624b94a326d855774044aef849d69df8

Sharing

Copy URL

Twitter E-mail

General

Target

624b94a326d855774044aef849d69df8
Size

48KB
MD5

624b94a326d855774044aef849d69df8
SHA1

e90fcbead6b238f65109c74fde2150c6bb267a84
SHA256

caba917180c49b1e86318cb78ac79b7c14a0a7d4fec58bd20e2dc2383190bf77
SHA512

daf99684428d0787c3e7d2edefaf9fbc29a34187d8ad47ee6df69078409f1bd8e2817427e6772d4ba023e45f772b8a5d452d9a4cddd517f0721b9338ce4630fc
SSDEEP

768:SOdMWfw3BjUISqOzWmC5uminUvWXZSaHZEBMVv7borktf:/djWBjU5qOy+3F/sM57gkx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
624b94a326d855774044aef849d69df8

Files

624b94a326d855774044aef849d69df8
.dll regsvr32 windows:4 windows x86 arch:x86

00534a7c17483efda8dabb43c5bc304c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrlenW
WideCharToMultiByte
GetModuleFileNameA
FindNextFileA
GetPrivateProfileStringA
FindFirstFileA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapDestroy
GetShortPathNameA
GetModuleHandleA
Sleep
ExitProcess
CreateDirectoryA
Process32Next
Process32First
CreateThread
WritePrivateProfileStringA
LeaveCriticalSection
SetFileAttributesA
DeleteFileA
MoveFileA
GetCurrentProcessId
LoadLibraryA
FreeLibrary
GetCommandLineW
CloseHandle
LocalFree
MultiByteToWideChar
lstrlenA
DisableThreadLibraryCalls

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
RegQueryValueExA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoInitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString
SysAllocString
VariantClear

msvcrt

wcsstr
_strlwr
_stricmp
_adjust_fdiv
malloc
_initterm
free
strcmp
_access
strncmp
strncpy
??2@YAPAXI@Z
_purecall
strrchr
strchr
atoi
??3@YAXPAX@Z
memset
strlen
strcat
strcpy
sprintf
strstr
_strupr
_wcslwr
memcmp
memcpy

shlwapi

SHDeleteKeyA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00534a7c17483efda8dabb43c5bc304c

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

cdata Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB

cdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB