4d7fe1f922d44433e244366a1d88ff61

Sharing

Copy URL Twitter E-mail

General

Target

4d7fe1f922d44433e244366a1d88ff61
Size

243KB
MD5

4d7fe1f922d44433e244366a1d88ff61
SHA1

78493787dea9eb6671d2d8b202baa08a103170bf
SHA256

4c7caedd1b69e07eda1169adea6804a83952cf686d79e721e9ccf265a8aab6a2
SHA512

351d44d7ff5516bde7e575b446f4d25a84f7624b3f2c7e52ae53fb73f6f86b536dddf59b60c13c63ecc3303b2960a705c6593dfe1e221ec5b5f0e3b94e2cfa4b
SSDEEP

6144:myuP/p9xk4OIMoNMHYFbwv8R6rdUYLa+JaLa+AaGa+AV:mTPeAfk0R6rdUYLa+JaLa+AaGa+AV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d7fe1f922d44433e244366a1d88ff61

Files

4d7fe1f922d44433e244366a1d88ff61
.dll regsvr32 windows:4 windows x86 arch:x86

dddc8affad5f1bf8b9952403f50224ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateThread
GetExitCodeThread
SetEvent
FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileSize
CreateFileW
lstrcatW
ExpandEnvironmentStringsW
lstrcpyW
GetTempPathW
FindClose
FindNextFileW
CompareFileTime
GetFileTime
lstrcmpW
FindFirstFileW
ReadFile
DeleteFileW
GetACP
CopyFileW
GetTempFileNameW
WaitForMultipleObjects
GetSystemTimeAsFileTime
CreateEventW
GetProcAddress
lstrcpynW
GetTickCount
WriteFile
GetCurrentThreadId
GetSystemTime
CreateDirectoryW
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
GlobalReAlloc
GlobalAlloc
ReleaseMutex
ReleaseSemaphore
InterlockedExchangeAdd
Sleep
UnmapViewOfFile
MapViewOfFile
CreateSemaphoreW
CreateMutexW
OpenFileMappingW
CreateFileMappingW
SetEndOfFile
CreateFileA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WaitForSingleObject
GetVersionExW
WideCharToMultiByte
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetCurrentProcessId
ProcessIdToSessionId
GetComputerNameW
GetModuleFileNameW
GetModuleHandleW
LocalFree
GetProcessHeap
HeapFree
HeapAlloc
lstrlenW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
EnterCriticalSection
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetFilePointer
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetConsoleMode
GetConsoleCP
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
GetCommandLineA
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange

user32

CharLowerBuffW
UnregisterClassA
CharNextW
LoadStringW
CharLowerW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW

advapi32

CryptDestroyKey
CryptDeriveKey
CryptDecrypt
CryptEncrypt
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitializeEx
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantInit
VariantClear
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayDestroy
VarBstrCmp
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysStringByteLen

shlwapi

SHCreateStreamOnFileW
PathFileExistsW

wtsapi32

WTSCloseServer
WTSOpenServerW
WTSFreeMemory
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetWkstaUserEnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dddc8affad5f1bf8b9952403f50224ea

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 14KB

.SHARSTA Size: 4KB - Virtual size: 48B

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 14KB

.SHARSTA
Size: 4KB - Virtual size: 48B

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 16KB - Virtual size: 13KB