22c77205746fe6e9e138c4a8a3db5d78

Sharing

Copy URL Twitter E-mail

General

Target

22c77205746fe6e9e138c4a8a3db5d78
Size

64KB
MD5

22c77205746fe6e9e138c4a8a3db5d78
SHA1

7a0de47c4086eccd297f375f496b2f51a48d8dcf
SHA256

cdf9c5a58991c3c7c5d800c4e888ae5c60ab286f936114095c9ee6fd8cb5191e
SHA512

ef67f19d103a33dc22c9893f8859ec1450da6cadf76619a24414d55e9aac3a60528ab13fff3a13c55c16aed68081497f40fcda28600d31896bd5947820912aab
SSDEEP

768:eIBHC3KXHdQtNMqOnZKP3W2Xy6qzB7FGJjOH2dJNaT3qTcF9stmhKKFI:V9C6XHdUMqY/2CNFGJvdGT3qTQmmk8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22c77205746fe6e9e138c4a8a3db5d78

Files

22c77205746fe6e9e138c4a8a3db5d78
.dll regsvr32 windows:4 windows x86 arch:x86

732e41b3c6fbe38d8e0f00961686d677

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LeaveCriticalSection
LoadLibraryExW
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcpyW
lstrcatW
DeleteFileA
WinExec
GetBinaryTypeA
GetTickCount
GetTempPathA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
DisableThreadLibraryCalls
GetCurrentThreadId
lstrlenA
LoadLibraryW
GetProcAddress
WideCharToMultiByte
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
CreateThread
Sleep
GetCurrentProcess
GetLastError
CloseHandle

user32

UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
CharNextW
GetMessageW
PostThreadMessageW
SetForegroundWindow
FindWindowA
FindWindowExA
FindWindowExW
GetClassNameA
SendMessageA
PostMessageW
CharLowerA

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegQueryValueExW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
AdjustTokenPrivileges

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitialize

oleaut32

LoadRegTypeLi
SysStringLen
LoadTypeLi
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
SysFreeString
RegisterTypeLi

oleacc

GetStateTextA
GetRoleTextA
WindowFromAccessibleObject
AccessibleObjectFromWindow

msvcrt

strchr
strncmp
fclose
fwrite
rename
_access
wcslen
wcscmp
_initterm
_adjust_fdiv
_stricmp
memcmp
realloc
malloc
calloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
atoi
strcat
swprintf
getchar
wprintf
strcmp
_splitpath
fopen
fgets
strstr
memcpy
strcpy
sprintf
strlen
memset

ws2_32

connect
htons
closesocket
socket
recv
gethostbyname
WSAStartup
inet_addr
send

netapi32

Netbios

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVer
Install

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WOWCLin
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

732e41b3c6fbe38d8e0f00961686d677

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

oleacc

msvcrt

ws2_32

netapi32

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 13KB

WOWCLin Size: 4KB - Virtual size: 6B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 13KB

WOWCLin
Size: 4KB - Virtual size: 6B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB