04e33619519589f03f7429fa4a5a3111

Sharing

Copy URL Twitter E-mail

General

Target

04e33619519589f03f7429fa4a5a3111
Size

681KB
MD5

04e33619519589f03f7429fa4a5a3111
SHA1

74858c8c29251fa27a29b97fdbaab14d8405337d
SHA256

7cb80bcc595f5ebec01e4263dc68d51768871ca973fc672649456fb818212b93
SHA512

c2ad0292ae7fc918f10198fa1edffb933b0514dfb4f9f4aece3a7fccbd1e808b6b4c84b2e049e3cd2e85ee46570fd38f7a51ba9f857bfc89c57c5b3ed69fbafc
SSDEEP

12288:qWYIRRwWwk+Y3RhEV8L62WdwRs1V9s2vZXhNvFO:riMJhhEqGPkGzRdFO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04e33619519589f03f7429fa4a5a3111

Files

04e33619519589f03f7429fa4a5a3111
.dll regsvr32 windows:4 windows x86 arch:x86

ae68ce31e0554447660087305d0744a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetSetStatusCallback
InternetReadFileExA
InternetOpenA
HttpQueryInfoA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
HttpSendRequestA
InternetReadFile
InternetGetLastResponseInfoA

msvcrt

isalpha
_strlwr
strcpy
memset
_ultoa
wcscpy
log10
sprintf
strncpy
strstr
_mbsnbcmp
_itow
_mbsupr
strcmp
_strnicmp
_stricmp
_wcsnicmp
_wcslwr
_wcsicmp
_itoa
strlen
isspace
memcmp
_CxxThrowException
_except_handler3
??3@YAXPAX@Z
free
wcslen
_beginthreadex
realloc
malloc
__CxxFrameHandler
sscanf
_mbschr
_mbsnbcpy
vsprintf
vswprintf
wcscmp
??2@YAPAXI@Z
_mbsrchr
_mbscmp
wcsncpy
atoi
memmove
strchr
_mbsicmp
_mbsnbicmp
_mbsstr
_mbslwr
_CIpow
strncmp
memcpy
isalnum
isleadbyte
iswalnum
wcsstr
calloc
_ismbcspace
_mbsinc
iswspace
swscanf
_wtoi
wcsrchr
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
atof
_clearfp
_controlfp
rand
wcschr

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
InterlockedIncrement
InterlockedDecrement
GetFileAttributesA
ResetEvent
CloseHandle
InterlockedExchange
TerminateThread
WaitForSingleObject
SetEvent
RaiseException
IsBadReadPtr
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
lstrlenW
VirtualAlloc
VirtualFree
GetSystemInfo
lstrlenA
lstrcpyA
GetModuleFileNameA
GetLastError
lstrcmpiA
GetProcAddress
FreeLibrary
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcpynA
lstrcatA
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
DisableThreadLibraryCalls
DosDateTimeToFileTime
ReadFile
SetFilePointer
MulDiv
CreateEventA
SetThreadPriority
WaitForMultipleObjects
CreateThread
CreateSemaphoreA
ReleaseSemaphore
CreateDirectoryA
SetEnvironmentVariableA
GetEnvironmentVariableA
FindNextFileA
FindClose
SetLastError
GetFullPathNameA
FindFirstFileA
TlsSetValue
lstrcmpA
HeapReAlloc
WriteFile
Sleep
InterlockedExchangeAdd
InterlockedCompareExchange
MoveFileA
CompareFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
LCMapStringW
GetVolumeInformationA
DeviceIoControl
SearchPathA
DeleteFileA
GetDriveTypeA
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GetCurrentThread
GetFileAttributesW
GetVersion
GetFileTime
SetEndOfFile

