2b424a25b2923b789cecdda8090f56a9107c99c02f9f617526caeb48bd4860c4

Sharing

Copy URL Twitter E-mail

General

Target

2b424a25b2923b789cecdda8090f56a9107c99c02f9f617526caeb48bd4860c4
Size

741KB
MD5

34cc000e03f68683ca17f16d0a020acd
SHA1

32e209b11025656eec82a7dfbfd3ec4c1f3800a4
SHA256

2b424a25b2923b789cecdda8090f56a9107c99c02f9f617526caeb48bd4860c4
SHA512

cdbe459f709b8d2682c91a41584d2910b91adbeab249d718b9cced1ff79f7390dde32cabc0f5be464825751f8f703f6ecac21d9a915102f0c07ebc034da95283
SSDEEP

12288:hvmWlJwUFRl4d/M6PiRnJIVAdoWYgeWYg955/155/0kpUqyr4O1Do4o:hvVlJN54d/MCiRnekpG51Df

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b424a25b2923b789cecdda8090f56a9107c99c02f9f617526caeb48bd4860c4

Files

2b424a25b2923b789cecdda8090f56a9107c99c02f9f617526caeb48bd4860c4
.dll regsvr32 windows:5 windows x64 arch:x64

68bbefe8de35620476490bde011460b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mfc100

ord9262
ord9260
ord7770
ord7782
ord7806
ord8781
ord10303
ord8994
ord8995
ord9019
ord9447
ord7767
ord9008
ord9047
ord10181
ord9119
ord9018
ord9079
ord9080
ord9081
ord9846
ord9847
ord9066
ord9893
ord9888
ord9883
ord10023
ord8796
ord8279
ord8738
ord9839
ord9022
ord9421
ord9071
ord9072
ord7148
ord11308
ord4482
ord4271
ord9168
ord9166
ord10549
ord6694
ord4408
ord10650
ord2425
ord2789
ord12080
ord9871
ord9708
ord2855
ord11398
ord9000
ord9116
ord7718
ord1576
ord11225
ord2201
ord3348
ord5792
ord5072
ord4915
ord11097
ord8146
ord12905
ord5011
ord12904
ord7190
ord7576
ord3990
ord11312
ord11311
ord3284
ord1460
ord4308
ord1415
ord6293
ord6541
ord1959
ord752
ord1181
ord3125
ord8001
ord8980
ord4916
ord8043
ord10835
ord12916
ord3275
ord2353
ord12181
ord5319
ord2659
ord2877
ord2878
ord3479
ord9195
ord10054
ord9701
ord7833
ord10577
ord10088
ord9692
ord9094
ord8763
ord6062
ord373
ord2839
ord2726
ord12920
ord4920
ord5236
ord8982
ord5819
ord883
ord1202
ord3614
ord2745
ord7927
ord5849
ord1241
ord5580
ord946
ord3597
ord2653
ord7918
ord5543
ord902
ord924
ord3313
ord5596
ord5542
ord926
ord3156
ord6425
ord12503
ord9171
ord3270
ord7697
ord6706
ord6707
ord8026
ord10795
ord410
ord956
ord5325
ord3480
ord5326
ord5298
ord8149
ord4605
ord3828
ord9259
ord11465
ord11428
ord12915
ord7766
ord10841
ord5973
ord9688
ord8047
ord2754
ord12284
ord10877
ord10875
ord1474
ord1481
ord1487
ord1485
ord1492
ord4218
ord4255
ord4226
ord4238
ord4234
ord4230
ord4260
ord4251
ord4222
ord4264
ord4243
ord4209
ord4213
ord4246
ord3849
ord13605
ord3842
ord2573
ord12928
ord6807
ord12926
ord5887
ord10366
ord12138
ord5046
ord2285
ord10747
ord2852
ord2851
ord2753
ord10790
ord893
ord2051
ord3285
ord2014
ord2012
ord2040
ord1945
ord2002
ord396
ord1914
ord2050
ord2048
ord1906
ord1844
ord322
ord1275
ord4459
ord4723
ord4893
ord8136
ord4462
ord4596
ord7066
ord8979
ord11686
ord1831
ord4608
ord3355
ord1948
ord12597
ord1461
ord7038
ord2105
ord12156
ord305
ord5035
ord2538
ord7571
ord9913
ord3520
ord4186
ord6859
ord12679
ord1159
ord719
ord3950
ord3951
ord3948
ord6397
ord1972
ord1957
ord1907
ord6382
ord6380
ord6535
ord6274
ord306
ord266
ord1179
ord749
ord7286
ord7213
ord11410
ord13393
ord4555
ord2116
ord11106
ord11107
ord12927
ord6806
ord12925
ord8182
ord3535
ord3477
ord11489
ord6823
ord1709
ord13700
ord10609
ord12808
ord11099
ord6868
ord13109
ord13106
ord13111
ord13108
ord13110
ord13107
ord3288
ord5031
ord10859
ord10867
ord7063
ord9145
ord10871
ord10840
ord11470
ord4458
ord4722
ord4892
ord8135
ord4700
ord4895
ord4461
ord4597
ord4445
ord5235
ord6640
ord6641
ord6631
ord4595
ord7065
ord8977
ord8000
ord5777
ord1975
ord12872
ord1895
ord1963
ord13144
ord321
ord3933
ord1863
ord6864
ord1266
ord876
ord3991
ord7534
ord12752
ord7944
ord8870
ord10085
ord7975
ord10030
ord9998
ord3394
ord5238
ord8507
ord4410
ord5321
ord12185
ord2788
ord2785
ord7057
ord2354
ord13684
ord13686
ord13685
ord13683
ord13687
ord13670
ord13598
ord13599
ord7931
ord10712
ord3273
ord7575
ord13741
ord4124
ord1294
ord310
ord2095
ord1426
ord300
ord3697
ord5002
ord1291
ord889
ord316
ord265
ord1272
ord10754
ord1274
ord1859
ord1858

kernel32

FindClose
FindNextFileA
FindFirstFileA
Sleep
LocalFree
FormatMessageA
CreateDirectoryA
MultiByteToWideChar
CloseHandle
CreateFileW
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
GetDriveTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LoadLibraryW
GetProcessHeap
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
LCMapStringW
GetCurrentDirectoryW
GetFullPathNameA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlPcToFileHeader
RaiseException
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
FlsAlloc
FlsFree
FlsGetValue
ReadFile
GetModuleFileNameW
ExitProcess
GetModuleHandleW
HeapSize
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
SetFilePointer
GetFileInformationByHandle
CreateThread
ExitThread
GetSystemTimeAsFileTime
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineA
FlsSetValue
GetCurrentThreadId
DecodePointer
EncodePointer
QueryPerformanceCounter
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetProcAddress
FreeLibrary
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
WaitForSingleObject
SleepEx
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetLastError
GetFileAttributesA
LocalAlloc
CreateFileA
GetLastError
GetLocaleInfoW
GetCurrentProcessId

user32

RedrawWindow
FillRect
MessageBoxA
SendMessageA
PostMessageA
IsWindowVisible
EnableWindow
GetSysColor

gdi32

GetStockObject
Ellipse
CreateSolidBrush

shell32

SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHBrowseForFolderA
ShellExecuteA

shlwapi

PathIsRootA

oleaut32

LoadRegTypeLi

advapi32

CryptImportKey
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptEncrypt
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam

ws2_32

ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
gethostname

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68bbefe8de35620476490bde011460b4

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

kernel32

user32

gdi32

shell32

shlwapi

oleaut32

advapi32

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 499KB - Virtual size: 499KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 16KB - Virtual size: 31KB

.pdata Size: 31KB - Virtual size: 30KB

text Size: 4KB - Virtual size: 3KB

data Size: 16KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 499KB - Virtual size: 499KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 16KB - Virtual size: 31KB

.pdata
Size: 31KB - Virtual size: 30KB

text
Size: 4KB - Virtual size: 3KB

data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 16KB - Virtual size: 15KB