1dc398fb61329b13ae5ebbf036edfd6a

General

Target

1dc398fb61329b13ae5ebbf036edfd6a
Size

1.1MB
MD5

1dc398fb61329b13ae5ebbf036edfd6a
SHA1

226640b02b18be063708a005514d455aeeaf8077
SHA256

3a9c6efd052519efd5d79c9064b8c46e70e8ff8d43b6d492ce22543548c8aa62
SHA512

42f6b5871f51ac833d0b6ccdc05c22226e9d272ebc9041ee8ee2c050b78d14e7693852d54ad7869567ff5c35e8c97aa1e34c22db4b6dce2eb9141208da607078
SSDEEP

384:+qXaTyjCQdKgmcvLzUrWzSBXc+w76NtJB3JaHJf:+TT3ngPorWmlc/7CtJB5a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1dc398fb61329b13ae5ebbf036edfd6a

Files

1dc398fb61329b13ae5ebbf036edfd6a
.dll regsvr32 windows:4 windows x86 arch:x86

4451abd28bcff0aed5160537c4099183

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

wininet

InternetConnectA
InternetCloseHandle
FtpGetFileA
InternetGetConnectedState
InternetOpenA

mfc42

ord665
ord354
ord6385
ord6010
ord5186
ord5442
ord1979

msvcrt

_stricmp
rand
strrchr
sprintf
srand
strlen
strcat
__CxxFrameHandler
memset
strcpy
_adjust_fdiv
malloc
_initterm
free
_onexit
strcmp
time
__dllonexit

kernel32

FreeLibrary
Sleep
GetWindowsDirectoryA
DeleteFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetProcAddress
CreateRemoteThread
GetLastError
GetCurrentProcess
GetCommandLineA
CloseHandle

user32

KillTimer
SetTimer
TranslateMessage
DispatchMessageA
GetMessageA
PostQuitMessage

advapi32

AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Dll_JustWorking
Start

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4451abd28bcff0aed5160537c4099183

Headers

File Characteristics

Imports

winmm

wininet

mfc42

msvcrt

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 670B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 670B