5688c4f7c9a4c3138cab6be69ece608a

Sharing

Copy URL

Twitter E-mail

General

Target

5688c4f7c9a4c3138cab6be69ece608a
Size

40KB
MD5

5688c4f7c9a4c3138cab6be69ece608a
SHA1

2f510d96e97f5ad8d5d77c410f93bc89e88f63b8
SHA256

4f4ccaad19a483897c286918e585642930f86fde6793dc36cc17f91a85dc32f6
SHA512

59c488730aa1f81cf8eb2068005d0c48289375f3bc09d01e2df5c08b61b3f221df6a64ca2250e0df4371459cbdefbfe5197f68477948440f492fdeb02e09a2f3
SSDEEP

384:GOUUusYjpbAn2PO+kC29DZaD5p2BI8C6MyyuFLzQt46lbMqlo95LToJfkL5w36:GtjMn2l29DZaDqBi6MaHsplo9Rc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5688c4f7c9a4c3138cab6be69ece608a

Files

5688c4f7c9a4c3138cab6be69ece608a
.dll regsvr32 windows:4 windows x86 arch:x86

a3002f536e174ae1bb27f6b4abbf7880

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
lstrlenA
GetShortPathNameA
GetModuleHandleA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
EnterCriticalSection
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
DebugBreak
HeapReAlloc
HeapFree
GetStringTypeW
RtlUnwind
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiA
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
LoadLibraryExA
GetModuleFileNameA
GetStringTypeA

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumValueA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantClear
VariantChangeType
VariantCopy
SysFreeString
SysAllocString
VarUI4FromStr
RegisterTypeLi

wininet

InternetCrackUrlA

ws2_32

WSAStartup
gethostbyname
WSACleanup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3002f536e174ae1bb27f6b4abbf7880

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

ws2_32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB