0cecdcb7592a9b4761aae51dcb9251c7

Sharing

Copy URL Twitter E-mail

General

Target

0cecdcb7592a9b4761aae51dcb9251c7
Size

267KB
MD5

0cecdcb7592a9b4761aae51dcb9251c7
SHA1

615d0322bf7b5648a509fb67f5abb417f28f125a
SHA256

b66cec7d1f171a1713a036311ec4b4660eab835276a4db996297d1514305a186
SHA512

8fc4ca5191238cf7ce748614436cff04298dc77ef14c2d54acae12dcef3bae23dea5c87ab22821d8e80c8c49ab5c77f626bde80ca1b8828f2acfbc2c578cbcb2
SSDEEP

6144:RvtAiYjs3OTrpO4qbTBQoszLVaW5EBnCgP5Q7fATENqF41:Rv6FO4qH6osFsYoTTi1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cecdcb7592a9b4761aae51dcb9251c7

Files

0cecdcb7592a9b4761aae51dcb9251c7
.dll regsvr32 windows:4 windows x86 arch:x86

f9ec17c62b1953eb906a69a02b63a3c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameA
SHGetValueA
SHSetValueA
PathFindExtensionA
PathIsUNCA
SHDeleteValueA
PathFileExistsA
PathAppendA
PathStripToRootA
PathRemoveExtensionA
SHGetValueW
PathRemoveFileSpecA
PathRemoveBackslashA
PathRemoveBlanksA
SHDeleteKeyA
StrStrIA

kernel32

CreateThread
Sleep
SetThreadPriority
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
OpenMutexA
EnterCriticalSection
ReadFile
GetFileSize
CreateFileA
GetShortPathNameA
GetLongPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
lstrcmpA
lstrlenW
lstrcpynW
lstrlenA
lstrcpynA
MultiByteToWideChar
WaitForSingleObject
TerminateThread
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
CreateToolhelp32Snapshot
GetModuleHandleW
OutputDebugStringA
GetFileAttributesW
GetLastError
LoadLibraryExA
SetLastError
GetModuleFileNameA
lstrcpyA
CopyFileA
ReadProcessMemory
FreeLibrary
DeleteFileA
VirtualQuery
lstrcmpiA
VirtualProtect
WriteProcessMemory
GetCurrentProcessId
Module32First
Module32Next
CloseHandle
GetModuleHandleA
GetCurrentProcess
FlushInstructionCache
GetSystemInfo
GetProcAddress
GetVersion
GetTempPathA
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
LeaveCriticalSection
LocalFree
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
FindResourceA
LoadResource
lstrcatA
IsBadStringPtrA
GlobalLock
GlobalSize
HeapFree
HeapAlloc
GetProcessHeap
IsDebuggerPresent
GetACP
CreateProcessA
GetPrivateProfileStructA
WritePrivateProfileStructA
WriteFile
MoveFileExA
WritePrivateProfileStringA
GetPrivateProfileIntA
DeviceIoControl
WritePrivateProfileSectionA
GetCurrentThreadId
GetPrivateProfileStringA
IsBadReadPtr
IsBadStringPtrW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SizeofResource
LockResource

user32

RegisterWindowMessageA
FindWindowExA
MessageBoxA
SetWindowsHookExA
InvalidateRect
UnhookWindowsHookEx
ReleaseDC
DrawTextA
GetWindowTextA
FillRect
GetSysColor
GetDC
CallWindowProcA
GetFocus
CallNextHookEx
PostMessageA
GetKeyState
ShowWindow
IsWindowVisible
SetPropA
RemovePropA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetComboBoxInfo
DrawFocusRect
GetSystemMetrics
LoadIconA
GetClassNameA
SendMessageA
SetWindowTextA
IsWindow
GetParent
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutA
EnumChildWindows
DialogBoxParamA
GetWindowLongA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItemTextA
EndDialog
GetWindowTextLengthA
GetDlgItem
EnableWindow
DefWindowProcA
LoadStringA

advapi32

OpenSCManagerA
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ControlService
StartServiceA
QueryServiceStatus
OpenServiceA
DeleteService
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegCloseKey
CreateServiceA
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ole32

OleRun
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
CoCreateGuid
ReleaseStgMedium
OleInitialize
CoTaskMemFree
OleUninitialize
CoInitialize
CoUninitialize
StringFromCLSID

oleaut32

VariantClear
SysFreeString
SysAllocString

imagehlp

ImageDirectoryEntryToData

msvcrt

strstr
rewind
wcslen
strrchr
strchr
fread
ftell
malloc
tmpnam
_wcsicmp
_strnicmp
strncpy
_stricmp
strncat
_strtime
??1type_info@@UAE@XZ
_mbstok
_ltoa
atol
_mbslen
_open
_read
_write
_close
_lseek
__dllonexit
_onexit
_initterm
_adjust_fdiv
fputs
fseek
time
srand
fwrite
_CxxThrowException
printf
_mbsnbcpy
_vsnprintf
atoi
_ismbcdigit
_mbclen
fopen
fgets
fclose
bsearch
_mbsrchr
free
_snprintf
realloc
_mbslwr
_mbsstr
_mbschr
_mbsnbicmp
_mbscmp
sprintf
_purecall
rand
_mbsicmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
_tempnam
_strlwr
_wcsnicmp
_itoa
_strdate

urlmon

URLDownloadToFileA
IsValidURL

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

setsockopt
connect
send
WSAGetLastError
gethostbyname
socket
htons
WSAStartup
WSACleanup
inet_addr
closesocket
recv

gdi32

GetTextAlign
SetTextAlign
SetBkColor
ExtTextOutA
CreatePen
LineTo
SetPixel
GetTextExtentPointA
SetTextColor
CreateSolidBrush
DeleteObject
SelectObject
MoveToEx
GetStockObject
SetBkMode

shell32

SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderPathA

wininet

DeleteUrlCacheEntry
InternetCrackUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Register
Uninstall

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9ec17c62b1953eb906a69a02b63a3c0

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

imagehlp

msvcrt

urlmon

version

ws2_32

gdi32

shell32

wininet

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 19KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 19KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 15KB - Virtual size: 15KB