437a668b48a0d0228cf4fb588fe09cd1

Sharing

Copy URL

Twitter E-mail

General

Target

437a668b48a0d0228cf4fb588fe09cd1
Size

84KB
MD5

437a668b48a0d0228cf4fb588fe09cd1
SHA1

3661979d5b1ab372d40c03fa1919e2ed66032e7a
SHA256

7dd92005474b60082f4e7cea7ae0564f26b2bc0c37bcc89dd5729cfbf171fb2a
SHA512

f9e1dc75bdefcc38e0a1cbf03f5369ab7f26cde37c2c78edf453c79a6160aa7fe50eba7a70bec4704de2a2caf58314936242a6ff5f3840b5f11329bf1ead4a8d
SSDEEP

1536:bA4yklp25wMKKICS4A+UoJHYJWLadIQrUs5q:bA2iIsUodYJ5dxz5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
437a668b48a0d0228cf4fb588fe09cd1

Files

437a668b48a0d0228cf4fb588fe09cd1
.dll regsvr32 windows:4 windows x86 arch:x86

f364f097ba2e7b73e71f429598364357

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fclose
strncpy
wcslen
__CxxFrameHandler
_stricmp
_CxxThrowException
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?what@exception@@UBEPBDXZ
atoi
tmpnam
fopen
fwrite
??0exception@@QAE@ABV0@@Z
malloc
free
strstr
isxdigit
strtok
isupper
toupper
printf
srand
wcscmp

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
InternetOpenA

oleaut32

GetErrorInfo
VariantClear
SysAllocString

winmm

timeGetTime

rpcrt4

UuidToStringA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

netapi32

Netbios

shlwapi

StrStrIA
SHGetValueA
SHSetValueA

advapi32

SetSecurityInfo
GetSecurityInfo
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetEntriesInAclA

ole32

CoCreateInstance
CoCreateGuid
CoInitialize

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

user32

GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
DefWindowProcA
SystemParametersInfoA
SetWindowPos
wsprintfA
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
ShowWindow
CreateWindowExA
RegisterClassExA
EnumWindows

kernel32

GetProcessHeap
HeapFree
SetLastError
GetFullPathNameA
LocalFree
FormatMessageA
HeapSize
HeapAlloc
GetModuleFileNameA
DisableThreadLibraryCalls
CloseHandle
Sleep
GetCurrentProcessId
GetWindowsDirectoryA
SleepEx
lstrcpyA
InterlockedExchange
GetSystemDirectoryA
CreateFileA
MoveFileExA
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetVersionExA
GetEnvironmentVariableA
GetCurrentDirectoryA
GetLastError
lstrlenA
OpenProcess
WriteProcessMemory
WaitForSingleObject
CreateProcessA
DeleteFileA
MultiByteToWideChar
VirtualAllocEx
GetVersion
CreateRemoteThread
GetLocalTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f364f097ba2e7b73e71f429598364357

Headers

File Characteristics

Imports

msvcrt

wininet

oleaut32

winmm

rpcrt4

version

netapi32

shlwapi

advapi32

ole32

psapi

user32

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 16KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 16KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB