266f77a74e25f7a90637d0a2fd0fb4b7

Sharing

Copy URL Twitter E-mail

General

Target

266f77a74e25f7a90637d0a2fd0fb4b7
Size

104KB
MD5

266f77a74e25f7a90637d0a2fd0fb4b7
SHA1

11b126874c0a94d5a9af2b4d44ad78ec3cd827ef
SHA256

1a55514dd51fae7ba3aed8361a858914877c496a28d594c613a31f0b2ad216a4
SHA512

d9a9748bb56573c79d2c0c2347d83e5760eee12b3b13655904fc2be6a35d7c0b360affc763b78aa9bd5217cc343849171584b1055463ccdd9504efa6232755c2
SSDEEP

3072:MntuFWcTO5A+1oO2/bLHol79C89XSzHxjSIwVF:MtuMcq5AQoO2/bLHol79C89XwRjSIw3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
266f77a74e25f7a90637d0a2fd0fb4b7

Files

266f77a74e25f7a90637d0a2fd0fb4b7
.dll regsvr32 windows:4 windows x86 arch:x86

a1f3b35d78ef065473acb1a815eb066b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteFileA
GetSystemDirectoryA
GetLocalTime
OpenProcess
WaitForSingleObject
CreateFileA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleFileNameA
CloseHandle
LocalFree
MoveFileExA
SleepEx
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
QueryPerformanceFrequency

user32

EnumWindows
wsprintfA
SystemParametersInfoA
SetWindowPos
KillTimer
SetTimer
DefWindowProcA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows

advapi32

SetEntriesInAclA
GetSecurityInfo
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityInfo

shell32

StrStrIA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

GetErrorInfo
VariantInit
SysAllocString

rpcrt4

UuidToStringA

shlwapi

SHSetValueA
SHGetValueA

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

netapi32

Netbios

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

msvcrt

isupper
strerror
strtok
__CxxFrameHandler
toupper
strstr
__dllonexit
_onexit
_initterm
_adjust_fdiv
_CxxThrowException
ispunct
isalpha
isspace
tolower
isgraph
__mb_cur_max
wctomb
islower
printf
isxdigit
strncpy
strchr
strtol
atoi
??1type_info@@UAE@XZ
tmpnam
fopen
fwrite
fclose
??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
isalnum
mbstowcs

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1f3b35d78ef065473acb1a815eb066b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

shlwapi

psapi

netapi32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 2KB