78533bda656dff14e77a163ee690f3ff

Sharing

Copy URL Twitter E-mail

General

Target

78533bda656dff14e77a163ee690f3ff
Size

92KB
MD5

78533bda656dff14e77a163ee690f3ff
SHA1

207641c82f20b063709b92c0b467eb3d01b204b2
SHA256

16f50fa1af940d2c804184f8edc435914a626c1a750cfbdfb12e3cb246391324
SHA512

853fd262ed1292856615bfa8164b1de383522ba5303f29a7f44e6ecf3fc23625f7666cd6804c4f74a156aac105b4ab5fc5777c85500ea6746fc6818845477af6
SSDEEP

1536:EXdMLgUPDesGJdEdnk90rZlbxzfeKS6jDRqGcbYpb0eTTcDbX5IdGYa:gcLasGJdCnk90DlzfeKXNqGcbmb0eT4h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78533bda656dff14e77a163ee690f3ff

Files

78533bda656dff14e77a163ee690f3ff
.dll regsvr32 windows:4 windows x86 arch:x86

0436724e2f39f866faf805a7020255ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnumUILanguagesW
CreateMailslotA
PulseEvent
HeapDestroy
FindResourceExA
SearchPathA
SetFileTime
GetTempPathA
GetEnvironmentVariableW
ConnectNamedPipe
OpenJobObjectW
CreateRemoteThread
SetLocalTime
SetLastError
GetCommandLineA
IsBadReadPtr
GetModuleHandleW
CreateConsoleScreenBuffer
SearchPathW
FindNextChangeNotification
GetCurrentDirectoryA
EnumResourceLanguagesW
FindVolumeClose
GetFileInformationByHandle
VirtualAlloc
PeekConsoleInputW
GetConsoleOutputCP
GetTempPathW
FindFirstChangeNotificationW
RemoveDirectoryW
SetWaitableTimer
EnumSystemLocalesA
SetEnvironmentVariableW
FindResourceExW
FindNextVolumeMountPointW
CreateWaitableTimerA
GetLogicalDrives
GetVersion
OpenMutexW
GetLocaleInfoA
FindResourceA
SetComputerNameA
GetDateFormatW
lstrlenW
GlobalAddAtomA
VerifyVersionInfoA
ConvertDefaultLocale
VirtualQueryEx
ExitThread
lstrcmpA
SetConsoleWindowInfo
SetProcessShutdownParameters
SleepEx
CreateWaitableTimerW
HeapSize
FreeResource
SetNamedPipeHandleState
GetWindowsDirectoryA
GetVolumeNameForVolumeMountPointW
SetStdHandle
LocalAlloc
FindResourceW
LocalFlags
VirtualUnlock
GetProcessVersion
GetVersionExW
WriteConsoleW
VerSetConditionMask
MultiByteToWideChar
DosDateTimeToFileTime
SetFileApisToOEM
CreateToolhelp32Snapshot
SetProcessWorkingSetSize
OpenSemaphoreA
FreeLibraryAndExitThread
LocalHandle
GetStringTypeA
AreFileApisANSI
WaitForMultipleObjectsEx
TerminateJobObject
GetSystemTimeAdjustment
SetHandleCount
FindCloseChangeNotification
SystemTimeToFileTime
MoveFileExW
lstrcatW
CompareFileTime
SetCurrentDirectoryA
LockFile
FileTimeToSystemTime
FindClose
lstrcpyW
RtlUnwind
GetExitCodeProcess
InterlockedExchangeAdd
DisconnectNamedPipe
SetVolumeLabelA
GetLogicalDriveStringsA
EscapeCommFunction
SetErrorMode
OpenProcess
CreateFileW
GetProfileIntA
GetLogicalDriveStringsW
SetConsoleCtrlHandler
HeapLock
HeapReAlloc
MoveFileW
PeekConsoleInputA
GlobalHandle
CreateNamedPipeW
RegisterWaitForSingleObject
FindVolumeMountPointClose
lstrcmpW
QueueUserWorkItem
GetSystemDirectoryW
GlobalAddAtomW
OpenSemaphoreW
SetConsoleTitleA
LCMapStringW
SetTimeZoneInformation
GetFileSizeEx
WideCharToMultiByte
ClearCommError
GetFullPathNameA
BindIoCompletionCallback
FindNextFileW
InitializeCriticalSection
InterlockedIncrement
HeapFree
CopyFileA
CloseHandle
CreateProcessA
ReadFile
Sleep
DeleteFileA
VirtualProtect
CreateFileMappingA
GlobalAlloc
CreateMutexA
GetModuleFileNameA
LeaveCriticalSection
GetComputerNameA
LoadLibraryA
VirtualQuery
GetModuleHandleA
GetProcAddress
EnterCriticalSection
HeapAlloc
ReadConsoleA

ole32

OleCreateStaticFromData
CreateDataCache
CoInitializeEx
OleSave
OleDestroyMenuDescriptor
OleUninitialize
SetConvertStg
CoWaitForMultipleHandles
CreateAntiMoniker
OleSetMenuDescriptor
CoReleaseMarshalData
OleLoad
OleCreateLink
OleCreateLinkFromData
BindMoniker
OleTranslateAccelerator
CoDisconnectObject
OleLockRunning
ReadFmtUserTypeStg
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CoMarshalInterThreadInterfaceInStream
StgCreateDocfile
CoFreeUnusedLibrariesEx
StgOpenStorageEx
OleGetAutoConvert
CoMarshalInterface
CoInitialize
CoTaskMemAlloc
CoCreateInstance

user32

GetScrollPos
WinHelpA
GetInputState
SetMenuItemInfoA
GetThreadDesktop
RemovePropW
SetWindowContextHelpId
CloseDesktop
SetDlgItemTextW
GetDlgItem
GetWindowTextA
GetCapture
ModifyMenuW
MapVirtualKeyA
GetDCEx
EnableScrollBar
CreateCursor
GetMessagePos
FillRect
GetIconInfo
GetWindow
wsprintfA
LoadBitmapW
CharNextW
IsCharAlphaA
IsDlgButtonChecked
GetWindowRect
DestroyIcon
ChildWindowFromPointEx
BroadcastSystemMessageW
SetMenuItemBitmaps
SetForegroundWindow
AppendMenuW
LoadAcceleratorsW
EnumDesktopsW
GetComboBoxInfo
InvalidateRect
CopyAcceleratorTableW
AdjustWindowRectEx
InsertMenuW
FindWindowExA
GetMenuStringA
CopyIcon
CreateIcon
PostThreadMessageW
MapVirtualKeyExW
AttachThreadInput
DefWindowProcA
EnumThreadWindows
EndPaint
GetUpdateRect
GetDialogBaseUnits
DrawFocusRect
GetMessageW
LoadCursorW
SendNotifyMessageA
GetDlgItemTextA
SendMessageTimeoutW
MessageBoxExA
CloseWindowStation
OpenWindowStationW
InvertRect
SetActiveWindow
LockWindowUpdate
RegisterWindowMessageA
TabbedTextOutA
GetWindowContextHelpId
SetDlgItemTextA
SetThreadDesktop
DialogBoxIndirectParamW
SetTimer
LoadMenuW
GetMonitorInfoW
IsZoomed
SetCaretPos
CharUpperBuffA
IsRectEmpty
DestroyCursor
RedrawWindow
FlashWindow
SetWindowTextA
GetSystemMenu
SetClassLongW
GetQueueStatus
SendInput
DefDlgProcW
GetWindowWord
CharNextA
LoadMenuA
SetWindowPlacement
GetNextDlgTabItem
SetCursor
EnableWindow
SetDlgItemInt
GetProcessWindowStation
GetWindowLongW
CreatePopupMenu
FindWindowW
GetClassNameW
CreateWindowExA
GetAsyncKeyState
SetWindowLongW
KillTimer
ReuseDDElParam
EqualRect
FreeDDElParam
GetScrollInfo
GetMenuCheckMarkDimensions
UnregisterHotKey
GetClassNameA
SetWindowsHookExA
GetMessageA
SendMessageA
CallNextHookEx
DispatchMessageA
UnhookWindowsHookEx
GetWindowThreadProcessId
SetMenuItemInfoW

shlwapi

PathAddBackslashA
StrCatW
StrRChrW
PathParseIconLocationW
StrRetToStrW
PathStripToRootW
SHSetValueW
StrNCatW
PathUnquoteSpacesW
PathGetCharTypeA
SHRegGetUSValueW
AssocQueryStringW
UrlIsW
PathIsDirectoryW
StrChrIW
PathIsDirectoryA
StrDupW
PathStripPathW
StrTrimW
StrCmpIW
PathIsNetworkPathW
StrStrW
StrDupA
PathMakePrettyW
PathSetDlgItemPathW
PathRemoveFileSpecA
PathCanonicalizeW
PathSkipRootW
PathCompactPathExW
PathRemoveFileSpecW
UrlCanonicalizeW
UrlCreateFromPathW
PathIsUNCServerW
PathCombineW
PathIsUNCServerShareW
PathRemoveArgsW
PathMatchSpecW
SHRegGetValueW
SHDeleteKeyA
UrlUnescapeW
PathGetArgsW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
QueryServiceStatusEx
RegisterServiceCtrlHandlerW
RegQueryValueExW
RegCreateKeyA
RegNotifyChangeKeyValue
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyA
StartServiceA
SetEntriesInAclW
RegOpenCurrentUser
ImpersonateLoggedOnUser
OpenServiceA
CloseServiceHandle
RegQueryInfoKeyW
CreateServiceA
NotifyBootConfigStatus
RegSetValueA
ImpersonateSelf
MakeSelfRelativeSD
RegisterServiceCtrlHandlerExW
GetEffectiveRightsFromAclW
IsTokenRestricted
ReportEventW
QueryServiceConfigA
StartServiceW
RegConnectRegistryA
RegLoadKeyA
GetUserNameW
OpenThreadToken
EnumDependentServicesW
RegConnectRegistryW
GetTokenInformation
OpenEventLogA
OpenSCManagerA
SetEntriesInAclA
QueryServiceLockStatusA
RegisterEventSourceW
RegSetValueExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0436724e2f39f866faf805a7020255ba

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB