1c9d7d4da0b74ccbb8945cff5aa6bfcc

Sharing

Copy URL Twitter E-mail

General

Target

1c9d7d4da0b74ccbb8945cff5aa6bfcc
Size

300KB
MD5

1c9d7d4da0b74ccbb8945cff5aa6bfcc
SHA1

0717ed1591b82bc6feb118c7eed6ebc6741662cb
SHA256

ded500564f743ffca1d9006a2558f6dd051acd41c9105753349aa9cb6d731c5b
SHA512

fbe623aaf1e6aec70c40928d30e2ddbc8965213e9adb281e18b4c45d2467e1d480d107d78e858a2422e2ed176e504c3a836bb3e2b986b4ac165de931868bdc7a
SSDEEP

3072:Fg/gAAw+f+/0fEDbpBr2vA3Vi5PuNHtAQ6VLpFXSAg0FusJls1w7oP6T:uixW/oqVPKhHSAOes+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c9d7d4da0b74ccbb8945cff5aa6bfcc

Files

1c9d7d4da0b74ccbb8945cff5aa6bfcc
.dll regsvr32 windows:4 windows x86 arch:x86

c1f56c15c588b65e99c4af8a0534f1b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceExW
GetVersion
OpenEventW
DisableThreadLibraryCalls
lstrlenW
GetVersionExW
GetModuleFileNameW
FlushInstructionCache
GetCurrentProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
TerminateThread
CreateThread
ResumeThread
GetTickCount
WideCharToMultiByte
GetCurrentThreadId
CreateMutexW
SetLastError
GetComputerNameW
GetDriveTypeW
GetLogicalDriveStringsW
WinExec
MultiByteToWideChar
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FindFirstFileW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetCPInfo
ReadFile
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetFileAttributesW
FindNextFileW
GetModuleHandleW
FindClose
RemoveDirectoryW
SetFileAttributesW
GetLastError
CreateFileW
GetFileSize
WriteFile
CloseHandle
DeleteFileW
WaitForSingleObject
ReleaseMutex
InterlockedExchangeAdd
FindResourceW
SizeofResource
LoadResource
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
LockResource
HeapAlloc
GetProcessHeap
HeapFree
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapDestroy
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc

user32

DefWindowProcW
GetClientRect
DrawTextW
EndPaint
GetUpdateRect
BeginPaint
IsWindow
MessageBoxW
CreateDialogParamW
wsprintfW
GetMenuItemCount
GetMenuStringW
InsertMenuW
SetMenuItemBitmaps
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
EnumChildWindows
GetClassNameW
PostMessageW
DialogBoxParamW
EndDialog
ScreenToClient
OffsetRect
GetCursorPos
GetSystemMetrics
SetWindowRgn
MoveWindow
ShowWindow
LoadBitmapW
EnableWindow
DestroyWindow
GetDlgItem
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SetWindowPos
KillTimer
SetTimer
SetWindowTextW
RegisterClassW
CreateWindowExW
SetWindowLongW
GetWindowLongW
TrackMouseEvent
InvalidateRect
SetCapture
ReleaseCapture
PtInRect
GetParent
SendMessageW
UnregisterClassA

gdi32

GetStockObject
CreateFontW
CreateRoundRectRgn
BitBlt
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBits
DeleteDC
DeleteObject
SetTextColor
SetBkMode
SelectObject

advapi32

GetUserNameW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountNameW
CopySid
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHQueryRecycleBinW
DragQueryFileW
SHEmptyRecycleBinW

ole32

CoCreateGuid
IIDFromString
ReleaseStgMedium
StringFromIID
CoGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1f56c15c588b65e99c4af8a0534f1b3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 148KB

.rsrc Size: 52KB - Virtual size: 49KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 148KB

.rsrc
Size: 52KB - Virtual size: 49KB

.reloc
Size: 12KB - Virtual size: 11KB