40bf23c559bd1127790befbec96cf9ac

Sharing

Copy URL Twitter E-mail

General

Target

40bf23c559bd1127790befbec96cf9ac
Size

117KB
MD5

40bf23c559bd1127790befbec96cf9ac
SHA1

ed526b435b52e15415f6bca62ae4b1c99b369bfe
SHA256

51b281f0875478c09330453a1c1ffcda826ee0d903c0f373fb194d094f7f83b3
SHA512

752cb9fbc60142279df4bde6a255c51b14254931c18681f5dd1a46e291c26b3860b87fca0766c397a3dffeeec9ab6ad36b3348f94fd0c1f3a1b845a02df2fdf1
SSDEEP

3072:3yLVNn1emMDu4rwurBk+3KFASO1BH8BxC8e:avn1GFrD6FASO1h8BxC8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40bf23c559bd1127790befbec96cf9ac

Files

40bf23c559bd1127790befbec96cf9ac
.dll regsvr32 windows:5 windows x86 arch:x86

65c4a7fee819d1de43b92ce8c357795c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyExA
RegEnumKeyA
RegEnumKeyExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateOleAdviseHolder
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
WriteClassStm
OleSaveToStream
CoCreateInstance
CreateBindCtx

oleaut32

SysStringByteLen
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayLock
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayPutElement
SysAllocStringByteLen
VariantCopy
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocString
SysStringLen
VariantChangeType
VariantClear
SysFreeString

gdi32

LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

urlmon

CreateURLMoniker
RegisterBindStatusCallback

msvcr90

??2@YAPAXI@Z
_purecall
_recalloc
strncmp
memmove_s
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
sprintf
??_U@YAPAXI@Z
_resetstkoflw
memset
sprintf_s
??_V@YAXPAX@Z
memcpy_s
free
malloc
strstr
??3@YAXPAX@Z
strncpy_s
_wcsdup

kernel32

VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
FormatMessageA
LocalFree
MulDiv
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
SetLastError
IsDBCSLeadByte
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
InterlockedExchange
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
DisableThreadLibraryCalls
GetCurrentProcess
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar

user32

UnregisterClassA
RegisterClassA
GetWindowRect
FillRect
MessageBoxA
GetDC
ReleaseDC
UpdateWindow
CreateWindowExA
RegisterClassExA
GetKeyState
InvalidateRect
IsWindow
CharNextA
wsprintfA
SetWindowLongA
GetWindowLongA
ShowWindow
GetClassInfoExA
LoadCursorA
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
GetClientRect
BeginPaint
CallWindowProcA
PtInRect
UnionRect
DefWindowProcA
SetFocus
IsChild
GetFocus
GetParent
DestroyWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServerDoc
DllRegisterServerNative
DllUnregisterServer
DllUnregisterServerDoc
DllUnregisterServerNative

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65c4a7fee819d1de43b92ce8c357795c

Headers

File Characteristics

Imports

advapi32

ole32

oleaut32

gdi32

urlmon

msvcr90

kernel32

user32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 6KB - Virtual size: 6KB