0fc1149a5dbcbec34d15ff9cdd79bb0b

Sharing

Copy URL Twitter E-mail

General

Target

0fc1149a5dbcbec34d15ff9cdd79bb0b
Size

156KB
MD5

0fc1149a5dbcbec34d15ff9cdd79bb0b
SHA1

0d07eb66279bc99ff52b5cb72db12c9f2a0683f2
SHA256

642f8326a7d1793283409c00745769ed04dfcac7af66111bf7f163fe266420f5
SHA512

12df27527d5beaed1d5b48f56331b2a3ec8ca7633d59d8f33c8c917ed3efb390ea6898aaf7f211a4e8dcca764fbe487a8c612c1208a4f52bed975d9896a3d877
SSDEEP

3072:gIqqb6o4y72cQEDmokxegrJjuJwWPPTiz:0W1y5eg1uKWXT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fc1149a5dbcbec34d15ff9cdd79bb0b

Files

0fc1149a5dbcbec34d15ff9cdd79bb0b
.dll regsvr32 windows:4 windows x86 arch:x86

61969bc9907265bb24a2793f3b67b8ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathIsUNCA
PathFindFileNameA
SHGetValueA
SHSetValueA
PathAppendA
PathFileExistsA
SHDeleteValueA
PathStripToRootA
PathFindExtensionA
PathRemoveExtensionA
PathRemoveFileSpecA
PathRemoveBackslashA
PathRemoveBlanksA
SHDeleteKeyA
StrStrIA

kernel32

OpenMutexA
CreateThread
Sleep
SetThreadPriority
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
LeaveCriticalSection
CreateMutexA
CreateFileA
GetShortPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrcpynA
GetVersionExA
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
lstrcmpA
lstrlenW
lstrcpynW
lstrlenA
MultiByteToWideChar
WaitForSingleObject
TerminateThread
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
CreateToolhelp32Snapshot
GetModuleHandleW
OutputDebugStringA
GetFileAttributesW
GetLastError
LoadLibraryExA
SetLastError
GetModuleFileNameA
CopyFileA
ReadProcessMemory
FreeLibrary
DeleteFileA
VirtualQuery
lstrcmpiA
VirtualProtect
WriteProcessMemory
GetCurrentProcessId
Module32First
Module32Next
CloseHandle
GetModuleHandleA
GetCurrentProcess
FlushInstructionCache
GetSystemInfo
GetProcAddress
GetVersion
GlobalSize
GlobalLock
IsBadStringPtrA
lstrcpyA
lstrcatA
EnterCriticalSection
LocalFree
GetPrivateProfileStringA
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
TlsAlloc
GetTempPathA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
HeapFree
HeapAlloc
GetProcessHeap
IsDebuggerPresent
GetACP
CreateProcessA
GetPrivateProfileStructA
WritePrivateProfileStructA
WriteFile
MoveFileExA
WritePrivateProfileStringA
GetPrivateProfileIntA
DeviceIoControl
WritePrivateProfileSectionA
IsBadReadPtr
IsBadStringPtrW

user32

FindWindowExA
MessageBoxA
SetWindowsHookExA
InvalidateRect
ReleaseDC
DrawTextA
GetWindowTextA
FillRect
GetSysColor
GetDC
CallWindowProcA
GetFocus
GetKeyState
SetPropA
RemovePropA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetComboBoxInfo
PostMessageA
DrawFocusRect
GetSystemMetrics
LoadIconA
UnhookWindowsHookEx
CallNextHookEx
WindowFromPoint
IsWindowVisible
RegisterWindowMessageA
GetClassNameA
SendMessageA
SetWindowTextA
IsWindow
GetParent
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutA
DialogBoxParamA
GetWindowLongA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItemTextA
EndDialog
GetWindowTextLengthA
GetDlgItem
EnableWindow
DefWindowProcA
LoadStringA
EnumChildWindows

advapi32

RegDeleteValueA
OpenServiceA
DeleteService
OpenSCManagerA
CloseServiceHandle
ControlService
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegCloseKey
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
RegSetKeySecurity
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetSecurityDescriptorDacl

ole32

OleRun
CoCreateGuid
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree
OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

imagehlp

ImageDirectoryEntryToData

msvcrt

_mbsnbcpy
printf
_CxxThrowException
fwrite
srand
time
fread
malloc
fseek
ftell
fputs
strstr
rewind
strrchr
??1type_info@@UAE@XZ
_tempnam
_ltoa
atol
_mbstok
__dllonexit
_onexit
_initterm
_adjust_fdiv
_vsnprintf
atoi
_ismbcdigit
_mbclen
fopen
fgets
fclose
bsearch
_mbsrchr
free
_snprintf
realloc
_mbslwr
_mbsstr
_mbschr
_mbsnbicmp
_mbscmp
sprintf
_purecall
rand
_mbsicmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
tmpnam
_stricmp
_strlwr
_itoa

urlmon

IsValidURL
URLDownloadToFileA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

htons
connect
gethostbyname
setsockopt
socket
closesocket
WSAStartup
WSACleanup
inet_addr
WSAGetLastError
send
recv

gdi32

CreatePen
MoveToEx
LineTo
SetPixel
GetTextExtentPointA
SetTextColor
CreateSolidBrush
DeleteObject
GetStockObject
SelectObject
SetBkColor
SetBkMode

shell32

SHGetSpecialFolderPathA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoA
ShellExecuteA

wininet

DeleteUrlCacheEntry
InternetCrackUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Register
Uninstall

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61969bc9907265bb24a2793f3b67b8ed

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

imagehlp

msvcrt

urlmon

version

ws2_32

gdi32

shell32

wininet

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 12KB