42bff905e13a896511b907fb29e36459

Sharing

Copy URL Twitter E-mail

General

Target

42bff905e13a896511b907fb29e36459
Size

188KB
MD5

42bff905e13a896511b907fb29e36459
SHA1

76708d9c8d839143a862451c5a87cf8e2d0a94f6
SHA256

908fdc51b6f587e26470803bcaeba773fa6b0c8d754a97789863f913251dc096
SHA512

e4daa0ed25056d68afbffb7dbb3ecca94ce630894195fbfb7554432db6b96571f4c5f857df21f7ef36874878bd80505e7259a449c318d4542834ac0a0cdf134f
SSDEEP

3072:McgQEyWaJna2xZNsRwkHgmy2rpzx49tUOV1EQICqzD8g86aBhD0DhUbCwv8dhBhC:0QEyPaqre/AD2rb2ID8g86aBhDUUup9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42bff905e13a896511b907fb29e36459

Files

42bff905e13a896511b907fb29e36459
.dll regsvr32 windows:5 windows x86 arch:x86

416f7e70b1d2d148459625459c232caa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
free
wcscpy
_except_handler3
wcslen
swprintf
malloc
_adjust_fdiv

ntdll

RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
NtQueryInformationToken

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
lstrcpyW
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
lstrcatW
CreateDirectoryW
WritePrivateProfileStringW
SetLastError
TerminateProcess
GetLastError
GetComputerNameW
LocalFree
lstrlenW

advapi32

CryptAcquireContextW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
CopySid
GetLengthSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptReleaseContext
GetTokenInformation
AllocateAndInitializeSid
LookupAccountSidA
FreeSid
RegOpenKeyExW
CryptDestroyKey
DuplicateToken
CheckTokenMembership
ImpersonateLoggedOnUser
RevertToSelf
RegQueryValueExW
CryptGenKey
GetUserNameW
RegCloseKey

user32

LoadStringW
wvsprintfW

crypt32

CertOpenStore
CertStrToNameW
CertCreateSelfSignCertificate
CertOpenSystemStoreW
CertAddCertificateContextToStore
CryptEncodeObject
CertFreeCertificateContext
CertCloseStore

rpcrt4

RpcBindingFree
RpcRaiseException
RpcBindingSetAuthInfoExA
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCreate
UuidToStringW
RpcStringFreeW
NdrClientCall2

ole32

CoInitialize
CoCreateInstance
CoUninitialize

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

wldap32

ord140
ord224
ord18
ord13
ord41
ord208
ord73
ord26
ord170

Exports

Exports

DllRegisterServer
DllUnregisterServer
WLEventLock
WLEventLogoff
WLEventLogon
WLEventShutdown
WLEventStartScreenSaver
WLEventStartShell
WLEventStartup
WLEventStopScreenSaver
WLEventUnlock

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

416f7e70b1d2d148459625459c232caa

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

user32

crypt32

rpcrt4

ole32

netapi32

wldap32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 940B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 940B