174b66219cd628eb8e8db528d432dd2a

Sharing

Copy URL Twitter E-mail

General

Target

174b66219cd628eb8e8db528d432dd2a
Size

116KB
MD5

174b66219cd628eb8e8db528d432dd2a
SHA1

6607140955dbda7c4e70fb6eecbe421de65f58bc
SHA256

97f08ba646394285bc32d923cc1206c08e43100cd36c599b7f8aef1d84fb3c21
SHA512

27857e7799b79aed27a2aff4b2614b5ea7cfac0ffb27372caf2eb0850c0d1eaac49abef0c35c27f5453b3731275726e549a4850a4663fa11e5da7741f75b3714
SSDEEP

1536:oCyffHK7WOZ8piAplcmvH/zubbbtAozMZ/o9tmNw4z+Z/OtjPZUPKpT:o7KjOlcmvfzybuPti//OtjPZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
174b66219cd628eb8e8db528d432dd2a

Files

174b66219cd628eb8e8db528d432dd2a
.dll regsvr32 windows:4 windows x86 arch:x86

ec158f93043c533fffeb88f5199b2d04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetModuleFileNameA
lstrcatA
lstrcpynA
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
HeapDestroy
LoadResource
FindResourceA
LoadLibraryExA
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
lstrcmpiA
IsDBCSLeadByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
SizeofResource
GetVersionExA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
HeapAlloc
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
VirtualFree
HeapCreate
ExitProcess
WriteFile
GetStdHandle
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

CharPrevA
CharNextA

advapi32

GetUserNameA
LookupAccountNameA
IsValidSid
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
FreeSid

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysAllocStringLen
LoadRegTypeLi
SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
VariantClear
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec158f93043c533fffeb88f5199b2d04

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB