2572c05be8d6af36ad58324e194495c5

Sharing

Copy URL Twitter E-mail

General

Target

2572c05be8d6af36ad58324e194495c5
Size

164KB
MD5

2572c05be8d6af36ad58324e194495c5
SHA1

36b444d25ecc1ae745e647f726a730d91892d673
SHA256

e42d9b960cd29a96ecc8f5139503ac0001480d2824ec891a7a68475fc5b5a2cb
SHA512

f04fa6b932812d5beffe8cc2636bb505f642f838064c729db4419c7f7949b931d9d82a26aee28dcf7bfa436e4631d622a64f2a5bf1970dc7d6a337e4c50329b0
SSDEEP

3072:Z2XHIRCk+QWrxMtO7OlJxSw7aGPEglBrCedTH:a7xMtO7OlJxSwdBm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2572c05be8d6af36ad58324e194495c5

Files

2572c05be8d6af36ad58324e194495c5
.dll regsvr32 windows:4 windows x86 arch:x86

9cf3f9f00ad605325898e2039d35069f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHGetValueA

wininet

InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetSetOptionA
InternetReadFile

wsock32

WSACleanup
gethostbyname
WSAStartup

sensapi

IsDestinationReachableA

kernel32

GetVersionExA
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
lstrcatA
lstrcpyA
lstrlenA
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
VirtualQuery
WriteProcessMemory
GetProcAddress
VirtualProtect
lstrcmpiA
LoadLibraryA
GetSystemInfo
LocalFree
DisableThreadLibraryCalls
GetModuleFileNameA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
GetShortPathNameA
FindClose
FindNextFileA
GetPrivateProfileStringA
FindFirstFileA
lstrcpynA
GetWindowsDirectoryA
GetSystemDirectoryA
DebugBreak
OutputDebugStringA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
FlushInstructionCache
GetLocaleInfoA
CreateThread
FreeLibrary
GetLastError
GetCurrentProcess

user32

SendMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetWindowLongA
CallWindowProcA
ReleaseDC
SetWindowTextA
BeginPaint
GetDC
MapVirtualKeyA
keybd_event
GetClientRect
GetWindowTextA
SendMessageTimeoutA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
SetWindowLongA
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
DestroyWindow
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
IsWindow
SetWindowPos
GetSysColor
IsChild
SetFocus
DefWindowProcA
GetWindowTextLengthA
GetWindow
LoadCursorA
RegisterWindowMessageA
GetClassInfoExA
wvsprintfA
RegisterClassExA
FindWindowA
LoadStringA
CreateWindowExA
CharNextA
wsprintfA
GetParent
GetClassNameA
SetWindowsHookExA
UnhookWindowsHookEx
GetGUIThreadInfo
CallNextHookEx
GetKeyState
GetFocus
EndPaint
FillRect
GetDlgItem

olepro32

ord253

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
CoCreateInstance
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoUninitialize
CoInitialize

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
SysAllocString
VariantCopy
LoadRegTypeLi
VariantChangeType
SysFreeString
VariantInit

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
DeleteDC
SelectObject
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt

msvcrt

malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_strupr
_initterm
atol
isalpha
strrchr
sscanf
mktime
localtime
isdigit
_mbsspn
difftime
_mbsnbcpy
_mbschr
_mbsnbcmp
atoi
_ismbcdigit
_mbscspn
_strcmpi
wcslen
memcmp
_purecall
_mbscmp
_mbsrchr
time
_mbslwr
fgets
strchr
strcmp
_ftol
strftime
strstr
fopen
_wcsicmp
memset
_mbsstr
memmove
memcpy
??2@YAPAXI@Z
_mbsicmp
_strnicmp
strcpy
strlen
strncpy
_wcsnicmp
wcschr
_onexit
fwrite
fclose
wcsstr
__CxxFrameHandler
fread
isalnum
strtok
strcat
_CxxThrowException
free
__dllonexit
?terminate@@YAXXZ
_except_handler3

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllStartup
DllUnregisterServer
InstallAppMon
ReleaseAppMon

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HOOKDAT
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.APPMOND
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.URLHOOK
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cf3f9f00ad605325898e2039d35069f

Headers

File Characteristics

Imports

shlwapi

wininet

wsock32

sensapi

kernel32

user32

olepro32

advapi32

ole32

oleaut32

gdi32

msvcrt

imagehlp

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 8KB

.HOOKDAT Size: 4KB - Virtual size: 16B

.APPMOND Size: 4KB - Virtual size: 1KB

.shared Size: 4KB - Virtual size: 36B

.URLHOOK Size: 36KB - Virtual size: 32KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 8KB

.HOOKDAT
Size: 4KB - Virtual size: 16B

.APPMOND
Size: 4KB - Virtual size: 1KB

.shared
Size: 4KB - Virtual size: 36B

.URLHOOK
Size: 36KB - Virtual size: 32KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 6KB