39158c8f0407b11e35d576bf5d968ea0

Sharing

Copy URL Twitter E-mail

General

Target

39158c8f0407b11e35d576bf5d968ea0
Size

2.4MB
MD5

39158c8f0407b11e35d576bf5d968ea0
SHA1

70cd1ffd925658d584081bb53d69f91c1e6dffd5
SHA256

e8a23d972e8e873ef09b27707979efcd085c97c1710fd25e337e0165de429bb8
SHA512

4b856ccbf6d333de19a15aed8d9d500369b09f9aa95ad31f2dbcb4fab6908cdee9e2eee0e9f6f1870d763992e76c204e0fd31ffe8002529cb5acab72a0c3ff94
SSDEEP

49152:+t0WQrrr7747dVkyMgi/9lVVcZAEPqaR1ot:0YrrY7dVlMH9lDQAo71ot

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39158c8f0407b11e35d576bf5d968ea0

Files

39158c8f0407b11e35d576bf5d968ea0
.dll regsvr32 windows:6 windows x86 arch:x86

52813fc1f4c45760ec9f3dfc3328a58f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_wtoi
iswalnum
vswprintf_s
free
_vsnwprintf
memmove_s
wcschr
_itow_s
_vscwprintf
_wcslwr_s
wcsspn
wcscspn
_ltow_s
wcstol
memmove
_wcsdup
memcpy
_ftol2
_vsnprintf
_wcsnicmp
_ftol2_sse
iswalpha
_isnan
??_V@YAXPAX@Z
??_U@YAPAXI@Z
malloc
_onexit
_lock
__dllonexit
_unlock
realloc
_except_handler4_common
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
calloc
qsort
_wcsicmp
wcsstr
memset
memcpy_s

ntdll

WinSqmAddToStream

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

kernel32

LoadResource
LockResource
SizeofResource
RaiseException
FindResourceW
InterlockedIncrement
DisableThreadLibraryCalls
HeapFree
GetProcessHeap
HeapAlloc
FindResourceExW
GetLastError
GetThreadUILanguage
GetFileAttributesW
DeleteFileW
IsProcessInJob
ProcessIdToSessionId
OpenProcess
CloseHandle
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLocaleInfoW
InterlockedCompareExchange
Sleep
CompareStringW
GetVersion
MultiByteToWideChar
InterlockedExchange
HeapSize
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryW
GetProcAddress
lstrlenW
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetVersionExW
ExpandEnvironmentStringsW
GetAtomNameW
InterlockedDecrement
GetUserDefaultLCID
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DebugBreak
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
GetModuleFileNameA
GetUserDefaultUILanguage
SetProcessWorkingSetSize
FormatMessageW
GetSystemDirectoryW
LocalAlloc
LocalFree
GetModuleHandleExW
CreateThread
FreeLibraryAndExitThread
HeapCreate
GetModuleHandleW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetModuleFileNameW
TlsGetValue
AddAtomW
DeleteAtom
MulDiv
FindAtomW
IsProcessorFeaturePresent
GetThreadLocale
LoadLibraryExW
TlsSetValue
TlsFree
TlsAlloc

advapi32

TraceEvent
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegLoadMUIStringW
RegGetValueW
RegEnumKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCloseKey

shlwapi

ord618
ord494
ord24
ord158
ord219
ord256
ord172
ord176
PathAppendW
PathCreateFromUrlW
ord493
ord199
ord204
ord156
ord174