user32

IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
LoadImageA
GetSystemMetrics
IsChild
GetKeyState
SetDlgItemTextA
LoadIconA
GetDesktopWindow
GetSysColorBrush
ClientToScreen
DestroyCursor
EndDialog
SetRect
GetClassLongA
SetClassLongA
GetMessagePos
GetActiveWindow
GetCursorPos
ScreenToClient
InflateRect
GetWindowRgn
OffsetRect
GetFocus
DrawStateA
DrawFocusRect
IsWindowEnabled
GetCapture
SetCapture
ReleaseCapture
RedrawWindow
SetCursor
BeginPaint
EndPaint
SetFocus
GetDlgCtrlID
GetSysColor
DialogBoxParamA
FillRect
DrawTextA
DestroyWindow
UnionRect
AdjustWindowRectEx
CreateCursor
SetRectEmpty
GetWindowTextLengthA
GetMenuItemID
EnableWindow
GetWindowTextA
OemToCharBuffA
MessageBoxA
DestroyIcon
CharNextA
RegisterWindowMessageA
GetDC
ReleaseDC
CallWindowProcA
EmptyClipboard
SetClipboardData
CloseClipboard
CreateWindowExA
RegisterClassExA
PtInRect
TrackPopupMenu
DefWindowProcA
GetSubMenu
GetWindowLongA
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
GetDlgItem
ShowWindow
UnregisterClassA
ModifyMenuA
GetMenuItemInfoA
GetMenuItemCount
MsgWaitForMultipleObjects
PeekMessageA
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
LoadCursorA
wsprintfA
GetClassInfoExA
OpenClipboard
KillTimer
SetTimer
InvalidateRect
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextA
SetWindowLongA
DestroyMenu
LoadMenuA
PostMessageA
IsRectEmpty
IsWindow
SendMessageA
EnableMenuItem
CheckMenuItem
AppendMenuA
DeleteMenu
PostThreadMessageA
SetWindowRgn

gdi32

SetBkColor
ExtTextOutA
SaveDC
IntersectClipRect
OffsetWindowOrgEx
SetWindowOrgEx
RestoreDC
CreateDIBSection
GetStockObject
SetTextColor
SetBkMode
SelectObject
SetDIBitsToDevice
DPtoLP
CreateCompatibleDC
GetObjectA
GetDIBits
ExtCreateRegion
SelectPalette
RealizePalette
GetDeviceCaps
DeleteDC
CreateFontIndirectA
DeleteObject
Polygon
CreatePen
GetPixel
SetPixel
SelectClipRgn
MoveToEx
LineTo
CreateCompatibleBitmap
LPtoDP
GetClipBox
BitBlt
PtInRegion
CreateRectRgn
StretchBlt
SetStretchBltMode
CreateBitmap
SetViewportOrgEx
SetMapMode
StretchDIBits
CreateDCA

advapi32

RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
ExtractIconExA
DragQueryFileA

ole32

CoUninitialize
CLSIDFromString
RegisterDragDrop
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
RevokeDragDrop
StringFromCLSID
ProgIDFromCLSID
StringFromGUID2
CoInitialize
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateOleAdviseHolder
CoFreeUnusedLibraries

oleaut32

SysAllocStringLen
VarDecCmp
VarDecFromStr
VarR8FromStr
VarI4FromStr
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
OleLoadPicture
OleCreatePropertyFrame
VariantChangeType
OleTranslateColor
VarDateFromStr
OleCreateFontIndirect

ttpcomm

ord11
ord14
ord52
ord10
ord51
ord400
ord302
ord102
ord100
ord101
ord104
ord103
ord105
ord90
ord91
ord80
ord81
ord82
ord92
ord93
ord1
ord2
ord13
ord78
ord75
ord60
ord62
ord53
ord54
ord68
ord70
ord79
ord65
ord66
ord57
ord74
ord69
ord72
ord56
ord67
ord55
ord76
ord64
ord71
ord50
ord58
ord61
ord73
ord59
ord12
ord106

rpcrt4

NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrStubCall2
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
IUnknown_Release_Proxy

shlwapi

PathFindExtensionA

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

msacm32

acmStreamReset
acmStreamSize
acmStreamClose
acmStreamPrepareHeader
acmStreamConvert
acmStreamOpen
acmStreamUnprepareHeader

winmm

waveOutReset
waveOutClose
waveOutWrite
waveOutPause
waveOutGetVolume
waveOutGetPosition
waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutSetVolume
waveOutRestart

Exports

Exports

CreateSoundBuffer
CreateStdContent
CreateStreamOnFile
CreateStreamOnInet
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSoundCodecName
_set_security_error_handler

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 243B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae68ce31e0554447660087305d0744a8

Headers

File Characteristics

Imports

wininet

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ttpcomm

rpcrt4

shlwapi

comctl32

msvfw32

msacm32

winmm

Exports

Exports

Sections

.text Size: 492KB - Virtual size: 491KB

.orpc Size: 512B - Virtual size: 243B

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 10KB - Virtual size: 13KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 45KB - Virtual size: 45KB

.text
Size: 492KB - Virtual size: 491KB

.orpc
Size: 512B - Virtual size: 243B

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 10KB - Virtual size: 13KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 45KB - Virtual size: 45KB