f7e27f7cb6dfbbb75b5f60800187b454

Sharing

Copy URL Twitter E-mail

General

Target

f7e27f7cb6dfbbb75b5f60800187b454
Size

52KB
MD5

f7e27f7cb6dfbbb75b5f60800187b454
SHA1

8ef8db259636cce457bf3fbf17e8e27f897a51d3
SHA256

e7cd8c1134e7fb11c5c6f855fe44119b13a28a429ad02673eec017342bed4391
SHA512

8525016ae2519541199e097009a1f5c4c799ffbe3778a5fad4625cf0a8d04266d69bf6c13f02c058dff3eff49dd804b5d34b009ab0d548275bbdcae922ed0e23
SSDEEP

768:j8Dgn25sNnaDSPsNU3z7nWzyA8KvlT+IYb21shR9z8yzhZe3o3Ckmd:j8sNZa5U3z7nWPoqcbyo3Cz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7e27f7cb6dfbbb75b5f60800187b454

Files

f7e27f7cb6dfbbb75b5f60800187b454
.dll regsvr32 windows:4 windows x86 arch:x86

afaf8820ad834fc24434c4c34fc58bee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc71

ord3997
ord304
ord784
ord5491
ord2322
ord310
ord2451
ord4109
ord4108
ord2272
ord781
ord3934
ord762
ord765
ord578
ord1037
ord1206
ord1208
ord1098
ord371
ord1120
ord1201
ord1175
ord1177
ord1209
ord1084
ord1092
ord1167
ord581
ord876
ord1482
ord265
ord1917
ord266
ord314
ord1049
ord764
ord3683
ord1187
ord1191
ord2248
ord3830
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord315

msvcr71

malloc
free
_resetstkoflw
_except_handler3
__CxxFrameHandler
wcsncpy
__CppXcptFilter
_adjust_fdiv
realloc
_purecall
memset
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
GetModuleHandleA
LoadLibraryExA
FindResourceA
GetCurrentProcessId
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
LoadResource
MultiByteToWideChar

user32

CharNextA

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA

shlwapi

PathFileExistsA
PathFindExtensionA

ole32

CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
LoadRegTypeLi
SysStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afaf8820ad834fc24434c4c34fc58bee

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

advapi32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB