11cb3607f9ca38c7632237f891bbcfd2

Sharing

Copy URL Twitter E-mail

General

Target

11cb3607f9ca38c7632237f891bbcfd2
Size

63KB
MD5

11cb3607f9ca38c7632237f891bbcfd2
SHA1

87f1003d61a15e6ad2cc09056f9d4a63a38abdf1
SHA256

443b810d4fd9226b604a8bcd7d4da13f7c1adecbf7559f3adfd5d43b367fa5d2
SHA512

4218ad7d9aff0742ca69908c6b3c7f984e3625c4a0fff4e10f4991883717d79e19e5ea5a005faf67f88016766d9991609f28f5dc6fc480913e95ad001df86270
SSDEEP

1536:Z2sxP+2JmjcNdLVR/jJny4s/ZiCIwCopbHMIU9mC1:ZDU2JqsL/jJy4s/VIqNUF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11cb3607f9ca38c7632237f891bbcfd2

Files

11cb3607f9ca38c7632237f891bbcfd2
.dll regsvr32 windows:4 windows x86 arch:x86

9421300ce908e51880d43de36f6a41ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueA
PathAddBackslashA
PathFileExistsA
PathFindExtensionA

rpcrt4

UuidCreate

kernel32

GetLastError
MultiByteToWideChar
WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
lstrcatA
lstrlenA
GetModuleFileNameA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
CreateFileA
SetFilePointer
SetEndOfFile
GetTempFileNameA
GetTempPathA
DeleteFileA
MapViewOfFileEx
CreateFileMappingA
GetFileSize
OpenFileMappingA
UnmapViewOfFile
GetTickCount
HeapFree
DisableThreadLibraryCalls
ReleaseMutex
WaitForSingleObject
CreateMutexA
IsDBCSLeadByte
lstrcpynA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
FindFirstFileA
Sleep
GetVersionExA
UnlockFile
WriteFile
GetProcessHeap
CreateProcessA
GetLocaleInfoA
lstrcmpA
CreateThread
ReadFile
GetPrivateProfileStringA
WritePrivateProfileStringA
GetSystemTimeAsFileTime
InterlockedExchange
HeapReAlloc
RtlUnwind
VirtualQuery
HeapAlloc
lstrcpyA
LockFile

user32

wsprintfA
GetParent
PostMessageA
GetWindowTextA
GetClassNameA
FindWindowExA
PeekMessageA
TranslateMessage
DispatchMessageA
CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
GetUserNameA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantChangeType
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9421300ce908e51880d43de36f6a41ca

Headers

File Characteristics

Imports

shlwapi

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 48KB

.rdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 48KB

.rdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB