DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVer
Install
Static task
static1
Behavioral task
behavioral1
Sample
55009c71cf8f6c4daf4a6c9800939c7d.dll
Resource
win7-20231215-en
Target
55009c71cf8f6c4daf4a6c9800939c7d
Size
60KB
MD5
55009c71cf8f6c4daf4a6c9800939c7d
SHA1
39e2b8e0878db7b4ad38f8beb6630f3ed26f49c0
SHA256
14289c7d6a0d984dc96bcbfa3857fce101faf38a0792ce1d007ca856bc73ab28
SHA512
147519a8c00e9770352adac13ed458e038b854899dc8363601e83a1f51aeddb1c27cd157a5fdaadab1401f208fd5b9ddd14785bad4c0facb324d946b417e9395
SSDEEP
768:OGUgfIx3CIaw4nZ8H9a5LCiZOYl3xWz0mLW9fCl3AK9OENHBG7c3AO2T:vfILaw2j2yC0mUfI7JNHYcH2T
Checks for missing Authenticode signature.
resource |
---|
55009c71cf8f6c4daf4a6c9800939c7d |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
lstrlenA
SizeofResource
LoadResource
InitializeCriticalSection
GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
HeapDestroy
LoadLibraryW
lstrcpyW
lstrcatW
DeleteFileA
WinExec
GetBinaryTypeA
GetTickCount
GetTempPathA
WideCharToMultiByte
GetLocalTime
DisableThreadLibraryCalls
GetModuleHandleA
GetModuleFileNameA
Sleep
CreateThread
OpenProcess
VirtualProtectEx
WriteProcessMemory
GetProcAddress
GetCurrentProcess
FindResourceW
CloseHandle
GetMessageW
UnhookWindowsHookEx
CharLowerA
SetWindowsHookExW
CharNextW
CallNextHookEx
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW
ShellExecuteA
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
SysFreeString
VariantClear
VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
socket
htons
connect
recv
gethostbyname
inet_addr
closesocket
WSAStartup
send
_stricmp
_adjust_fdiv
_initterm
wcscmp
calloc
wcslen
swprintf
_access
rename
fwrite
fclose
strncmp
strchr
memcmp
realloc
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
atoi
strcat
strcmp
_splitpath
fopen
fgets
strstr
sprintf
strlen
strcpy
memset
memcpy
Netbios
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVer
Install
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