02ae3be7609ec186e9a7a1fa8bcd4008

Sharing

Copy URL Twitter E-mail

General

Target

02ae3be7609ec186e9a7a1fa8bcd4008
Size

102KB
MD5

02ae3be7609ec186e9a7a1fa8bcd4008
SHA1

42ade4aec69316ba64885a09613537f753cc23e4
SHA256

e63cf0d5f2b464d80cc8dbc823d17026d4163fc38e3e25401f895fa6b1589f6c
SHA512

03b3a65824c0e04d5bec017cc3fb301c83717d10e531b4ffd11422f79fd88303ec76e94fa61b64fbbd4eef54136e0aa9076b239f20976f0290b94bb98e928990
SSDEEP

1536:jJhi4HuIsE9l0nITukvjkDY0MVdtw6LIe8/hOp3YqL0eqZGhD7kdojqIiWWd8u:DxsEAnIK3MNw6UeKOp3YkkGmKiWy8u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02ae3be7609ec186e9a7a1fa8bcd4008

Files

02ae3be7609ec186e9a7a1fa8bcd4008
.dll windows:5 windows x86 arch:x86

3688a3ec171f54457e785b04c0637743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

sprintf
wcslen
sscanf
strstr
wcsrchr
wcscpy
_snprintf
wcscmp
_except_handler3

advapi32

RegCreateKeyW
RegSetValueExA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyW
RegEnumValueA
RegSetValueExW
RegDeleteValueW
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
ControlService
CloseServiceHandle
RegQueryValueExA
RegQueryValueA

kernel32

GetFileType
CreateFileA
WideCharToMultiByte
lstrlenW
lstrcpynW
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryA
PurgeComm
SetCommMask
GetTempPathA
SetCommTimeouts
GetVersionExA
FormatMessageW
GetModuleHandleW
GetModuleFileNameW
GetWindowsDirectoryW
WriteFile
CreateMutexW
SetLastError
CreateEventW
EscapeCommFunction
ClearCommError
GetTempFileNameA
MultiByteToWideChar
SetupComm
DeleteFileA
GetFileInformationByHandle
SetFilePointer
SetEndOfFile
GetSystemDirectoryA
FlushFileBuffers
GetLocalTime
GetDateFormatW
GetTimeFormatW
ReleaseMutex
WaitForSingleObject
LocalSize
lstrcmpiW
IsBadStringPtrW
InterlockedExchange
LocalAlloc
LocalFree
IsBadWritePtr
UnmapViewOfFile
CloseHandle
GetCurrentProcessId
GetLastError
CreateFileMappingA
MapViewOfFileEx
ReadFile
lstrcmpiA
GetProcAddress
FreeLibrary
IsBadCodePtr
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetCommandLineA
lstrcpynA
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenA
GetModuleHandleA
CreateProcessA
CreateFileW
IsBadReadPtr

user32

wsprintfA
CharNextA
wvsprintfW
CharNextW
SendMessageTimeoutW
wsprintfW
SetCursor
LoadCursorA

ole32

CoUninitialize
FreePropVariantArray
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree
STGMEDIUM_UserSize
STGMEDIUM_UserMarshal
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserFree
CoInitialize

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
RpcBindingFree
CStdStubBuffer_IsIIDSupported
RpcBindingSetAuthInfoExW
RpcStringFreeW
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy

cfgmgr32

CM_Reenumerate_DevNode
CM_Get_DevNode_Status
CM_Get_Parent

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceRegKey
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 235KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3688a3ec171f54457e785b04c0637743

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

rpcrt4

cfgmgr32

setupapi

Sections

.text Size: 64KB - Virtual size: 60KB

.data Size: 235KB - Virtual size: 239KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 64KB - Virtual size: 60KB

.data
Size: 235KB - Virtual size: 239KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 10KB - Virtual size: 10KB