20246a3b372ba5a3e38aa9f7968b76cf

General

Target

20246a3b372ba5a3e38aa9f7968b76cf
Size

44KB
MD5

20246a3b372ba5a3e38aa9f7968b76cf
SHA1

a1b814e23111e558574d2d82fb4126830dec8bc4
SHA256

1cb3e1175e94f224385289afbe683a808c7292cf360d8f676d54da46cf6f5bc6
SHA512

cd51f84e650e0aaa329896c534987cdddb5f1fa535784f7df45ca7548e50027782157683777f4138ccc806993a82047da983c67f2d26fa6ba14214b915ac7d49
SSDEEP

768:Do3r3RfE2skDsicJUpkavaY8PPUR9gLa1u/:23c8sVJ1Y831Law

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20246a3b372ba5a3e38aa9f7968b76cf

Files

20246a3b372ba5a3e38aa9f7968b76cf
.dll regsvr32 windows:4 windows x86 arch:x86

56b846bd510167f0eb7741d673ff54c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GetSystemDirectoryA
GetLocalTime
InterlockedIncrement
VirtualAlloc
CreateMutexA
WinExec
GetWindowsDirectoryA
GetLastError
GetModuleFileNameA
LoadLibraryA
CreateThread
CloseHandle
GetProcAddress

user32

GetMessageA
ShowWindow
CreateWindowExA
UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
RegisterClassExA
FindWindowExA
PostMessageA
KillTimer
SetTimer
DefWindowProcA
SetWindowsHookExA
CallNextHookEx

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

wininet

InternetSetOptionA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA

msvcrt

_stricmp
_initterm
free
atoi
strchr
fopen
fwrite
fclose
_except_handler3
strrchr
__CxxFrameHandler
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
_adjust_fdiv
malloc

shlwapi

SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56b846bd510167f0eb7741d673ff54c2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 886B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 886B