GetWindowPlacement
IsClipboardFormatAvailable
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
FindWindowA
GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
CreateAcceleratorTableA
GetDlgItem
SetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
CallWindowProcA
RegisterWindowMessageA
GetWindowTextLengthA
SetWindowTextA
DefWindowProcA
GetClassInfoExA
RegisterClassExA
wsprintfA
GetWindowLongA
DestroyWindow
DestroyIcon
MoveWindow
GetSubMenu
GetMenuItemID
FrameRect
KillTimer
SetTimer
CharUpperA
LoadAcceleratorsA
SetMenuInfo
BringWindowToTop
IsIconic
CheckMenuRadioItem
AppendMenuA
CreatePopupMenu
LoadBitmapA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
WindowFromPoint
ClientToScreen
SystemParametersInfoA
IsRectEmpty
PostQuitMessage
LoadMenuA
ModifyMenuA
GetMenuItemInfoA
GetMenuItemCount
DrawStateA
SetWindowLongA
ReleaseCapture
SetCapture
RedrawWindow
GetDC
GetCursorPos
IsWindowVisible
ScreenToClient
GetDCEx
LockWindowUpdate
SetParent
SetActiveWindow
GetSysColorBrush
GetSysColor
GetWindowRect
GetWindowDC
ReleaseDC
CopyRect
SetWindowPos
MessageBoxA
CharUpperW
GetFocus
IsChild
GetWindowTextA
GetKeyState
IsWindow
ShowWindow
GetClassNameA
LoadCursorA
SetCursor
GetSystemMetrics
TrackMouseEvent
FindWindowExA
CreateWindowExA
GetParent
InvalidateRect
GetClientRect
PostMessageA
FillRect
InflateRect
PtInRect
SendMessageA
UnregisterClassA
CharNextA
EnableWindow
GetActiveWindow

gdi32

CreateRectRgn
SelectClipRgn
PtVisible
RectVisible
TextOutA
EnumFontFamiliesExA
GetBkColor
CreateFontA
GetCharWidthA
StretchDIBits
PatBlt
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreatePatternBrush
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
MoveToEx
CreatePen
CreateSolidBrush
SelectObject
IntersectClipRect
ExcludeClipRect
SetBkMode
RestoreDC
SaveDC
CopyMetaFileA
SetTextColor
GetClipBox
GetDeviceCaps
GetTextExtentPoint32A
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteObject
DeleteDC
GetStockObject
Rectangle
LineTo
ExtTextOutA

msimg32

GradientFill

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegOpenKeyA
RegNotifyChangeKeyValue
GetUserNameA
RegEnumValueA
RegSetKeySecurity
RegDeleteKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority

shell32

ShellExecuteA
SHGetSpecialFolderPathA

comctl32

ord17
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

shlwapi

SHDeleteKeyA
SHSetValueA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
SHDeleteValueA
PathFindExtensionA
PathFindFileNameA

ole32

DoDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
ReleaseStgMedium
RegisterDragDrop
OleRun
CoCreateInstance
RevokeDragDrop
GetHGlobalFromStream
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateGuid
CoInitializeSecurity
CoInitializeEx
OleDuplicateData
CoLockObjectExternal
OleGetClipboard

oleaut32

VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringLen
VarBstrCat
SysAllocString
DispCallFunc
VariantClear
VariantInit
VariantCopy
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysFreeString
GetErrorInfo

wininet

InternetOpenA
InternetConnectA
InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
DeleteUrlCacheEntry
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
GetUrlCacheEntryInfoA
InternetGetConnectedState
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

netapi32

Netbios

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetWmiData
YOKAssiant

Sections

.text
Size: 404KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc995a3f4c36c00d04b85acf93b383fe

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wininet

netapi32

iphlpapi

Exports

Exports

Sections

.text Size: 404KB - Virtual size: 402KB

.rdata Size: 104KB - Virtual size: 102KB

.data Size: 12KB - Virtual size: 28KB

.sdata Size: 4KB - Virtual size: 12B

.rsrc Size: 148KB - Virtual size: 147KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 404KB - Virtual size: 402KB

.rdata
Size: 104KB - Virtual size: 102KB

.data
Size: 12KB - Virtual size: 28KB

.sdata
Size: 4KB - Virtual size: 12B

.rsrc
Size: 148KB - Virtual size: 147KB

.reloc
Size: 60KB - Virtual size: 59KB