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
SHParseDisplayName
ord155
SHBindToObject
ord25
ord18

ole32

StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoGetObject
CLSIDFromString
CoDisconnectObject
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
VariantClear
SysStringLen
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
VariantInit

user32

EnumChildWindows
PostMessageW
SetCursor
GetMessagePos
UpdateWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
SetWindowPos
GetFocus
IsChild
ShowWindow
SetParent
AdjustWindowRectEx
ScreenToClient
NotifyWinEvent
GetPropW
SetPropW
RemovePropW
SendMessageTimeoutW
SendInput
CharUpperW
CharUpperA
UnregisterClassA
SystemParametersInfoW
SendMessageW
LoadStringW
KillTimer
SetTimer
InvalidateRect
IsCharAlphaNumericW
RegisterWindowMessageW
GetKeyState
SetRectEmpty
CopyRect
ClientToScreen
LoadCursorW
DefWindowProcW
DestroyWindow
SetFocus
GetParent
SetWindowRgn
GetWindowRgnBox
MapWindowPoints
GetWindowRect
GetClientRect
CallWindowProcW
CreateWindowExW
DrawIconEx
RegisterClassExW
GetClassInfoExW
SetRect
GetIconInfo
LoadImageW
DestroyIcon
ReleaseDC
GetDC
CreateIconIndirect
EqualRect
EnableWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetWindowLongW
SetWindowLongW
SetScrollInfo
DrawFrameControl
InflateRect
FillRect
IsRectEmpty
DrawTextW
GetKeyNameTextW
MapVirtualKeyW
DrawFocusRect
IntersectRect

uxtheme

IsAppThemed
GetThemeAppProperties
GetThemeMargins
GetThemeFont
EndBufferedPaint
BufferedPaintClear
GetBufferedPaintBits
BeginBufferedPaint
DrawThemeTextEx
ord47
GetThemePartSize
BufferedPaintInit
OpenThemeData
CloseThemeData
BufferedPaintUnInit
GetThemeMetric
GetThemeColor

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
ObjectFromLresult
GetRoleTextW

dwmapi

DwmIsCompositionEnabled

gdi32

DeleteObject
GetPixel
SelectObject
CreateCompatibleDC
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateDIBSection
DeleteEnhMetaFile
GetDeviceCaps
SetBrushOrgEx
SetStretchBltMode
GetBrushOrgEx
RealizePalette
SelectPalette
CreateHalftonePalette
GetDIBits
PatBlt
GdiAlphaBlend
GdiGradientFill
GdiTransparentBlt
SetBkMode
SetBkColor
SetTextColor
GetStockObject
SetTextAlign
GetTextAlign
GetLayout
GetTextColor
ExtTextOutW
BitBlt
PlayEnhMetaFile
GetTextExtentPoint32W
CreatePatternBrush
CreateSolidBrush
SetWindowOrgEx
OffsetWindowOrgEx
GetBkMode
CombineRgn
ExtCreateRegion
GetRegionData
RectVisible
GetRgnBox
OffsetRgn
CreateRectRgn
CreateFontIndirectW
SetLayout
GetBkColor
CreateDIBPatternBrushPt
StretchDIBits
LPtoDP
GetTextMetricsW
GdiGetCharDimensions
DeleteDC

duser

UtilDrawBlendRect
GetStdColorI
GetStdColorBrushI
CreateGadget
SetGadgetFocusEx
BuildInterpolation
BuildAnimation
GetGadgetSize
DeleteHandle
InitGadgets
GetGadgetFocus
SetGadgetFocus
GetGadgetRect
DUserPostEvent
DUserSendEvent
SetGadgetStyle
SetGadgetMessageFilter
SetGadgetParent
SetGadgetRect
InvalidateGadget
DUserFlushDeferredMessages
DUserFlushMessages
SetGadgetBufferInfo
GetGadgetTicket
FindGadgetFromPoint
MapGadgetPoints
ForwardGadgetMessage
GetGadgetRgn
DetachWndProc
AttachWndProcW
FindStdColor
CreateAction
LookupGadgetTicket
SetGadgetRootInfo
GetGadgetAnimation

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52813fc1f4c45760ec9f3dfc3328a58f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

psapi

kernel32

advapi32

shlwapi

shell32

ole32

oleaut32

user32

uxtheme

oleacc

dwmapi

gdi32

duser

Exports

Exports

Sections

.text Size: 389KB - Virtual size: 389KB

.data Size: 50KB - Virtual size: 62KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 389KB - Virtual size: 389KB

.data
Size: 50KB - Virtual size: 62KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 36KB - Virtual size: 36KB