fe6a9c3957e763c339bbe539fe68ddbb

Sharing

Copy URL

Twitter E-mail

General

Target

fe6a9c3957e763c339bbe539fe68ddbb
Size

631KB
MD5

fe6a9c3957e763c339bbe539fe68ddbb
SHA1

cf5b7872f0ed8664584e0526d071d380a7f5626c
SHA256

2cf42bccc132377128e5076fc19c5ea51b470428e73f3420f9b6e2fcf1673820
SHA512

9b71ef3a411060bfa533366279734f441522f4eb322bc693aeea19fefd474581a320d4d9a276a871a8e81fedff69fa19ccf6402c96fb5b6364ab6ef6b86471a9
SSDEEP

12288:I9r9V6gzl0UoGVWefanwEGtLCemRPCrmROCrmRc:i9V6QRVWef0wEQy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe6a9c3957e763c339bbe539fe68ddbb

Files

fe6a9c3957e763c339bbe539fe68ddbb
.dll regsvr32 windows:4 windows x86 arch:x86

91f9a253381db848560d457981ff808f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileW
GetACP
GetFileSize
CreateFileW
Sleep
FindFirstFileW
FindFirstChangeNotificationW
lstrcpyW
RaiseException
InitializeCriticalSection
FlushInstructionCache
GetModuleHandleW
lstrcmpiW
GetCurrentThreadId
SetLastError
FreeLibrary
LoadLibraryExW
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetVersionExW
SetEndOfFile
WriteFile
SetFilePointer
LocalFree
GetComputerNameW
HeapFree
GetProcessHeap
FindClose
ReadFile
HeapAlloc
GetProcAddress
LoadLibraryW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetExitCodeThread
GetCurrentProcessId
GetTempFileNameW
IsValidCodePage
HeapSize
HeapReAlloc
FileTimeToSystemTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
RtlUnwind
GetDriveTypeW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
FindNextChangeNotification
FindCloseChangeNotification
GetModuleFileNameW
lstrcatW
CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
CreateEventW
SetThreadPriority
GetCurrentProcess
DuplicateHandle
WaitForMultipleObjects
EnterCriticalSection
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
LeaveCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
GetTempPathW
GetLastError
DeleteFileW
lstrcpynW
MoveFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
HeapDestroy
GetVersionExA
GetSystemTimeAsFileTime
SetFileTime
GetSystemTime
GlobalSize
CreateMutexA
GetFileAttributesExW
lstrcpynA
FindFirstFileA
FindNextFileA
GetComputerNameExW
OpenFileMappingW
ProcessIdToSessionId
lstrcpyA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateFileMappingW
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
CreateFileA
CreateMutexW
CreateSemaphoreW
GlobalReAlloc
IsBadReadPtr
lstrlenA
GetFileInformationByHandle
GetLocalTime
SystemTimeToFileTime
TlsAlloc
TlsGetValue
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetTickCount
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
ReleaseMutex
ReleaseSemaphore
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
GetTimeZoneInformation
OpenProcess
SetFileAttributesW
CreateProcessW
IsDebuggerPresent

user32

CharLowerW
CharLowerBuffW
wsprintfW
GetParent
FindWindowExW
PostMessageW
IsWindow
CharNextW
SetWindowLongW
ShowWindow
GetClassInfoExW
LoadCursorW
DestroyWindow
LoadStringW
DefWindowProcW
RegisterClassExW
GetWindowLongW
DispatchMessageW
CallWindowProcW
CreateWindowExW
GetDesktopWindow
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowThreadProcessId
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
UnregisterClassA

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptEncrypt
CryptDecrypt
CryptDeriveKey
OpenProcessToken
LookupAccountSidW
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW

ole32

WriteClassStg
StgCreateStorageEx
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
StringFromGUID2
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CreateStreamOnHGlobal
GetHGlobalFromStream
CoRevokeClassObject
OleRun
CoRegisterPSClsid
CoRegisterClassObject
StgOpenStorage
StgIsStorageFile
StgOpenStorageOnILockBytes
StgIsStorageILockBytes
CreateILockBytesOnHGlobal
CoInitializeEx

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VarUI4FromStr
RegisterTypeLi
CreateErrorInfo
LoadTypeLi
LoadRegTypeLi
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrFromI4
SysAllocStringLen
SysStringLen
SysFreeString
VarI4FromStr
VarBstrCmp
SafeArrayRedim
VarBstrCat
VariantChangeType
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
GetErrorInfo
SetErrorInfo
UnRegisterTypeLi

shlwapi

PathSkipRootW
PathStripPathW
PathAppendW
PathIsDirectoryA
PathRemoveFileSpecA
PathFindFileNameA
PathAppendA
PathMatchSpecA
PathSkipRootA
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathMatchSpecW
SHCreateStreamOnFileW
PathFileExistsW

mapi32

ord198
ord13
ord135
ord59
ord196
ord17
ord15
ord197

wtsapi32

WTSFreeMemory
WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

psapi

GetModuleFileNameExW

Exports

Exports

DisableDLP
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableDLP
ExchEntryPoint

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GBL
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91f9a253381db848560d457981ff808f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

mapi32

wtsapi32

netapi32

rpcrt4

psapi

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 439KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 16KB - Virtual size: 22KB

.GBL Size: 4KB - Virtual size: 32B

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 16KB - Virtual size: 22KB

.GBL
Size: 4KB - Virtual size: 32B

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 24KB - Virtual size: 21KB