1c8e17d90696bb2374ab096e96f4f33e

Sharing

Copy URL Twitter E-mail

General

Target

1c8e17d90696bb2374ab096e96f4f33e
Size

320KB
MD5

1c8e17d90696bb2374ab096e96f4f33e
SHA1

34dfff018ce924dc6a544dc35c29cc67fb77a5f8
SHA256

0fbdb24fc6de0980b2f6bd4b415f53d5b05130b7806424d2f7b0f189c207a771
SHA512

0918d430e1ad48e5a654a9cfc537211fff7db78c429a32dbd8b666ee235a421502df9e7d3201dcd446fd648b5455252599be853c303a85d2e64618609d2d4eef
SSDEEP

3072:HUFeE8tOjWdcgJ/c7MrL7JgClr4EnfDVZsi5DZJ4meHorJuI4ZTYKaS014YtDiT2:meGgDTVTZJ/OCIzJdBbR4Rd96TlKO/8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c8e17d90696bb2374ab096e96f4f33e

Files

1c8e17d90696bb2374ab096e96f4f33e
.dll regsvr32 windows:4 windows x86 arch:x86

139b8ca75b74ab97d8c4a7960add690b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strncat
strstr
div
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
rand
_CxxThrowException
_strdup
memmove
strncpy
sprintf
atoi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_atoi64
_wcslwr
_except_handler3
_purecall
_strlwr
_strnicmp
_stricmp
strchr
free
??0exception@@QAE@ABQBD@Z
wcslen
memchr
strncmp

kernel32

GetSystemTime
LocalFree
GetCurrentThreadId
CopyFileA
DeleteFileA
GetTempFileNameA
MoveFileA
Sleep
GetFullPathNameA
lstrcpynA
CreateDirectoryA
WriteFile
LockFile
PulseEvent
WaitForMultipleObjects
TerminateThread
GetShortPathNameA
HeapDestroy
GetModuleFileNameA
DisableThreadLibraryCalls
GetSystemInfo
GetCurrentProcessId
GetTickCount
CloseHandle
VirtualFree
VirtualAlloc
GetProcAddress
GetModuleHandleA
CreateFileA
GetVersion
GetComputerNameA
GetLastError
MultiByteToWideChar
lstrlenA
lstrlenW
InterlockedDecrement
CreateEventA
CreateMutexA
UnmapViewOfFile
ReleaseMutex
ResetEvent
InterlockedIncrement
WaitForSingleObject
SetEvent
MapViewOfFile
CreateFileMappingA
GetVersionExA
DeviceIoControl
CreateToolhelp32Snapshot
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
InitializeCriticalSection
ReadFile
GetFileTime
FindNextFileA
FindFirstFileA
LoadLibraryA
FreeLibrary
GetVolumeInformationA
lstrcmpiA
GetUserDefaultLangID
GetEnvironmentVariableA
WideCharToMultiByte
VirtualProtect
IsBadReadPtr
IsBadCodePtr
Module32Next
Module32First

user32

IsWindow
GetClassNameA
EnumThreadWindows

advapi32

RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
GetUserNameA

ole32

OleRun
CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector

msvcp60

??0_Locinfo@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Global@_Locimp@locale@std@@0PAV123@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??1strstreambuf@std@@UAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1locale@std@@QAE@XZ
??0locale@std@@QAE@PBDH@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Term@?$ctype@D@std@@KAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Cltab@?$ctype@D@std@@0PBFB
??_7?$ctype@D@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
?_Iscloc@locale@std@@QBE_NXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Id_cnt@id@locale@std@@0HA
?id@?$ctype@D@std@@2V0locale@2@A
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$ctype@D@std@@UAE@XZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
_Getctype
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1strstream@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z

shell32

SHGetSpecialFolderPathA

snmpapi

SnmpUtilOidCpy

shlwapi

SHDeleteKeyA
PathFileExistsA
PathGetDriveNumberA

urlmon

IsValidURL

wininet

InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetCloseHandle
InternetGetConnectedState
InternetGetCookieExA
InternetSetOptionA
InternetOpenA

ws2_32

WSAStartup
gethostbyname
WSACleanup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetName
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

139b8ca75b74ab97d8c4a7960add690b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

shell32

snmpapi

shlwapi

urlmon

wininet

ws2_32

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 249KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 252KB - Virtual size: 249KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 24KB - Virtual size: 20KB