0275de4c7d2a0f6d5fdd0eae25477914

Sharing

Copy URL

Twitter E-mail

General

Target

0275de4c7d2a0f6d5fdd0eae25477914
Size

276KB
MD5

0275de4c7d2a0f6d5fdd0eae25477914
SHA1

46a2f59adc4de0ba2af2dffcf65a2e33ab42df93
SHA256

2dfb9f3a6da939f706325e564f06632f5984b9d517f521645061d27ed31c59b0
SHA512

41f1b7c98e46ed8e2d20e768f298171c617c17a2e391ac795c8e626fcca53d284e96f019321c5917137729e8d1ae2f745fb7094cbe7f128ba951b0dc54722a2a
SSDEEP

3072:56iW/4iNc1VgmXo1FOcg0maugsaPIUCUCyLrYeQPV:TiNSemaHg0maugsaPIUCUCyLrYeQPV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0275de4c7d2a0f6d5fdd0eae25477914

Files

0275de4c7d2a0f6d5fdd0eae25477914
.dll regsvr32 windows:4 windows x86 arch:x86

e123bdd16995b7a1f04b332631985fa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

ws2_32

gethostbyname
connect
htons
gethostbyaddr
WSAGetLastError
ioctlsocket
socket
WSAStartup
closesocket
WSACleanup
inet_addr
select
__WSAFDIsSet
send

kernel32

SetEnvironmentVariableA
SetEndOfFile
IsBadWritePtr
IsBadReadPtr
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
DisableThreadLibraryCalls
HeapDestroy
lstrcpyA
lstrcatA
GetProcAddress
LoadLibraryA
CloseHandle
GetVersionExA
SetFileTime
CreateFileA
GetFileTime
OpenFile
DeleteFileA
GetSystemTime
CreateThread
GetCurrentThreadId
RtlUnwind
RaiseException
GetFileType
GetStdHandle
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
Sleep
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
CompareStringA
CompareStringW
IsBadCodePtr
ReadFile
SetFilePointer
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
TlsFree
TlsAlloc
InterlockedExchange
FlushFileBuffers
GetStringTypeA
SetStdHandle
HeapFree
HeapAlloc
LCMapStringA
GetOEMCP
LCMapStringW
GetCPInfo
GetStartupInfoA
GetACP
HeapSize
TlsSetValue
GetStringTypeW
GetTimeZoneInformation
GetLocalTime
GetCurrentProcess
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess

user32

GetClassNameA
EnumThreadWindows
LoadStringA
IsWindow
CharNextA

advapi32

RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysStringLen
LoadRegTypeLi
VarUI4FromStr
SysAllocString
RegisterTypeLi
SysFreeString
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e123bdd16995b7a1f04b332631985fa4

Headers

File Characteristics

Imports

urlmon

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB