2aec5c6796ff03d99c6e3a65d519545c

Sharing

Copy URL Twitter E-mail

General

Target

2aec5c6796ff03d99c6e3a65d519545c
Size

164KB
MD5

2aec5c6796ff03d99c6e3a65d519545c
SHA1

c3ea4b7b32a06572859bd1350a7ca9b9dbd0fba0
SHA256

65ea84dcc684ad20b4998222007873f55bc377ca5fd25d044e6cab7d8f146c8e
SHA512

e6ceb60cc9184c9e4b01c42ea3ad7501dfa097e203bc604a50fe32449c5788608a779e624b9e1efd680848303c5eda309696e6713d842f07cf195b516f59337f
SSDEEP

3072:LvkuxN32OM+XCnibmzes8JxuhUgOVVKxdqzAu7J6uEYimz:t3lM+SboxGUg8gocucuV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aec5c6796ff03d99c6e3a65d519545c

Files

2aec5c6796ff03d99c6e3a65d519545c
.dll regsvr32 windows:4 windows x86 arch:x86

67c8d03e8fe7a232225644b6b1b2441b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetReadFile

msvcrt

_adjust_fdiv
_initterm
strchr
toupper
strtok
isalpha
??1type_info@@UAE@XZ
_onexit
__dllonexit
srand
strtol
atoi
tmpnam
fopen
isxdigit
isspace
wctomb
strstr
__CxxFrameHandler
malloc
free
??0exception@@QAE@ABV0@@Z
printf
isgraph
??3@YAXPAX@Z
??2@YAPAXI@Z
isalnum
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
isupper
fwrite
fclose
wcslen
?what@exception@@UBEPBDXZ
wcscmp
strerror
ispunct
tolower
strncpy
islower
__mb_cur_max

advapi32

CryptReleaseContext
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegCloseKey
CryptGenRandom
CryptAcquireContextA
RegOpenKeyExA

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantClear

netapi32

Netbios

winmm

timeGetTime

ole32

CoTaskMemAlloc
CoCreateGuid
CoInitialize
CoTaskMemFree
CoCreateInstance

user32

OpenClipboard
CloseClipboard
KillTimer
SetTimer
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SystemParametersInfoA
SetWindowPos
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
DefWindowProcA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

rpcrt4

UuidToStringA

shlwapi

SHSetValueA
SHGetValueA
StrStrIA

kernel32

GetLocalTime
CreateFileA
GetFullPathNameA
SetLastError
GetCurrentDirectoryA
MultiByteToWideChar
GetCurrentThread
GetThreadTimes
GetSystemInfo
GetModuleFileNameA
Sleep
FormatMessageA
LocalFree
GetCurrentProcessId
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GetProcessHeap
HeapAlloc
GetVersionExA
GetVersion
lstrlenA
lstrcpyA
HeapFree
SleepEx
OpenProcess
CloseHandle
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
CreateProcessA
DeleteFileA
GetSystemDirectoryA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
WaitForSingleObject
GetEnvironmentStrings
lstrcmpiA
lstrcmpA
GetModuleHandleA
GetProcessTimes
GetCurrentProcess
lstrcpynA
MoveFileExA
HeapSize
FreeEnvironmentStringsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67c8d03e8fe7a232225644b6b1b2441b

Headers

File Characteristics

Imports

wininet

msvcrt

advapi32

oleaut32

netapi32

winmm

ole32

user32

version

psapi

rpcrt4

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 20KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 20KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 7KB