fca66f14acc00960dd15792ea86c4919

Sharing

Copy URL Twitter E-mail

General

Target

fca66f14acc00960dd15792ea86c4919
Size

132KB
MD5

fca66f14acc00960dd15792ea86c4919
SHA1

4895fc87db56c328974870c1fbffb1d11cb82439
SHA256

73f32f97f24d75bf4ff329be1601fa7462db0f45dbcfeee31e8cfe26174bc790
SHA512

b083871083d3da2d9747c6dfa4c44fda976c281979e80fbbadf6ecab4a66587f8b0b21e128dc7dbff7adf9c0d952f005c5bb4c37c35481b70f7147350f75bfe8
SSDEEP

3072:t8e/2lVjiAjLqaGvpJL1PM4xxUje2EdpQffqdcI4NTHeC5:ue/2lVj9K5ze4x2e2EdpifqlMe2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fca66f14acc00960dd15792ea86c4919

Files

fca66f14acc00960dd15792ea86c4919
.dll regsvr32 windows:4 windows x86 arch:x86

608a1d90edd40a8aa281013e3bea9e82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

kernel32

CompareStringA
lstrlenW
CompareStringW
lstrcmpiA
lstrlenA
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
lstrcpynA
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleFileNameA
GetCurrentThreadId
LocalFree
FormatMessageA
GetProcAddress
LoadLibraryA
lstrcmpA
ExpandEnvironmentStringsA
GetSystemDirectoryA
RemoveDirectoryA
CreateDirectoryA
GetVersion
GetTempFileNameA
FindClose
GetFileAttributesA
FindFirstFileA
GetTickCount
GetVolumeInformationA
GetTempPathA
CloseHandle
CreateFileA
lstrcpyA
lstrcatA
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
SetStdHandle
GetStartupInfoA
GetStdHandle
SetHandleCount
SetEndOfFile
LCMapStringW
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetCurrentProcess
GetACP
InterlockedExchange
VirtualQuery
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetEnvironmentVariableA
GetFileType
ReadFile
DeleteFileA
GetTimeZoneInformation
GetCPInfo
GetOEMCP
IsBadWritePtr
VirtualAlloc
VirtualFree
TerminateProcess
GetModuleHandleA
RtlUnwind
RaiseException
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetFilePointer
GetSystemTimeAsFileTime
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
HeapCreate
SetUnhandledExceptionFilter
WriteFile

user32

CharNextA
UnhookWindowsHookEx
FindWindowExA
MessageBoxA
GetFocus
SetWindowsHookExA
IsChild
CallNextHookEx
SetWindowTextA
InvalidateRgn
UpdateWindow
GetWindowTextA

advapi32

RegSetValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext
RegQueryValueExA
CryptDestroyHash
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VariantClear
VariantChangeType
VariantCopy
SysAllocStringLen
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString

shlwapi

PathFindExtensionA
StrToIntA
PathBuildRootA
PathFileExistsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

608a1d90edd40a8aa281013e3bea9e82

Headers

File Characteristics

Imports

wininet

snmpapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 9KB