72d51b115b7c8144008801f965a36b27

Sharing

Copy URL Twitter E-mail

General

Target

72d51b115b7c8144008801f965a36b27
Size

820KB
MD5

72d51b115b7c8144008801f965a36b27
SHA1

5fce6f2dd4b414e933a23d06f33233e59b89f82e
SHA256

08c7871b7b9e2c41fe3c8c9c3221ab9935bb5c66a7bd47f628ee56dde39dbf64
SHA512

bc7490620cf5fee85254bdfda67004b09e26562f1ac13871bed2f283c4df933c762e093236979df06d7b67eb277165762b6f2e7e7ab71e32a4f343f96be7b95d
SSDEEP

24576:uqB+UZpnq87Zrydc3rCT9qRccwN5mSPPXcuV:f0e73GTSccwN5mSHXDV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72d51b115b7c8144008801f965a36b27

Files

72d51b115b7c8144008801f965a36b27
.dll regsvr32 windows:4 windows x86 arch:x86

eaaa1c2371e914e6859732657e70e9f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

secur32

LsaEnumerateLogonSessions
LsaCallAuthenticationPackage
LsaFreeReturnBuffer
GetComputerObjectNameW
LsaConnectUntrusted
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules

kernel32

SetEvent
FindResourceExW
OpenProcess
CloseHandle
GetThreadLocale
SetThreadLocale
GlobalHandle
GlobalFree
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
SetLastError
lstrlenA
GetCurrentThreadId
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
CreateEventW
FormatMessageW
LocalFree
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
OpenEventW
GetLastError
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WideCharToMultiByte
GetProcessHeap
HeapFree
LoadLibraryW
GetProcAddress
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetComputerNameExW
FreeLibrary
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
GetSystemTimeAsFileTime
FileTimeToSystemTime
OutputDebugStringW
SystemTimeToFileTime
CreateSemaphoreW
ReleaseSemaphore
OutputDebugStringA
WriteFile
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CreateFileA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetVersionExW
GetCurrentProcessId
CreateDirectoryA
GetLocaleInfoW
ReadFile
GetTickCount
HeapAlloc
ExitProcess
CreateFileMappingW
ReleaseMutex
CreateMutexW
GetVersionExA
GetACP
GetLocaleInfoA
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetModuleHandleA
CopyFileW
Sleep
GetTimeZoneInformation
HeapDestroy
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
CreateThread
GetCommandLineA

user32

DefWindowProcW
GetWindowLongW
SetWindowPos
GetDlgItemTextW
SendDlgItemMessageW
GetWindow
SetWindowContextHelpId
EndDialog
MapDialogRect
DestroyWindow
SendMessageW
GetSysColor
MoveWindow
GetClientRect
SetWindowLongW
MessageBoxW
LoadBitmapW
CharNextW
CreateWindowExW
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
SetFocus
IsWindow
GetClassInfoExW
UnregisterClassA
PeekMessageW
MsgWaitForMultipleObjects
ReplyMessage
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterClassW
UnregisterClassW
PostMessageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
RegisterClassExW
CreateAcceleratorTableW
SetWindowTextW
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject

advapi32

LsaNtStatusToWinError
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW

ole32

CoMarshalInterThreadInterfaceInStream
OleRun
CoInitialize
CoGetInterfaceAndReleaseStream
CoCreateGuid
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
VariantChangeType
VariantCopy
SysAllocStringByteLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
SysStringLen
VarUI4FromStr
SysAllocString
SysFreeString
SysAllocStringLen
VarBstrCmp

shlwapi

PathAppendW
PathAppendA
PathFileExistsA
PathIsDirectoryA

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExW

winscard

SCardFreeMemory
SCardListCardsW
SCardDisconnect
SCardConnectW
SCardGetAttrib
SCardGetStatusChangeW
SCardListReadersW
SCardReleaseContext
SCardEstablishContext
SCardGetCardTypeProviderNameW

shell32

SHGetFolderPathW
SHGetFolderPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 468KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaaa1c2371e914e6859732657e70e9f5

Headers

File Characteristics

Imports

secur32

wtsapi32

psapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

setupapi

winscard

shell32

Exports

Exports

Sections

.text Size: 468KB - Virtual size: 466KB

.rdata Size: 140KB - Virtual size: 138KB

.data Size: 84KB - Virtual size: 89KB

.rsrc Size: 80KB - Virtual size: 77KB

.reloc Size: 44KB - Virtual size: 42KB

.text
Size: 468KB - Virtual size: 466KB

.rdata
Size: 140KB - Virtual size: 138KB

.data
Size: 84KB - Virtual size: 89KB

.rsrc
Size: 80KB - Virtual size: 77KB

.reloc
Size: 44KB - Virtual size: 42KB