264e17157f8ab689420036788be89fae

Sharing

Copy URL Twitter E-mail

General

Target

264e17157f8ab689420036788be89fae
Size

490KB
MD5

264e17157f8ab689420036788be89fae
SHA1

3729386258b989c278c37dcd600bca349fb4057c
SHA256

e817bc723227e62eebc20ed9b8e51a553d2994c60a43f116cec92cfa9ef59a7d
SHA512

d56575b597e8f0bfb6390126768abc0912a21c9c041101314cf28c2e57f0fa73cb83f6a15f2533dce9237a88ac60a616eca4d14fb21e13b4a3ef40e40ea6ae70
SSDEEP

12288:550MHTTHrjaBiVtXO21n9NJiD07DEIKsZj2D0YH:550MHvfaBUFnwD07oIVZjJY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
264e17157f8ab689420036788be89fae

Files

264e17157f8ab689420036788be89fae
.dll regsvr32 windows:5 windows x86 arch:x86

54aedc4180a11275b2184fcf3fa1e982

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdipReleaseDC
GdipFillRectangleI
GdipCreateSolidFill
GdiplusStartup
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageRect
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipCloneImage
GdipCreateFromHDC

uxtheme

DrawThemeParentBackground

kernel32

FindResourceExW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetTickCount
SetThreadLocale
GetThreadLocale
GetProcAddress
GetModuleHandleW
GetLastError
FreeLibrary
LoadLibraryExW
lstrcmpiW
GetFileAttributesW
ExpandEnvironmentStringsW
SleepEx
CloseHandle
WaitForSingleObjectEx
CreateEventW
WaitForMultipleObjectsEx
Sleep
WaitForSingleObject
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExW
lstrcmpW
MulDiv
LocalFree
LocalAlloc
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
HeapAlloc
LoadResource
HeapFree
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
InterlockedExchange
CreateFileW
HeapCreate
GetModuleFileNameA
GetStdHandle
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetCPInfo
GetACP
LockResource
SizeofResource
FindResourceW
DeleteCriticalSection
lstrlenW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetProcessHeap
ReadFile
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
IsValidCodePage
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringW
GetLocaleInfoA
SetEndOfFile
CreateFileA
ExitProcess

user32

EnumChildWindows
GetWindowThreadProcessId
MessageBoxW
InvalidateRgn
SetCapture
ReleaseCapture
ClientToScreen
CreateAcceleratorTableW
ReleaseDC
GetDesktopWindow
DrawTextW
GetClassNameW
RedrawWindow
IsChild
GetSysColor
DestroyAcceleratorTable
MonitorFromPoint
RegisterWindowMessageW
SetMenuItemBitmaps
InsertMenuW
SetMenuInfo
GetSystemMetrics
CreatePopupMenu
DestroyMenu
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetCursorPos
ChildWindowFromPoint
ScreenToClient
SetTimer
GetWindowTextLengthW
GetMonitorInfoW
MapWindowPoints
SetWindowTextW
KillTimer
GetForegroundWindow
IsWindowVisible
GetAncestor
CharNextW
CopyRect
ShowCaret
CreateCaret
EndPaint
BeginPaint
TranslateMessage
DispatchMessageW
TrackPopupMenu
PostMessageW
GetAsyncKeyState
DestroyCaret
SetCaretPos
GetUpdateRect
GetWindowTextW
FillRect
GetDlgItem
GetWindowRect
MoveWindow
SendMessageW
EndDialog
CallNextHookEx
UnhookWindowsHookEx
GetParent
SetWindowsHookExW
wsprintfW
GetDC
GetWindowLongW
CallWindowProcW
DefWindowProcW
SetWindowPos
TrackMouseEvent
SetCursor
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreateWindowExW
SetWindowLongW
SetFocus
InvalidateRect
GetFocus
GetWindow
ShowWindow
DestroyWindow
GetClientRect
IsWindow
UnregisterClassA
MonitorFromWindow

gdi32

SetBkMode
CreateDIBSection
CreateFontW
SelectObject
GetStockObject
GetTextExtentPoint32W
CreateCompatibleBitmap
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleDC
CreateSolidBrush
GetObjectW
SetTextColor
DeleteObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueW
OpenProcessToken
RegNotifyChangeKeyValue
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
GetTokenInformation

shell32

ShellExecuteW

ole32

CLSIDFromProgID
StringFromIID
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoGetClassObject
CLSIDFromString
OleLockRunning
CoCreateInstance

oleaut32

LoadRegTypeLi
LoadTypeLi
SysStringLen
DispCallFunc
VarBstrCat
VarBstrCmp
SysAllocStringLen
VariantClear
UnRegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
VariantCopy
SysAllocString
VariantInit
RegisterTypeLi
GetErrorInfo
SysFreeString

shlwapi

UrlEscapeW

comctl32

ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54aedc4180a11275b2184fcf3fa1e982

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

uxtheme

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 17KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 17KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 28KB - Virtual size: 27KB