0dc622611b75886905a790eb1a20fef2

Sharing

Copy URL Twitter E-mail

General

Target

0dc622611b75886905a790eb1a20fef2
Size

142KB
MD5

0dc622611b75886905a790eb1a20fef2
SHA1

d7fcdcc541c32ad74e74a2e1dd50e714e011d0a7
SHA256

1e1d2eefcad765da2297ec546b8138354a581c69e9d1fe10a3da608ac0b4f012
SHA512

159a5a5130620a263f24cc0a8b40d80889a401bfa3da5f391dc91eac74dc2731a36bd3a5076e064d7d89ceead4dc9d90064e3d70cfa38fabe976d6e8550322e0
SSDEEP

1536:+F2cmkD7+Z0wx2xVrC8Zc6tcizwRd/g7OYnOJF7h3pmOuFKHl/r6OA5Y96WNF:+RPIiGW7vnOJF7fmOnr6OA5i6Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc622611b75886905a790eb1a20fef2

Files

0dc622611b75886905a790eb1a20fef2
.dll regsvr32 windows:4 windows x86 arch:x86

0685b40c6ad07df2b5593cdfe80c3455

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
HeapAlloc
GetProcessHeap
FormatMessageW
CloseHandle
GetTickCount
WaitForSingleObject
TerminateThread
GetCurrentProcess
ResetEvent
CreateThread
WaitForMultipleObjects
SetEvent
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
Sleep
FreeLibrary
GetModuleFileNameW
InterlockedDecrement
lstrcmpiW
GetLastError
InterlockedIncrement
LeaveCriticalSection
InitializeCriticalSection
lstrlenW
LoadLibraryExW
FindResourceW
LoadResource
EnterCriticalSection
SizeofResource
GetModuleHandleW
MultiByteToWideChar
RaiseException
DeleteCriticalSection
SetThreadLocale
CreateEventW
GetThreadLocale
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

UnregisterClassA
wsprintfW
LoadStringW
CharNextW

advapi32

QueryServiceStatusEx
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
EqualSid
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
ControlService

ole32

CoRevertToSelf
CoImpersonateClient
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
ProgIDFromCLSID
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
OleRun
CoMarshalInterThreadInterfaceInStream

oleaut32

SysAllocStringByteLen
VarUI4FromStr
RegisterTypeLi
SysFreeString
SysStringLen
UnRegisterTypeLi
SysAllocString
LoadTypeLi
VariantCopyInd
VariantChangeType
SafeArrayRedim
SafeArrayCreate
VarBstrCmp
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayCopy
SafeArrayDestroy
VariantInit
SafeArrayUnlock
VariantCopy
SafeArrayGetVartype
SysStringByteLen
VariantClear
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo

msvcp80

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z

msvcr80

??1exception@std@@UAE@XZ
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
_CxxThrowException
_vswprintf
vswprintf_s
_vscwprintf
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
memcpy_s
_recalloc
wcsncpy_s
malloc
wcscat_s
wcscpy_s
??_V@YAXPAX@Z
free
_purecall
swprintf_s
_resetstkoflw
??2@YAPAXI@Z

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0685b40c6ad07df2b5593cdfe80c3455

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp80

msvcr80

userenv

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 9KB