631c1fafb589ddbc777911c21dbe357d

Sharing

Copy URL

Twitter E-mail

General

Target

631c1fafb589ddbc777911c21dbe357d
Size

4.2MB
MD5

631c1fafb589ddbc777911c21dbe357d
SHA1

b56057e30b522bfce1f7135c8a0c4189b77bd00c
SHA256

3e1c3181481414cb38c0eac2b68627e0d03446978968decd7e085e5bc9b1fc1a
SHA512

21360c401f75d2e1f0e7001e1df08474c042d5adde61448ab3ee3a14d1f15bfaf57a08ca883132a3529e12cd05949a45a33c282faf6c83a27509f9dc0e242013
SSDEEP

12288:ETsGkSMxWUGUVi2hpREDHFVbVuj7dCXL1T9f0k+hkd9:ExV4W+i2hpRklVBU7qLp9fV+hA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
631c1fafb589ddbc777911c21dbe357d

Files

631c1fafb589ddbc777911c21dbe357d
.dll regsvr32 windows:4 windows x86 arch:x86

fdc13d91b65980cc151b450ea66172d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCheckConnectionA

mfc42

ord2122
ord283
ord4133
ord4297
ord5788
ord472
ord2567
ord3742
ord818
ord1233
ord1168
ord535
ord3573
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord860
ord324
ord2302
ord4234
ord3092
ord4476
ord3706
ord5953
ord4710
ord4299
ord858
ord922
ord924
ord6877
ord2818
ord537
ord6380
ord2078
ord823
ord2860
ord2393
ord690
ord5356
ord6112
ord5808
ord5204
ord3229
ord389
ord1228
ord6467
ord2370
ord2301
ord6334
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3619
ord2582
ord4402
ord3370
ord3640
ord686
ord693
ord616
ord1232
ord384
ord2408
ord2642
ord6888
ord2862
ord6930
ord941
ord939
ord3302
ord6675
ord2096
ord3803
ord4224
ord1140
ord3097
ord6215
ord2086
ord2414
ord6378
ord2764
ord6663
ord4202
ord6605
ord4204
ord539
ord4047
ord6199
ord3610
ord2089
ord2452
ord289
ord2135
ord3337
ord3811
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord3953
ord1134
ord6438
ord2725
ord1131
ord5572
ord2919
ord1175
ord816
ord562
ord861
ord2915
ord940
ord2688
ord1601
ord3693
ord5787
ord2450
ord5450
ord6394
ord2841
ord5440
ord6383
ord2107
ord1793
ord2574
ord3572
ord1771
ord6366
ord2413
ord2024
ord4401
ord3639
ord692
ord2753
ord4124
ord1949
ord4034
ord6283
ord6282
ord3663
ord3626
ord825
ord567
ord795
ord3571
ord3721
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord6880
ord613
ord2859
ord5875
ord540
ord3874
ord800
ord5053
ord4284
ord556
ord609
ord809
ord3574
ord4396
ord2575
ord1146
ord6453
ord3089
ord2864
ord5981
ord2379
ord6197
ord1641
ord6021
ord6194
ord2754
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord470
ord323
ord1640
ord5785
ord2405
ord640
ord755
ord656
ord4275
ord5163
ord2385
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord5241
ord4407
ord1776
ord4078
ord6055
ord3317

msvcrt

strcpy
_except_handler3
_mbscmp
atoi
strchr
sprintf
memcpy
_purecall
_mbsnbcpy
strlen
memset
abs
__CxxFrameHandler
_ftol
free
malloc
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_mbsnbicmp
_mbspbrk
_ismbcspace
tolower
_mbschr
wcslen
isalnum
isspace
strcat
fopen
fread
fclose
strrchr
memcmp
realloc

kernel32

LocalFree
CreateToolhelp32Snapshot
CloseHandle
Process32First
OpenProcess
GetPriorityClass
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
Process32Next
DeleteFileA
WinExec
GlobalAddAtomA
GetCurrentProcess
FlushInstructionCache
lstrcatA
lstrcpyA
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetShortPathNameA
lstrlenA
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
FreeLibrary
LoadLibraryA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
SetLastError
LocalAlloc

user32

EnumChildWindows
RegisterWindowMessageA
SendMessageTimeoutA
MessageBoxA
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
SetFocus
IsWindowVisible
CreatePopupMenu
AppendMenuA
TrackPopupMenu
GetForegroundWindow
RegisterHotKey
UnregisterHotKey
DefWindowProcA
CallWindowProcA
GetWindowTextLengthA
GetWindowTextA
GetClassInfoExA
RegisterClassExA
wsprintfA
CreateWindowExA
ShowWindow
IsWindow
CharNextA
DestroyWindow
PeekMessageA
TranslateMessage
DispatchMessageA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
LoadIconA
DrawIconEx
GetSystemMetrics
SetRect
ScreenToClient
GetMessagePos
GetClassNameA
DrawFocusRect
InvalidateRect
ReleaseCapture
GetClientRect
SetCapture
PostMessageA
GetParent
GetFocus
RedrawWindow
SetWindowLongA
KillTimer
SetWindowPos
GetClassInfoA
FindWindowA
FindWindowExA
SetTimer
SetWindowRgn
LoadCursorA
GetKeyState
LoadBitmapA
PtInRect
GetCapture
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
GetDC
ReleaseDC
GetSysColor
FillRect
DrawStateA
OffsetRect
CopyRect
InflateRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
SetCursor
GetNextDlgTabItem
SendMessageA
GetWindowLongA
DestroyIcon
DestroyCursor
DestroyMenu
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA

gdi32

GetMapMode
GetTextColor
GetCurrentObject
CreatePen
Rectangle
Ellipse
GetDeviceCaps
StretchBlt
CreateFontIndirectA
CreateSolidBrush
CreateRoundRectRgn
SetPixel
SelectObject
SetBkColor
DeleteDC
GetStockObject
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
GetPixel
GetObjectA
LPtoDP
CreateCompatibleDC
GetBkColor
BitBlt
DPtoLP
GetViewportExtEx
GetWindowExtEx
CreateCompatibleBitmap

advapi32

RegQueryValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
ShellExecuteA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
SysFreeString
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
LoadRegTypeLi

winmm

PlaySoundA

oleacc

AccessibleObjectFromWindow
AccessibleChildren

msvcp60

??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdc13d91b65980cc151b450ea66172d9

Headers

File Characteristics

Imports

wininet

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

oleacc

msvcp60

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 10.6MB - Virtual size: 10.6MB

.reloc Size: 48KB - Virtual size: 45KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

.reloc
Size: 48KB - Virtual size: 45KB