732fb7a6e4057d85a6ca8a55febaa030

Sharing

Copy URL

Twitter E-mail

General

Target

732fb7a6e4057d85a6ca8a55febaa030
Size

33KB
MD5

732fb7a6e4057d85a6ca8a55febaa030
SHA1

ccb04fad6c442d61f1a300f84d2417add5f92821
SHA256

c187d002c33cdd9e284b96fa4d4b25b3c5d8f0ba0f38d7b04be3c2e107920feb
SHA512

425fd50fe318e1274fe602c0e7c4761f8c4c5fe9e1784d0fc2355a83a8bdc7b526617aa9351e7803a4de56b360c780dc324aedcd4e72cf0722cb1be9df7ccc3c
SSDEEP

768:G+Sslk2YhUrSkEH/ZDy5MDrvR7TEfpXCVVOCpX:fISZogf9CXOCJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
732fb7a6e4057d85a6ca8a55febaa030

Files

732fb7a6e4057d85a6ca8a55febaa030
.dll regsvr32 windows:4 windows x86 arch:x86

2631e377109a5ca363d4ea7132ef665d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
SetEvent
lstrcpynA
lstrlenW
WriteFile
CreateFileA
GetModuleFileNameA
lstrcatA
GetTempPathA
CreateProcessA
CopyFileA
GetWindowsDirectoryA
WaitForSingleObject
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCommandLineA
GetLastError
ResetEvent
ReadFile
TerminateThread
CreateThread
SetFilePointer
GetFileSize
InterlockedDecrement
InterlockedIncrement
lstrcmpiA
IsDBCSLeadByte
GetProfileIntA
WriteProfileStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DebugBreak
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
Sleep
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

CharNextA
CharLowerA
wvsprintfA
MessageBoxA

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA

ole32

StringFromGUID2
CoCreateGuid
CLSIDFromString
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VariantClear
VariantChangeType
SysAllocString
VarUI4FromStr

urlmon

URLDownloadToCacheFileA

wininet

InternetGetConnectedState

ws2_32

getsockname
connect
WSAGetLastError
gethostbyname
gethostname
select
WSASendDisconnect
recv
__WSAFDIsSet
inet_ntoa
ioctlsocket
accept
listen
bind
ntohs
WSAAccept
inet_addr
WSAStartup
closesocket
send
socket
htons

Exports

Exports

DllBuildImage
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2631e377109a5ca363d4ea7132ef665d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

wininet

ws2_32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB