143b639b415c096517da2dd5ee5e953f

Sharing

Copy URL Twitter E-mail

General

Target

143b639b415c096517da2dd5ee5e953f
Size

164KB
MD5

143b639b415c096517da2dd5ee5e953f
SHA1

c17af0a6b89f789f02718bf0ab3533bbf86ee87e
SHA256

7caa8a4447dde16aa77cfad91b9d735859ff9e692f8cc4310294aa46f23e730b
SHA512

f27ea5de199d0199190db338e6d45ec06d129d9443ab100ec560961402f618311f85fa771a26fdb776f52e719fbebdef450cb31a9acf315bee0aa89946b36d0b
SSDEEP

1536:NZRB62IcI1CXzLBNmzoDXR9GRXhxEJGyuTu91c32l2b0I9LSICS4ATyPioME5Lan:NZRJaCXdRYVjTA2LxJKioMBQSX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
143b639b415c096517da2dd5ee5e953f

Files

143b639b415c096517da2dd5ee5e953f
.dll regsvr32 windows:4 windows x86 arch:x86

11ac43f02f1f317d5cafe2cd0d212de8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

Netbios

advapi32

CryptAcquireContextA
GetSecurityInfo
CryptReleaseContext
CryptGenRandom
SetSecurityInfo
SetEntriesInAclA

rpcrt4

UuidToStringA

user32

wsprintfA
EnumWindows
EnumChildWindows
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
SystemParametersInfoA
SetWindowPos
KillTimer
SetTimer
DefWindowProcA
GetClassNameA
GetWindowThreadProcessId

oleaut32

VariantInit
SysAllocString
GetErrorInfo

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA

shlwapi

SHGetValueA
SHSetValueA
StrStrIA

ole32

CoCreateGuid
CoInitialize
CoCreateInstance

kernel32

GetLastError
TlsSetValue
LocalFree
RaiseException
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetOEMCP
GetACP
ReadFile
SetEndOfFile
SetFilePointer
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetFileType
GetFileAttributesA
TlsGetValue
SetLastError
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
CloseHandle
OpenProcess
MoveFileExA
WaitForSingleObject
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteFileA
GetSystemDirectoryA
GetLocalTime
GetCurrentProcessId
SleepEx
GetModuleFileNameA
CreateFileA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
HeapAlloc
HeapFree
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
WriteFile
TlsAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11ac43f02f1f317d5cafe2cd0d212de8

Headers

File Characteristics

Imports

netapi32

advapi32

rpcrt4

user32

oleaut32

psapi

wininet

shlwapi

ole32

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 28KB - Virtual size: 34KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 28KB - Virtual size: 34KB

.reloc
Size: 8KB - Virtual size: 6KB