646181f4b7e6f29c95adf20ee7f80c40

General

Target

646181f4b7e6f29c95adf20ee7f80c40
Size

315KB
MD5

646181f4b7e6f29c95adf20ee7f80c40
SHA1

fa020a9cac828416440e4ca08d661279ffed8932
SHA256

75fcf950d8e8ca5ea13a20c77152ff39dbb640cbe115f148e46d6e3673c063b6
SHA512

c0790eb4733390f6e04a37e13f014fb3b0dbd3589e8ca02db1a5e5d05879c3c3ec69e71352a988b74f0b4c975dc8acaf1b87e70cc34e86d58458f44d3532df13
SSDEEP

6144:k9q7+CuDVds41vDGxiSfHia6uW6yIfwY1k690pCSCp:k9O+tDw4l0iSfHHy7YKh/C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
646181f4b7e6f29c95adf20ee7f80c40

Files

646181f4b7e6f29c95adf20ee7f80c40
.dll regsvr32 windows:4 windows x86 arch:x86

7fdac6a5bd1ca08b6550d2e8e45920b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
CloseHandle
Sleep
CreateFileA
GetTickCount
ReadFile
SetFilePointer
DeviceIoControl
WriteFile
VirtualFree
VirtualAlloc
InterlockedExchange
WinExec
WaitForSingleObject
CreateEventA
GetModuleFileNameA
MoveFileExA
DeleteFileA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
lstrlenA
VirtualQuery
GetSystemInfo
VirtualProtect
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThreadId
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
LoadLibraryA
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

ExitWindowsEx
wsprintfA

ntdll

memset
memcpy

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
DllRegisterServer
DllUnregisterServer
EnumPrintProcessorDatatypesW
OpenPrintProcessor
PrintDocumentOnPrintProcessor

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fdac6a5bd1ca08b6550d2e8e45920b6

Headers

File Characteristics

Imports

kernel32

user32

ntdll

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 276KB - Virtual size: 278KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 276KB - Virtual size: 278KB

.reloc
Size: 4KB - Virtual size: 3KB