394d696072f4d5d77ee85ac870d4ae9a

Sharing

Copy URL Twitter E-mail

General

Target

394d696072f4d5d77ee85ac870d4ae9a
Size

55KB
MD5

394d696072f4d5d77ee85ac870d4ae9a
SHA1

7730ab91d90361dd61067614860f746b593a7335
SHA256

7721522fcf3d9e288a9adc0073a30afb9152b6978ecc29e2652c714aa82f0113
SHA512

13c55694c0087d8542ed434bd4d510cc75de0b1df299a266da5a096eb54ee66d8c8932aedd55d4cccca66eae1e17ab6e5c956bee42c15aeb9457ad5a7379ed00
SSDEEP

1536:AGK2M6B1oqrAZV6w3C/sTrovLGduLzPoZlPt:E2B1BrJyuLzPoj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
394d696072f4d5d77ee85ac870d4ae9a

Files

394d696072f4d5d77ee85ac870d4ae9a
.dll regsvr32 windows:4 windows x86 arch:x86

60d4222c353baae6499127a76680bebc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
lstrcpyA
Sleep
CopyFileA
ExitProcess
lstrcmpiA
GetModuleFileNameA
LeaveCriticalSection
CreateThread
DisableThreadLibraryCalls
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
SetFilePointer
MultiByteToWideChar
GetShortPathNameA
WideCharToMultiByte
FreeLibrary
GetLastError
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
SetPriorityClass
ResumeThread
GetSystemDirectoryA
lstrlenA
lstrcatA
FindResourceA
SizeofResource
LoadResource
lstrlenW
LockResource
ReadFile
SetEndOfFile
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

CharNextA
wsprintfA

advapi32

RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DownSoftGo

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60d4222c353baae6499127a76680bebc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB