483acf51aeed42873a707a9c15927607

Sharing

Copy URL Twitter E-mail

General

Target

483acf51aeed42873a707a9c15927607
Size

72KB
MD5

483acf51aeed42873a707a9c15927607
SHA1

d501ad0c57cfb19d9839cd0ee5e3cee878a3b9e6
SHA256

dbe3dea472ecee323be918f24644b68d46fc9013062bbd6c7d9fa399a8521f15
SHA512

f30a579d71f996e92e79a180a20a4b2ab2a66ee18b26f342f71e54a604b928bea34681b2deebd2706bef35c821d1915560f36076a77e751a261a2806d5bce046
SSDEEP

1536:URnzKnaaG7owrtH6gpdfWcICS4A2u41zmKO1wLap:6zsaaGkUHJWXj41yKO1jp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
483acf51aeed42873a707a9c15927607

Files

483acf51aeed42873a707a9c15927607
.dll regsvr32 windows:4 windows x86 arch:x86

f14d759dde704e7260706dd910372bac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
VariantClear

wininet

InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetSetOptionA

shlwapi

StrStrIA
SHGetValueA
SHSetValueA

ole32

CoTaskMemAlloc
CoCreateGuid
CoInitialize
CoCreateInstance
CoTaskMemFree

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo

user32

KillTimer
SetTimer
DefWindowProcA
SetWindowPos
DispatchMessageA
CloseClipboard
TranslateMessage
GetMessageA
SystemParametersInfoA
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
ShowWindow
CreateWindowExA
OpenClipboard
RegisterClassExA
GetClassNameA
wsprintfA

netapi32

Netbios

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
free
malloc
ispunct
isxdigit
srand
printf
isalnum
islower
__CxxFrameHandler
strchr
toupper
isspace
strtok
fwrite
fopen
tmpnam
atoi
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strstr
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strncpy
_stricmp
fclose

rpcrt4

UuidToStringA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

kernel32

WaitForSingleObject
MoveFileExA
CreateFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetFullPathNameA
CreateProcessA
SetLastError
GetLastError
GetProcessHeap
HeapAlloc
HeapSize
GetEnvironmentVariableA
DeleteFileA
LocalFree
FormatMessageA
GetLocalTime
QueryPerformanceCounter
InterlockedExchange
OpenProcess
SleepEx
GetCurrentDirectoryA
GetCurrentProcessId
MultiByteToWideChar
GetVersion
GetModuleHandleA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrlenA
lstrcpyA
HeapFree
Sleep
GetVersionExA
LoadLibraryA
QueryPerformanceFrequency
VirtualAllocEx
GetProcAddress
WriteProcessMemory
CreateRemoteThread
CloseHandle
FreeLibrary
GetTickCount

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f14d759dde704e7260706dd910372bac

Headers

File Characteristics

Imports

winmm

oleaut32

wininet

shlwapi

ole32

advapi32

user32

netapi32

msvcrt

rpcrt4

psapi

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB