6d9eb39f5f99a79814599a8c7f97b967

Sharing

Copy URL Twitter E-mail

General

Target

6d9eb39f5f99a79814599a8c7f97b967
Size

1.3MB
MD5

6d9eb39f5f99a79814599a8c7f97b967
SHA1

fce88703fb3937c215fc45972dcecfe716e733fa
SHA256

e635f011211f4a94700294017b4eb71fca75cafffdaac7a346a6bd5320e2c1e4
SHA512

efcbc397c1c1ede74938bfd36f0a2646ca214aaf23b053438c81853afea55d4fb2c3f4aa10f4f68cc6c3494332b6244d3c71fd045d6751cf1543a1d603cdf3be
SSDEEP

24576:lab7uuKhkBqXqdYsdQC2H2nWCe2Ajs6x2H:gOaR4HY6k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d9eb39f5f99a79814599a8c7f97b967

Files

6d9eb39f5f99a79814599a8c7f97b967
.dll regsvr32 windows:4 windows x86 arch:x86

a8474f78260f8e65d6d5a51e26f9227b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
InterlockedIncrement
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
CreateEventA
OutputDebugStringA
LockResource
Process32Next
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
CreateMutexA
ReleaseMutex
SetLastError
GetCurrentThread
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEndOfFile
IsBadWritePtr
FormatMessageA
LocalAlloc
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLocaleInfoW
SetEnvironmentVariableA
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
GetShortPathNameA
IsValidCodePage
IsValidLocale
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsFree
TlsAlloc
HeapSize
GetOEMCP
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetVersion
GetCommandLineA
TerminateProcess
ExitProcess
HeapReAlloc
HeapAlloc
HeapFree
GetTimeZoneInformation
ExitThread
TlsSetValue
RaiseException
RtlUnwind
LocalFree
VirtualFree
VirtualAlloc
ReleaseSemaphore
InterlockedExchange
GetACP
CreateSemaphoreA
lstrlenA
lstrlenW
DisableThreadLibraryCalls
GetTempFileNameA
GetFileAttributesExA
GetTempPathA
WaitForMultipleObjects
CreateThread
GetLastError
ResetEvent
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTime
TerminateThread
SetThreadPriority
GetExitCodeThread
Sleep
InterlockedDecrement
GetTimeFormatA
GetDateFormatA
QueryPerformanceCounter
GetLocalTime
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetVersionExA
ReadFile
IsBadReadPtr
SetFilePointer
WriteFile
MoveFileA
CopyFileA
SetFileAttributesA
DeleteFileA
CreateDirectoryA
lstrcmpA
GetModuleHandleA
GetModuleFileNameA
GetFileSize
SetFileTime
CreateFileA
GetFileTime
CloseHandle
GetLocaleInfoA

user32

RemovePropA
GetWindow
TrackMouseEvent
FillRect
GetKeyState
GetScrollPos
CloseClipboard
GetAsyncKeyState
EmptyClipboard
SetClipboardData
SetScrollRange
SetScrollPos
GetScrollInfo
SetScrollInfo
SetDlgItemInt
GetDlgItemInt
DrawIcon
DestroyMenu
RemoveMenu
TrackPopupMenu
OpenClipboard
InsertMenuA
DialogBoxParamA
GetWindowLongA
SetWindowLongA
MessageBoxA
EndDialog
SetWindowPos
GetWindowRect
ScreenToClient
ClientToScreen
wsprintfA
SetTimer
SetDlgItemTextA
GetSubMenu
GetMenuStringA
CreateMenu
SetCursor
LoadMenuA
CheckMenuItem
EnableMenuItem
DispatchMessageA
TranslateMessage
PeekMessageA
SetCapture
ReleaseCapture
FrameRect
DrawMenuBar
CreatePopupMenu
AppendMenuA
DeleteMenu
KillTimer
SendMessageA
DestroyIcon
CreateDialogParamA
SetWindowTextA
GetDlgItem
EnableWindow
GetClientRect
InvalidateRect
ReleaseDC
GetDC
UnregisterClassA
DefWindowProcA
GetMenuItemCount
SetCursorPos
GetCursorPos
GetPropA
SetPropA
MoveWindow
GetSystemMetrics
LoadIconA
SetParent
CreateWindowExA
RegisterClassExA
DestroyWindow
IsWindow
EndPaint
BeginPaint
PostMessageA
CharNextA
PtInRect
UnionRect
LoadCursorA
GetClassInfoExA
SetFocus
IsChild
GetFocus
ShowWindow
GetParent
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
CallWindowProcA
GetWindowThreadProcessId
EnumWindows
wvsprintfA
GetDlgItemTextA

gdi32

GetNearestColor
StretchDIBits
SetBkColor
CreateDIBSection
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
GetDeviceCaps
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
GetStockObject
CreatePen
SelectClipRgn
IntersectClipRect
GetTextExtentPointA
BitBlt
SetPixel
GetPixel
DeleteObject
CreateSolidBrush
DeleteDC
CreateCompatibleBitmap
GetTextExtentPoint32A
TextOutA
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectA
LineTo
SetStretchBltMode
SetTextAlign
MoveToEx
CreateMetaFileA
CreateCompatibleDC

comdlg32

ChooseColorA
GetSaveFileNameA

advapi32

CryptGenRandom
CryptAcquireContextA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
CryptReleaseContext

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHBrowseForFolderA

ole32

CoInitialize
OleLoadFromStream
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CoUninitialize
OleSaveToStream
WriteClassStm
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OleRun
CoFreeUnusedLibraries
OleRegEnumVerbs

oleaut32

GetErrorInfo
OleCreatePropertyFrame
VariantChangeType
SysStringLen
LoadRegTypeLi
VariantClear
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

winmm

timeGetTime

dsound

ord1

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestA
HttpSendRequestA
InternetConnectA

msimg32

TransparentBlt
AlphaBlend

iphlpapi

GetAdaptersInfo

wsock32

recv
send
setsockopt
inet_ntoa
htons
ioctlsocket
bind
shutdown
accept
connect
getsockname
gethostbyname
closesocket
ntohs
inet_addr
WSACleanup
WSAStartup
WSAGetLastError
recvfrom
sendto
select
ntohl
getsockopt
__WSAFDIsSet
socket
gethostname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 784KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8474f78260f8e65d6d5a51e26f9227b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

dsound

wininet

msimg32

iphlpapi

wsock32

Exports

Exports

Sections

.text Size: 784KB - Virtual size: 782KB

.rdata Size: 104KB - Virtual size: 102KB

.data Size: 160KB - Virtual size: 178KB

.rsrc Size: 284KB - Virtual size: 282KB

.reloc Size: 72KB - Virtual size: 70KB

.text
Size: 784KB - Virtual size: 782KB

.rdata
Size: 104KB - Virtual size: 102KB

.data
Size: 160KB - Virtual size: 178KB

.rsrc
Size: 284KB - Virtual size: 282KB

.reloc
Size: 72KB - Virtual size: 70KB