1f1e78d8233dd37a18569af5efde8fce

Sharing

Copy URL Twitter E-mail

General

Target

1f1e78d8233dd37a18569af5efde8fce
Size

148KB
MD5

1f1e78d8233dd37a18569af5efde8fce
SHA1

cb1ad7dc84a1c1ff04efec9c267d086f588f2a2f
SHA256

d3a95554164ed86488223dfce1953b3732a3b4f84dd8c841735e5fddbf16d886
SHA512

a9d1e37318e6c200a7d4c2b780c6c2351acc2976a2a5bcc95d7c4cdf09a4960cf83ead61eb11118c9975db524dc9039da2ab996bdb98fca5c1e353c9df6a36e4
SSDEEP

3072:Xf6gVSjLv9oBvy8LyOxZ5GgDLH08LtUlfEyUf9:Wg5DDUE3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f1e78d8233dd37a18569af5efde8fce

Files

1f1e78d8233dd37a18569af5efde8fce
.dll regsvr32 windows:4 windows x86 arch:x86

f96fcb2b10fb7c581f0fd646995b0b38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrChrA
StrStrA
StrStrIA

kernel32

InterlockedDecrement
GetModuleFileNameA
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
ExitThread
DeleteFileA
lstrcmpA
GetPrivateProfileStringA
GetTempFileNameA
GetTempPathA
WritePrivateProfileStringA
GetWindowsDirectoryA
MoveFileExA
SystemTimeToFileTime
GetLocalTime
MoveFileA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
FreeLibrary
GetProcAddress
SetLastError
GetLastError
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
GetFileAttributesW
GetVersion
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetShortPathNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
HeapDestroy
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetVolumeInformationA
CreateThread
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
IsBadWritePtr
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapCreate
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
GetSystemDirectoryA
LCMapStringW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize
RaiseException
LocalFree
CreateDirectoryA
CreateFileA
GetFileSize
ReadFile
SetFilePointer
WriteFile
CloseHandle
MultiByteToWideChar
lstrcmpiA
WideCharToMultiByte
lstrcatA
lstrcpynA
lstrcpyA
lstrlenA
VirtualFree
VirtualAlloc
RtlUnwind
LCMapStringA

user32

EqualRect
OffsetRect
SetWindowRgn
IntersectRect
IsWindow
GetParent
SetFocus
GetFocus
InvalidateRect
ReleaseDC
GetDC
EndPaint
GetClientRect
BeginPaint
SetWindowPos
wsprintfA
GetKeyboardLayout
DefWindowProcA
GetKeyState
PtInRect
UnionRect
ShowWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
IsChild
DestroyWindow
GetClassInfoExA
RegisterClassExA
LoadCursorA
CharNextA
CreateWindowExA

gdi32

SetWindowOrgEx
SetViewportOrgEx
DeleteDC
CreateDCA
GetDeviceCaps
LPtoDP
SaveDC
CreateRectRgnIndirect
RestoreDC
SetMapMode

advapi32

RegDeleteValueA
RegEnumValueA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

ole32

CreateOleAdviseHolder
OleSaveToStream
WriteClassStm
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
OleLoadFromStream
CoInitialize
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString
VariantChangeType
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
OleCreatePropertyFrame
VariantClear

urlmon

URLDownloadToFileA
CreateURLMoniker

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f96fcb2b10fb7c581f0fd646995b0b38

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 8KB