41a0df8348824bbb11aceebe77b1615e

Sharing

Copy URL Twitter E-mail

General

Target

41a0df8348824bbb11aceebe77b1615e
Size

88KB
MD5

41a0df8348824bbb11aceebe77b1615e
SHA1

e1fcf133e1151ead8f644690809be62c655afbc2
SHA256

0667d7c74fbbf24dcf61a3ad33ad82281b49c1f366b1c85ea792b069e146cfe8
SHA512

8d34c6ee80441dd573cc29b749202c36e320ba3eb21b4467c58c19246f6d4345ebd40f6b8b3706292070aec7c5dd86fad44659e190341a3a5da47b71f9e5db24
SSDEEP

1536:pv9Ile8LxKEfsC2ekcWVf+WCIPpqN6AB/ujhYdAr7:59t8kEfsCN/S+WTFABGjhYdAr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41a0df8348824bbb11aceebe77b1615e

Files

41a0df8348824bbb11aceebe77b1615e
.dll regsvr32 windows:4 windows x86 arch:x86

e185026c7a69ffa513e613a4a2bcfd55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
GetWindowTextA
CharNextA
GetKeyboardType
EnumChildWindows
RealGetWindowClassA
GetWindow
GetWindowThreadProcessId
SetWindowLongW
CallWindowProcW
CallWindowProcA
SetWindowLongA
SendMessageA
GetForegroundWindow

rpcrt4

UuidToStringA
RpcStringFreeA

shlwapi

StrStrIW
StrStrA
SHCopyKeyA

kernel32

LocalFree
CreateThread
CreateProcessA
GetGeoInfoA
lstrcatA
lstrcpyA
DisableThreadLibraryCalls
GetModuleFileNameW
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
LocalAlloc
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
LoadLibraryW
lstrcmpA
DeleteFileA
ReadFile
CreateFileA
ReleaseMutex
GetTempPathA
ExpandEnvironmentStringsA
SystemTimeToFileTime
GetLocalTime
SizeofResource
GetCurrentProcess
GetProcessVersion
GetProcessTimes
CreateMutexA
WaitForSingleObject
GetVersion
IsProcessorFeaturePresent
CloseHandle

advapi32

RegOpenKeyExA
RegCreateKeyA
RegQueryValueA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
VarUI4FromStr
RegisterTypeLi
LoadTypeLi

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Xran@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

msvcrt

_adjust_fdiv
memcpy
free
__CxxFrameHandler
malloc
realloc
??2@YAPAXI@Z
memset
memcmp
_purecall
strlen
atoi
wcslen
tmpnam
_itow
_wtoi
memmove
rand
srand
_ftol
_except_handler3
?terminate@@YAXXZ
_initterm

netapi32

NetApiBufferFree
NetWkstaGetInfo

Exports

Exports

DllCanUnloadNow
DllCheck
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e185026c7a69ffa513e613a4a2bcfd55

Headers

File Characteristics

Imports

user32

rpcrt4

shlwapi

kernel32

advapi32

ole32

oleaut32

msvcp60

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB