64bc0d064e9a5fa9bc9c489084dfe2e3

Sharing

Copy URL

Twitter E-mail

General

Target

64bc0d064e9a5fa9bc9c489084dfe2e3
Size

96KB
MD5

64bc0d064e9a5fa9bc9c489084dfe2e3
SHA1

703713388039f47f1a68fd8193f1dc2cf3593dce
SHA256

d569e440da8b7d7e91fb41ae0a58b20670c23c28746507f7927f690dcd3c8010
SHA512

2458f7f8cf173ec6c7f673a11ad2b155fa91ccf22313e2cb53144c883004a7ab99d6e1ed462351f1f527685656a7207541567295fd0f7afa85891ecc3e71fd26
SSDEEP

1536:7WBDnGDMiKjgzH/84Snv8o0p1hjunw2QwBAGNCFuvllCsw1:7ODnGD8xx0QwCBAGNa2llCsw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64bc0d064e9a5fa9bc9c489084dfe2e3

Files

64bc0d064e9a5fa9bc9c489084dfe2e3
.dll regsvr32 windows:4 windows x86 arch:x86

a380517232b0a34f804d6fbd6dafbeb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
lstrcpyA
lstrlenA
GetModuleFileNameA
lstrcatA
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
GetModuleHandleA
lstrcpynA
IsDBCSLeadByte
CloseHandle
CreateEventA
CreateThread
EnterCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetStringTypeW
GetStringTypeA
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetProcAddress
TlsGetValue
TlsSetValue
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree

user32

FindWindowA
CharNextA

advapi32

RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumValueA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
StringFromGUID2

shell32

ShellExecuteA
SHGetFileInfoA

oleaut32

LoadTypeLi
SysFreeString
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
VarUI4FromStr
VariantInit
LoadRegTypeLi
SysStringLen
VariantClear
DispCallFunc

shlwapi

SHGetValueA
PathFindExtensionA
SHSetValueA
SHDeleteKeyA

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetOpenUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
_Tech@16

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a380517232b0a34f804d6fbd6dafbeb9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 6KB