1bd90be6e030263904b5d22b0161f99e

General

Target

1bd90be6e030263904b5d22b0161f99e
Size

44KB
MD5

1bd90be6e030263904b5d22b0161f99e
SHA1

98e5d353b21d22160bd142fb48587d7e50d353fe
SHA256

9523b8aad73c83e7a22ee243ad7f6be38c9f4523aaac6b5bec656a60ae62999a
SHA512

6572845c46b7d4dce23e5656fd4ee6afd97905a26bd926aeb0e776f3f5ef2c1b095808c3a94e3058f8971bbf6857d8a79463e20e77005dc6ae5c250ee4ffd935
SSDEEP

384:TDtkav5bFV1vz5ZCJoDKHmV5T28Fv43C8HMJpS4AOcUJpJgLa0MpBd:TpkavVtNAyDKxOvyHMarOcEgLa1Xd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bd90be6e030263904b5d22b0161f99e

Files

1bd90be6e030263904b5d22b0161f99e
.dll regsvr32 windows:4 windows x86 arch:x86

943b38c1e46abac6d7ec3db72127d65f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
WinExec
GetWindowsDirectoryA
GetSystemDirectoryA
VirtualAlloc
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
CreateProcessA
CreateMutexA
GetLastError
CloseHandle
CreateThread

user32

GetMessageA
DefWindowProcA
SetTimer
KillTimer
TranslateMessage
CallNextHookEx
SetWindowsHookExA
RegisterClassExA
CreateWindowExA
ShowWindow
FindWindowExA
UnhookWindowsHookEx
DispatchMessageA
PostMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcrt

fopen
_adjust_fdiv
malloc
_initterm
free
strrchr
atoi
_except_handler3
strchr
_stricmp
fwrite
fclose
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler

shlwapi

SHGetValueA

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetReadFile
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

943b38c1e46abac6d7ec3db72127d65f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

shlwapi

wininet

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 884B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 884B