1759f0b660c5ea9909eb8e11c563534f

Sharing

Copy URL

Twitter E-mail

General

Target

1759f0b660c5ea9909eb8e11c563534f
Size

524KB
MD5

1759f0b660c5ea9909eb8e11c563534f
SHA1

61bbe6391d00a54187f8aaf409010340af1719ad
SHA256

e188ff2df0980d60ba08fa644b905350b93c4b12307d833f9aacae1ace3b2a57
SHA512

bbe331878ba0a303f9e7907509f3dc371e416c97e9041772c26809ee98622327cc8bf7ea9ea3dbea59fb9448231ef1c00846accd34c9be27887d2bc8cb068096
SSDEEP

6144:rfUbJV/na8f+ubUnbguMilokgkKskqvORHFbjq6c/VK2A:r4V/nahmUn8uMilok8J+T/Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1759f0b660c5ea9909eb8e11c563534f

Files

1759f0b660c5ea9909eb8e11c563534f
.dll regsvr32 windows:4 windows x86 arch:x86

d44a0d4222998af80bec539ede4b2df7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
CreateDirectoryA
lstrcatA
lstrcpyA
GetVersionExA
GetTickCount
DeviceIoControl
WaitForSingleObject
ExitProcess
SetLastError
GetLongPathNameA
OpenProcess
CreateMutexA
GetShortPathNameA
ReadProcessMemory
GetVersion
GetCommandLineA
TerminateProcess
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
VirtualQuery
OutputDebugStringA
CopyFileA
GetCurrentProcess
GetCurrentThread
Module32Next
GetProcAddress
SetErrorMode
LockResource
SizeofResource
LoadResource
FindResourceA
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
GetPrivateProfileStringA
GetEnvironmentVariableA
GetExitCodeProcess
SearchPathA
WinExec
HeapAlloc
GetProcessHeap
HeapFree
GetTempFileNameA
RemoveDirectoryA
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
ResumeThread
VirtualProtectEx
FreeLibrary
GetWindowsDirectoryA
OpenMutexA
GetModuleFileNameA
CreateProcessA
Sleep
CloseHandle
CreateFileA
GetLastError
FindFirstFileA
FindNextFileA
FindClose
GetSystemDirectoryA
GetTempPathA
DeleteFileA
MoveFileA
LoadLibraryExA
MoveFileExA

user32

DestroyWindow
ShowWindow
SendMessageA
SetForegroundWindow
FindWindowA
SendMessageTimeoutA
FindWindowExA
keybd_event
SetFocus
GetWindowThreadProcessId

advapi32

OpenSCManagerA
RegOpenKeyExA
RegOpenKeyA
RegCloseKey
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
CloseServiceHandle

shell32

SHGetSpecialFolderPathA

ole32

OleUninitialize
OleInitialize

shlwapi

SHGetValueA
SHDeleteKeyA
PathAppendA
PathRemoveFileSpecA
PathCombineA
PathFindFileNameA
SHDeleteValueA
SHSetValueA
PathIsDirectoryA

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
_mbslwr
rewind
fgets
strncat
strchr
_mbsstr
sscanf
??2@YAPAXI@Z
??3@YAXPAX@Z
_strnicmp
_vsnprintf
fprintf
strrchr
_access
fseek
ftell
fread
__CxxFrameHandler
_strlwr
strcmp
time
srand
rand
_except_handler3
_stricmp
memset
strlen
free
strcpy
malloc
sprintf
_mbsnbcpy
_mbscmp
strcat
_snprintf
atoi
_strdup
strncpy
strstr
memcpy
fclose
fwrite
fopen

urlmon

URLDownloadToFileA

Exports

Exports

DllRegisterServer
DllUnregisterServer
Rundll32
ekfs
ekfsEx

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d44a0d4222998af80bec539ede4b2df7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

setupapi

version

msvcrt

urlmon

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 460KB - Virtual size: 458KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 460KB - Virtual size: 458KB

.reloc
Size: 8KB - Virtual size: 4KB