7be65439fa8547a7dd2a9b353a741f24

Sharing

Copy URL Twitter E-mail

General

Target

7be65439fa8547a7dd2a9b353a741f24
Size

380KB
MD5

7be65439fa8547a7dd2a9b353a741f24
SHA1

b0430099d182b9fdd6bdaca4ba762238a7d995cb
SHA256

7b964dd8f8f27aba92c6310d4302720ff227a5ffabd06004e64bb74c3aca13eb
SHA512

3f950e52770b5844bdc1c39982ea86318543e7ae9276bbfa980053484c02eb3c2d65180ab8906e094023c0673784a069189a528c52f5b3a547de7d670fe3700d
SSDEEP

6144:3FT6Z4tXKGdmLSD1jD6mvWUs/525qZYj9dZBl/RxcKnEoPOtQXP:3FTl8GoOxh5wOdZBxdnVPOtQXP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7be65439fa8547a7dd2a9b353a741f24

Files

7be65439fa8547a7dd2a9b353a741f24
.dll regsvr32 windows:4 windows x86 arch:x86

14f3c51a87644989d69b944c312bc571

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
InterlockedIncrement
InterlockedDecrement
HeapDestroy
lstrcpyA
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
GetCurrentProcessId
lstrcmpiA
IsDBCSLeadByte
lstrcpynA
FindResourceA
LoadLibraryExA
GetLastError
GetShortPathNameA
LoadResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetACP
WritePrivateProfileStringA
lstrlenA
GetPrivateProfileStringA
GetProcAddress
TlsGetValue
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
SetEndOfFile
SetFilePointer
GetStartupInfoA
GetStdHandle
SetHandleCount
SetStdHandle
GetModuleHandleA
SetUnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
FreeLibrary
LoadLibraryA
HeapReAlloc
HeapAlloc
HeapFree
DeleteFileA
WriteFile
CreateFileA
MoveFileA
CopyFileA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetWindowsDirectoryA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetFileType
ReadFile
CloseHandle
RaiseException
RtlUnwind
InterlockedExchange
Sleep
GetModuleFileNameA

user32

SetWindowLongA
EndPaint
FillRect
DefWindowProcA
GetCursorPos
PtInRect
InvalidateRect
GetWindow
DestroyMenu
GetWindowLongA
GetClassNameA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
IsWindowVisible
GetSysColor
GetClientRect
ReleaseDC
GetDC
GetDesktopWindow
DestroyWindow
IsWindow
SetWindowsHookExA
UnhookWindowsHookEx
CreateWindowExA
RegisterClassA
LoadCursorA
GetClassInfoA
ShowWindow
UpdateWindow
MoveWindow
KillTimer
SetTimer
IsChild
CallNextHookEx
FindWindowA
ReleaseCapture
GetCapture
SetCapture
BeginPaint
SendMessageA
PostMessageA
GetWindowRect
GetParent
GetWindowTextA
GetWindowTextLengthA
EndDialog
SetParent
MessageBoxA
SetWindowTextA
GetKeyState
GetWindowThreadProcessId
CharNextA
DialogBoxParamA

gdi32

SetPixel
Arc
RoundRect
SetROP2
DeleteObject
Rectangle
CreateSolidBrush
GetTextExtentPoint32A
GetObjectA
EnumFontFamiliesA
CreateFontA
SelectObject
SetBkMode
CreateDIBitmap
TextOutA
CreateCompatibleDC
DeleteDC
CreateBitmap
BitBlt
GetPixel
CreateBrushIndirect
ExtFloodFill
LineTo
MoveToEx
SetTextColor
SetTextAlign
SetBkColor
CreateCompatibleBitmap
Chord
Pie
Ellipse
CreatePen

advapi32

RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VariantInit
SysAllocString
RegisterTypeLi
LoadTypeLi
VariantClear
VarUI4FromStr

wininet

InternetOpenA
InternetReadFile
InternetConnectA
HttpAddRequestHeadersA
InternetCloseHandle
InternetQueryOptionA
HttpSendRequestA
InternetOpenUrlA
HttpOpenRequestA

rpcrt4

UuidFromStringA

winmm

PlaySoundA

atl

ord40

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14f3c51a87644989d69b944c312bc571

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

rpcrt4

winmm

atl

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 268KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 272KB - Virtual size: 268KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 24KB - Virtual size: 23KB