52ac49d9f8ee8895e18d4607f8057ee1

Sharing

Copy URL Twitter E-mail

General

Target

52ac49d9f8ee8895e18d4607f8057ee1
Size

76KB
MD5

52ac49d9f8ee8895e18d4607f8057ee1
SHA1

f20cc3f05f1051fb499848f2979f64218be7dd9e
SHA256

15f78d2f36a6e3754ff7477d48c7764bf4888dd84648d3cdb30eff60f9908787
SHA512

811c381d9ca98e0deaca4cde0c2e3a7699e83173af3046e6872c50f970a98256ffec21daa13e929cc3bca1a070c7ad2ff7a895d74e1074a81e95740d54e4d040
SSDEEP

1536:17gKsIN+cOpFqBzr48vBS2Esy/5wCQ+kne:17yFcOpUMyy/mCQ+2e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52ac49d9f8ee8895e18d4607f8057ee1

Files

52ac49d9f8ee8895e18d4607f8057ee1
.dll regsvr32 windows:4 windows x86 arch:x86

6ec5732e6e4fbc8c52aa3fde5b15a1f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetSystemTime
GetTempPathA
DebugBreak
HeapReAlloc
HeapFree
SetLastError
lstrcpyA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
FindNextFileA
GetVersion
FindFirstFileA
FindClose
CreateFileA
GetFileSize
GetLastError
IsBadWritePtr
CreateMutexA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateThread
TerminateThread
CloseHandle
SetThreadPriority
WinExec
WaitForSingleObject
CreateDirectoryA
GetTempFileNameA
lstrcmpiA
ReleaseMutex
OutputDebugStringA
GlobalMemoryStatus
SystemTimeToFileTime
GetCurrentThreadId
GetCurrentProcessId
ExitProcess
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
DeleteFileA
Sleep
GetTickCount
InterlockedDecrement
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
IsBadStringPtrA
IsBadReadPtr
IsBadCodePtr
LocalFree

user32

CharLowerA
CreateWindowExA
DispatchMessageA
TranslateMessage
PeekMessageA
SetActiveWindow
MessageBoxA
wsprintfA
SetPropA
SetTimer
GetPropA
KillTimer
DestroyWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA

ole32

StringFromGUID2
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

GetErrorInfo
DispCallFunc
LoadRegTypeLi
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen

atl

ord42
ord31
ord11
ord47
ord58
ord30
ord32
ord23
ord21
ord16
ord15
ord18
ord10

msvcrt

_onexit
__dllonexit
fopen
_stricmp
isalnum
strncpy
_strlwr
strrchr
printf
_mbslwr
malloc
__CxxFrameHandler
strcmp
memcmp
memcpy
time
srand
??1type_info@@UAE@XZ
strlen
rand
memset
free
strcpy
atoi
wcsstr
strtok
getenv
vfprintf
fflush
strcat
_except_handler3
_vsnprintf
_snprintf
_strcmpi
_CxxThrowException

msvcp60

??1_Lockit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0_Lockit@std@@QAE@XZ

mapi32

ord13
ord23
ord135
ord17
ord138
ord11
ord19
ord75
ord140
ord129
ord21

urlmon

URLDownloadToCacheFileA
URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
calloc
free
malloc
realloc

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ec5732e6e4fbc8c52aa3fde5b15a1f5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

atl

msvcrt

msvcp60

mapi32

urlmon

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 6KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 6KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 4KB