5a30ed94f2ede84bcbeff96ba2d6e878

Sharing

Copy URL Twitter E-mail

General

Target

5a30ed94f2ede84bcbeff96ba2d6e878
Size

36KB
MD5

5a30ed94f2ede84bcbeff96ba2d6e878
SHA1

7151a4992fdcd8aac53d909681265b6d2ec2a9df
SHA256

c0b4d199546bd87d102afc50a5b89626510ee91a78b0bbc8b08cdcb51d56690c
SHA512

7d903cd6a8943d016ba7b7329d95f95ad6acbbf3c761ac3d8b44b712cbbdce7b621d40966fad3390be12c882f604be02db33ad17d0ccbd62558b8459df62adfe
SSDEEP

384:E/MsZDeGxS3BlTrnCCnLeUdsAvUmklTZvJCRG0Z27:E/MSf8RlfnfnyUOmkLvJOXk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a30ed94f2ede84bcbeff96ba2d6e878

Files

5a30ed94f2ede84bcbeff96ba2d6e878
.dll regsvr32 windows:4 windows x86 arch:x86

42b7e98e159df433f5df063901a7028e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
lstrcatA
lstrcpyA
lstrcmpiA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetWindowsDirectoryA
lstrcpynA
MoveFileExA
CopyFileA
GetTempFileNameA
GetVersionExA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
CloseHandle
CreateFileA
GetSystemDirectoryA
WriteFile
CreateDirectoryA
FindClose
FindFirstFileA
WaitForSingleObject
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileSize
Sleep
SetFileTime
FlushFileBuffers
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetCurrentProcessId
GetTickCount
ReadFile
GetTempPathA
lstrcmpA
GetLocalTime
InterlockedExchange
DisableThreadLibraryCalls

msvcrt

fclose
fgets
fseek
fopen
??3@YAXPAX@Z
_itoa
??2@YAPAXI@Z
sscanf
_snprintf
_except_handler3
__CxxFrameHandler
atol
free
_initterm
malloc
_adjust_fdiv

wininet

InternetCrackUrlA
InternetGetConnectedState

ws2_32

htons
connect
WSAGetLastError
select
recv
ioctlsocket
socket
closesocket
WSACleanup
WSAStartup
send
gethostbyname
__WSAFDIsSet

shlwapi

PathRemoveFileSpecA
StrStrA
StrRChrA
SHDeleteKeyA
SHDeleteValueA
PathAddBackslashA
PathRemoveBackslashA
PathFindFileNameA
PathRemoveExtensionA
StrStrIA

shell32

ShellExecuteA
SHGetFolderPathA

setupapi

SetupIterateCabinetA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42b7e98e159df433f5df063901a7028e

Headers

File Characteristics

Imports

kernel32

msvcrt

wininet

ws2_32

shlwapi

shell32

setupapi

version

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 192B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 192B

.reloc
Size: 4KB - Virtual size: 1KB