4284bc81e9158eb0601f5e1c8867db42

Sharing

Copy URL Twitter E-mail

General

Target

4284bc81e9158eb0601f5e1c8867db42
Size

2.5MB
MD5

4284bc81e9158eb0601f5e1c8867db42
SHA1

e48548a5286eba057c949ede146e4108c90fd585
SHA256

abb8faf913b3e17267be4035f29d4b95f674cd1cd2ed669ebe408306ce6ce263
SHA512

cf5e3e74f19dd0f72c6800685875f6e26bf8073e6a5a9539f582c0ca2ed4669e43cfa6db803652be69304bef174b8b69b9f95cf29b04f5d76a3b910e1472dae0
SSDEEP

12288:JVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1nS:ofP7fWsK5z9A+WGAW+V5SB6Ct4bnbnS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4284bc81e9158eb0601f5e1c8867db42

Files

4284bc81e9158eb0601f5e1c8867db42
.dll regsvr32 windows:5 windows x64 arch:x64

6668be91e2c948b183827f040944057f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

LookupIconIdFromDirectoryEx
WaitForInputIdle
GetParent
GetFocus

setupapi

CM_Get_Resource_Conflict_DetailsW

kernel32

DeleteCriticalSection
DeleteTimerQueue
TerminateJobObject
GetFileInformationByHandle
GetThreadLocale
GetNamedPipeServerProcessId
GetConsoleFontSize

gdi32

CreateBitmapIndirect
GetPolyFillMode

crypt32

CertGetCTLContextProperty

advapi32

AddAccessDeniedObjectAce

shlwapi

ChrCmpIW

Exports

Exports

?AfxFreeLibrary@@YAHPEAUHINSTANCE__@@@Z
?AfxLoadLibrary@@YAPEAUHINSTANCE__@@PEBG@Z
?AfxLockGlobals@@YAXH@Z
?AfxUnlockGlobals@@YAXH@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.qkm
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cvjb
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tlmkv
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wucsxe
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fltwtj
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sfplio
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rpg
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bewzc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vksvaw
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wmhg
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gebpi
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fwhzuc
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ojh
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dti
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voboi
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xphra
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ckvtbh
Size: 4KB - Virtual size: 571B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xcclq
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iwqnx
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sgdaa
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qyr
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bqton
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.puqozu
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mjaml
Size: 4KB - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qoqlu
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6668be91e2c948b183827f040944057f

Headers

DLL Characteristics

File Characteristics

Imports

user32

setupapi

kernel32

gdi32

crypt32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 257KB

.rdata Size: 404KB - Virtual size: 403KB

.data Size: 96KB - Virtual size: 94KB

.pdata Size: 4KB - Virtual size: 300B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 8KB

.qkm Size: 4KB - Virtual size: 1KB

.cvjb Size: 8KB - Virtual size: 7KB

.tlmkv Size: 4KB - Virtual size: 2KB

.wucsxe Size: 280KB - Virtual size: 276KB

.fltwtj Size: 8KB - Virtual size: 4KB

.sfplio Size: 4KB - Virtual size: 1KB

.rpg Size: 280KB - Virtual size: 276KB

.bewzc Size: 8KB - Virtual size: 4KB

.vksvaw Size: 4KB - Virtual size: 1KB

.wmhg Size: 8KB - Virtual size: 4KB

.gebpi Size: 4KB - Virtual size: 1KB

.fwhzuc Size: 280KB - Virtual size: 276KB

.ojh Size: 4KB - Virtual size: 2KB

.dti Size: 4KB - Virtual size: 1KB

.voboi Size: 280KB - Virtual size: 276KB

.xphra Size: 8KB - Virtual size: 4KB

.ckvtbh Size: 4KB - Virtual size: 571B

.xcclq Size: 280KB - Virtual size: 276KB

.iwqnx Size: 8KB - Virtual size: 4KB

.sgdaa Size: 280KB - Virtual size: 276KB

.qyr Size: 4KB - Virtual size: 2KB

.bqton Size: 4KB - Virtual size: 1KB

.puqozu Size: 4KB - Virtual size: 2KB

.mjaml Size: 4KB - Virtual size: 318B

.qoqlu Size: 28KB - Virtual size: 27KB

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 404KB - Virtual size: 403KB

.data
Size: 96KB - Virtual size: 94KB

.pdata
Size: 4KB - Virtual size: 300B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 8KB

.qkm
Size: 4KB - Virtual size: 1KB

.cvjb
Size: 8KB - Virtual size: 7KB

.tlmkv
Size: 4KB - Virtual size: 2KB

.wucsxe
Size: 280KB - Virtual size: 276KB

.fltwtj
Size: 8KB - Virtual size: 4KB

.sfplio
Size: 4KB - Virtual size: 1KB

.rpg
Size: 280KB - Virtual size: 276KB

.bewzc
Size: 8KB - Virtual size: 4KB

.vksvaw
Size: 4KB - Virtual size: 1KB

.wmhg
Size: 8KB - Virtual size: 4KB

.gebpi
Size: 4KB - Virtual size: 1KB

.fwhzuc
Size: 280KB - Virtual size: 276KB

.ojh
Size: 4KB - Virtual size: 2KB

.dti
Size: 4KB - Virtual size: 1KB

.voboi
Size: 280KB - Virtual size: 276KB

.xphra
Size: 8KB - Virtual size: 4KB

.ckvtbh
Size: 4KB - Virtual size: 571B

.xcclq
Size: 280KB - Virtual size: 276KB

.iwqnx
Size: 8KB - Virtual size: 4KB

.sgdaa
Size: 280KB - Virtual size: 276KB

.qyr
Size: 4KB - Virtual size: 2KB

.bqton
Size: 4KB - Virtual size: 1KB

.puqozu
Size: 4KB - Virtual size: 2KB

.mjaml
Size: 4KB - Virtual size: 318B

.qoqlu
Size: 28KB - Virtual size: 27KB