02e5fd7012325ecc512d644a7e8595c0

Sharing

Copy URL Twitter E-mail

General

Target

02e5fd7012325ecc512d644a7e8595c0
Size

156KB
MD5

02e5fd7012325ecc512d644a7e8595c0
SHA1

0a3bcd166e106e377db90f78b373da8eafacc5bb
SHA256

2c9dfc9423408decfccd80abdcb766a1f47cd7039e10d38954107415b67c9db6
SHA512

62a5e6cc9e892a442872b4ca4408946d37f478c4e7f63a852407cd007c3b6f7f467bfd675c0e431be3dadd1af44593430ee2e80488bf1c33c987df7c91051a50
SSDEEP

1536:+Yz+2X1r0dlPNyHuRFyTVifk2BIQZW699a0/ICS4A8SiiDuoci8NLasYawkwz:o2NkVbFnvWo4LRRyocfszawk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02e5fd7012325ecc512d644a7e8595c0

Files

02e5fd7012325ecc512d644a7e8595c0
.dll regsvr32 windows:4 windows x86 arch:x86

97e2103b4e929c0b4ed222abd138ff32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DispatchMessageA
wsprintfA
KillTimer
SetTimer
TranslateMessage
CreateWindowExA
RegisterClassExA
EnumWindows
DefWindowProcA
ShowWindow
GetMessageA
SystemParametersInfoA
SetWindowPos
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows

kernel32

RaiseException
GetOEMCP
GetACP
ReadFile
GetLocalTime
CloseHandle
CreateFileA
OpenProcess
LocalFree
SleepEx
GetModuleFileNameA
FreeLibrary
CreateRemoteThread
WriteProcessMemory
GetProcAddress
VirtualAllocEx
LoadLibraryA
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
GetTickCount
WriteFile
GetFileAttributesA
GetFileType
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
HeapReAlloc
SetEndOfFile
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
TlsGetValue
SetLastError
TlsFree
TlsAlloc
IsBadReadPtr
SetUnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
HeapAlloc
RtlUnwind
HeapFree
TlsSetValue
WideCharToMultiByte
GetLastError
MultiByteToWideChar
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
LCMapStringA
LCMapStringW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
SetHandleCount

advapi32

SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetSecurityInfo

shell32

StrStrIA

ole32

CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

VariantInit
SysAllocString
GetErrorInfo

netapi32

Netbios

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

rpcrt4

UuidToStringA

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

shlwapi

SHSetValueA
SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97e2103b4e929c0b4ed222abd138ff32

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

netapi32

psapi

rpcrt4

wininet

shlwapi

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 24KB - Virtual size: 29KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 24KB - Virtual size: 29KB

.reloc
Size: 8KB - Virtual size: 5KB