00d768426fdd9a6d4833bdbeff699335

Sharing

Copy URL

Twitter E-mail

General

Target

00d768426fdd9a6d4833bdbeff699335
Size

48KB
MD5

00d768426fdd9a6d4833bdbeff699335
SHA1

2c85ddfc0e7c71ca4ea169e51338743b2c028183
SHA256

82eb1663ade5e98994dd7d8db2b01d7b6e3822bda0c7d0a9468977d75d9fe8ef
SHA512

447d212d54222b28fa010c0bdb60ef920fb3d56867f8593be801c661935938ed1f1641a7bfdebf1abb7d0d49d40597b06f10988074463489de387c7008d818f8
SSDEEP

768:/++rg2tyeXVKLoLZbpWgUZmeLOJIbIqTHwES7sE1B2wMqmkeknNKswmVIhXBYZS5:m+rg2YeceZp192blTHw7J2kskv8OZz78

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00d768426fdd9a6d4833bdbeff699335

Files

00d768426fdd9a6d4833bdbeff699335
.dll regsvr32 windows:4 windows x86 arch:x86

85db07678c3740fbe9f187a5d169a4e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetCurrentProcessId
WritePrivateProfileStringA
Sleep
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
HeapDestroy
GetShortPathNameA
FindFirstFileA
CloseHandle
CreateProcessA
GetSystemDirectoryA
MoveFileA
Process32Next
Process32First
CreateDirectoryA
GetCommandLineW
GetExitCodeProcess
WaitForSingleObject
RemoveDirectoryA
ExitProcess
GetPrivateProfileStringA
SetFileAttributesA
DeleteFileA
FindNextFileA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetProcAddress
LocalFree
FreeLibrary
LoadLibraryA
GetModuleHandleA

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
SysFreeString

msvcrt

??2@YAPAXI@Z
_strlwr
_strupr
_adjust_fdiv
malloc
_initterm
free
strcmp
_wcslwr
wcsstr
_access
_purecall
memcpy
strcpy
strncmp
strncpy
??3@YAXPAX@Z
memcmp
strstr
memset
strrchr
sprintf
strcat
strlen
fclose
fread
_stricmp
ftell
fseek
fopen
atoi
strchr

shlwapi

SHSetValueA
SHDeleteKeyA
SHDeleteValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85db07678c3740fbe9f187a5d169a4e4

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB