079a6f54df54c468f7f9ac1d798e0316

Sharing

Copy URL

Twitter E-mail

General

Target

079a6f54df54c468f7f9ac1d798e0316
Size

258KB
MD5

079a6f54df54c468f7f9ac1d798e0316
SHA1

f1dad052591ddfcf175b7ac059458e59ffbbf477
SHA256

49e1b73e24cb3278e59c247207d568ad43086fafa4f08bf7e8064f8bc5b3482f
SHA512

81d88c592d123247a8ec3493f9bf6f591b3ac3fa976bc8ea50a11b0f5788b006c921120183ca3fb2300abe8b864b68257c956d170c65775e4ef0c84504222882
SSDEEP

6144:H5TjUaGn6w06FR58gMP2qP8fUcSamc+TvNFCDv:6aGf06ogMPNvNFCDv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
079a6f54df54c468f7f9ac1d798e0316

Files

079a6f54df54c468f7f9ac1d798e0316
.dll regsvr32 windows:4 windows x86 arch:x86

82ed895a785e95354adc610f6eac5962

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

mfc42

ord3353
ord2976
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord540
ord800
ord860
ord4202
ord2764
ord825
ord823
ord537
ord925
ord858
ord535
ord6779
ord939
ord6663
ord4278
ord6877
ord6648
ord2818
ord5683
ord353
ord5773
ord5442
ord1979
ord665
ord6385
ord3830
ord4129
ord924
ord922
ord2915
ord4277
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3579
ord2486
ord6467
ord1154
ord859
ord6778
ord1200
ord4204
ord614
ord290
ord923
ord5710
ord1988
ord3318
ord2803
ord690
ord5207
ord389
ord1105
ord940
ord1158
ord941
ord801
ord772
ord500
ord541
ord536
ord6662
ord6143
ord2763
ord5608
ord6883
ord539
ord1601
ord926
ord861

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
memcmp
atoi
_except_handler3
_onexit
__dllonexit
_strcmpi
_wcsicmp
_CxxThrowException
rename
localtime
asctime
_mbscmp
free
malloc
memset
atof
time
fclose
fputs
fopen
rand
__CxxFrameHandler
srand
memcpy
strcpy
sprintf
realloc
strlen
printf
strstr
strcat

kernel32

LocalFree
InterlockedIncrement
ExpandEnvironmentStringsA
CopyFileA
FindFirstFileA
FindNextFileA
GetSystemDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
MulDiv
GetVersionExA
GetLocaleInfoA
GetVersion
LoadLibraryA
GetLastError
lstrcmpA
FreeLibrary
lstrcpynA
lstrcpyA
lstrcatA
WriteFile
DeleteFileA
Sleep
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
CreateProcessA
CreateThread
ResumeThread
GetWindowsDirectoryA
lstrlenA
OpenFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
GetProcAddress

user32

SetWindowLongA
SetForegroundWindow
CallWindowProcA
MessageBoxW
GetParent
PostMessageA
IsWindow
EnumWindows
SetFocus
WaitForInputIdle
GetForegroundWindow
FindWindowExA
GetDlgItemTextA
EndDialog
SendMessageA
GetDlgItem
ShowWindow
SetDlgItemTextA
ReleaseDC
ScreenToClient
ClientToScreen
GetCursorPos
GetDesktopWindow
GetWindowRect
SetWindowPos
GetWindowDC
GetDC
DialogBoxParamA
GetSystemMetrics
GetWindowThreadProcessId
IsChild
SetWindowTextA
MessageBoxA
wsprintfA
IsCharAlphaNumericA
EnableWindow

gdi32

BitBlt
SetPixel
DeleteObject
GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateFontA
CreateSolidBrush
SetTextColor
SetBkColor
CreateCompatibleBitmap

advapi32

RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteKeyA
OpenProcessToken

shell32

ShellExecuteA
SHFileOperationA

olepro32

ord252

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit
SysAllocStringLen
SysStringByteLen
VariantCopy
OleLoadPicturePath
OleSavePictureFile
SysAllocString
SysStringLen
GetErrorInfo
SysAllocStringByteLen

wininet

FtpOpenFileA
FtpFindFirstFileA
InternetWriteFile
FtpCreateDirectoryA
FindCloseUrlCache
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetFindNextFileA
InternetOpenUrlA
InternetReadFile

ws2_32

WSACleanup
WSAStartup
gethostbyname
inet_ntoa

crypt32

CertOpenSystemStoreA
CertCloseStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82ed895a785e95354adc610f6eac5962

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

olepro32

ole32

oleaut32

wininet

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 181KB

.text1 Size: 28KB - Virtual size: 27KB

.data1 Size: 30KB - Virtual size: 29KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 181KB - Virtual size: 181KB

.text1
Size: 28KB - Virtual size: 27KB

.data1
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 15KB - Virtual size: 14KB