3d219a1db1a735d78069c2f010608934

Sharing

Copy URL Twitter E-mail

General

Target

3d219a1db1a735d78069c2f010608934
Size

172KB
MD5

3d219a1db1a735d78069c2f010608934
SHA1

5a248a065b3b6af2cdca7a4d4cfbbd1d6bd1395d
SHA256

0c79099e1f71583a9c247594eddc659035341a78eb6e6123e6c563bdf8cbfc42
SHA512

36d30e3940e06afb78f1fc580f38ec1257e213f5653bdb2a0a30e9b21718fff8ac58da89aabce89142f9ff69ecd8bb144e263b08828a53c334fda79d3fedc8b0
SSDEEP

3072:ZeD/vFSTuEp9kkbr/auNohUAMo6AcnYHTTlxoU2TJZ75CkBY3:w/dSTuEQiWuNo75HfHnj2rdc3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d219a1db1a735d78069c2f010608934

Files

3d219a1db1a735d78069c2f010608934
.dll regsvr32 windows:4 windows x86 arch:x86

ef6cf04949b3a8649d8c5099047c9d4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

rpcrt4

UuidToStringA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

msvcrt

wcscmp
ispunct
strncpy
printf
isspace
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strstr
strtol
atoi
tmpnam
fopen
tolower
__CxxFrameHandler
strchr
fwrite
??3@YAXPAX@Z
fclose
strtok
toupper
strerror
isxdigit
isgraph
?what@exception@@UBEPBDXZ
wcslen
isalnum
free
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wctomb
islower
isalpha
isupper
malloc
??2@YAPAXI@Z

oleaut32

SysFreeString
SysAllocString
VariantClear
GetErrorInfo

netapi32

Netbios

advapi32

SetSecurityInfo
GetSecurityInfo
RegCloseKey
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetEntriesInAclA

wininet

HttpQueryInfoA
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetReadFile
InternetOpenUrlA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoCreateGuid
CoTaskMemAlloc

user32

EnumWindows
wsprintfA
SystemParametersInfoA
SetWindowPos
OpenClipboard
CloseClipboard
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
EnumChildWindows
DispatchMessageA
KillTimer
SetTimer
TranslateMessage
DefWindowProcA
GetClassNameA
GetWindowThreadProcessId

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

kernel32

HeapFree
GetLocalTime
GetWindowsDirectoryA
GetSystemInfo
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetLastError
SetLastError
GetFullPathNameA
GetThreadTimes
Sleep
GetCurrentThread
FreeEnvironmentStringsA
GetEnvironmentStrings
GetProcessTimes
GetCurrentProcess
GetVersionExA
HeapSize
HeapAlloc
GetVersion
lstrcpyA
lstrcmpiA
lstrcmpA
MultiByteToWideChar
GetCurrentDirectoryA
CloseHandle
OpenProcess
GetCurrentProcessId
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
LocalFree
FormatMessageA
SleepEx
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynA
CreateFileA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
lstrlenA
GetProcessHeap

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef6cf04949b3a8649d8c5099047c9d4a

Headers

File Characteristics

Imports

winmm

rpcrt4

psapi

msvcrt

oleaut32

netapi32

advapi32

wininet

version

ole32

user32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 24KB - Virtual size: 24KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 24KB - Virtual size: 24KB

.reloc
Size: 8KB - Virtual size: 7KB