febca5d180cdf8813cd9f58066b0ddd0

Sharing

Copy URL

Twitter E-mail

General

Target

febca5d180cdf8813cd9f58066b0ddd0
Size

140KB
MD5

febca5d180cdf8813cd9f58066b0ddd0
SHA1

190a2b9beb5a555ef771fe55c93dddecbff4a959
SHA256

20dcb7b80348ceab1ce8652561663341ca10e92b4456f65bf266ec9944543041
SHA512

d3fc46fe3f58364f2ddd121103340753e7a9c55830aa326756bc7837f90d416aa0992f8297d3d1fc6b90b40ec904662848a1bfa70b68c7fca2fc8482c6de5c07
SSDEEP

1536:h/M1ySKPnTMrvW4wX+OQKRlLHl0elQnrc8HrR8UdvSlCSic0XZ/uACiCN6axSA:h/GsYrkI2Dl0elQrcCvSzi/pOdNTR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
febca5d180cdf8813cd9f58066b0ddd0

Files

febca5d180cdf8813cd9f58066b0ddd0
.dll windows:4 windows x86 arch:x86

ab34510ccc958055feaa5699ff8a4d07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidFromStringA

kernel32

InterlockedExchange
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
MultiByteToWideChar
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
RaiseException
HeapSize
lstrlenA
CloseHandle
GetSystemInfo
VirtualProtect
FlushFileBuffers
LCMapStringW
LCMapStringA
LocalAlloc
LocalFree
GetProcAddress
FreeLibrary
GetLastError
LoadLibraryA
HeapFree
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
RtlUnwind
VirtualQuery
SetFilePointer
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
GetStringTypeA
GetStringTypeW

advapi32

RegOpenKeyExA
RegQueryValueExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString
VarCmp

Exports

Exports

CA_RegisterUpdateManager
GetUpdateManagerPath
IsUpdateAvailable
MapProductCodeToGuid
UpdateProduct
UpdateProductsIfAny

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab34510ccc958055feaa5699ff8a4d07

Headers

File Characteristics

Imports

rpcrt4

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 68KB - Virtual size: 74KB

.rsrc Size: 4KB - Virtual size: 688B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 68KB - Virtual size: 74KB

.rsrc
Size: 4KB - Virtual size: 688B

.reloc
Size: 8KB - Virtual size: 4KB