07e565f567317cdf156554c7dde49148

Sharing

Copy URL

Twitter E-mail

General

Target

07e565f567317cdf156554c7dde49148
Size

44KB
MD5

07e565f567317cdf156554c7dde49148
SHA1

d009f5626435276c3ecc1f9591d946c2fdbadbea
SHA256

dcac3af995d781ac884d24913f7a19d62423c8edd86bf519ee4e8fa552f10f0c
SHA512

928ab6af48cf9af503ca345bed60141bd75423b3a0e9924a93afd89cad09627557c8c671eafb8d8c2106be447e4481d64c70e3924d8e6f0751b5582dbfbf219a
SSDEEP

768:xoKRSrSnVwzjePNc+XZVINxwEkhrEho8bADj/:xoKRSryKHePNc+XtJhrbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07e565f567317cdf156554c7dde49148

Files

07e565f567317cdf156554c7dde49148
.dll regsvr32 windows:4 windows x86 arch:x86

1c5f8135a4217e6a9625ab66271d5a98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToCacheFileA

mfc42

ord4202
ord860
ord2915
ord926
ord939
ord858
ord4278
ord800
ord537
ord825
ord540
ord535
ord823

msvcrt

strstr
free
_purecall
_mbsstr
memset
atoi
strlen
__CxxFrameHandler
malloc
_except_handler3
realloc
memcpy
memcmp
_mbslwr
rand
__dllonexit
?terminate@@YAXXZ
_adjust_fdiv
_onexit
_initterm
strncpy
time
srand

kernel32

SizeofResource
DisableThreadLibraryCalls
lstrcpynA
LoadLibraryExA
WideCharToMultiByte
lstrcpyA
CreateThread
Sleep
lstrlenA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
lstrcatA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
IsDBCSLeadByte
DeleteFileA
FindResourceA
LoadResource
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
GetLastError
lstrcmpiA
GetCurrentThreadId
lstrlenW

user32

EnumThreadWindows
IsWindow
GetSystemMetrics
CharNextA
GetClassNameA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
RegisterTypeLi
SysFreeString
SysAllocString

msvcirt

??0ifstream@@QAE@XZ
?open@ifstream@@QAEXPBDHH@Z
?read@istream@@QAEAAV1@PADH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c5f8135a4217e6a9625ab66271d5a98

Headers

File Characteristics

Imports

urlmon

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

msvcirt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB