64abf33869c12db4a42e342c8ebc75b3

Sharing

Copy URL

Twitter E-mail

General

Target

64abf33869c12db4a42e342c8ebc75b3
Size

146KB
MD5

64abf33869c12db4a42e342c8ebc75b3
SHA1

c7fd417739880d7fe00e22ea87036507d72b84a7
SHA256

60c5f0b1a25c701fd195e278afa0efd2ab775dc8db0e6937a9b69f5ff5bbf02d
SHA512

51d4e343585ca21cadac899304bd00c8f327651e120657ea3265bd7f485792384837bfcdbebde6bb4daa803b50be20e7dea3dd7d2cf50195e1b7671135dc85cf
SSDEEP

3072:xjD/jK+Ux8n5pJgwocO03ffG5vKr+VG4BX9I7vgEtit:pDrK+W6pJbyaffcK6V/B9I7I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64abf33869c12db4a42e342c8ebc75b3

Files

64abf33869c12db4a42e342c8ebc75b3
.dll regsvr32 windows:4 windows x86 arch:x86

9d97cffef9936dcbcb75b8efdcee3407

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
InterlockedExchange
Sleep
lstrlenA
lstrlenW
CreateThread
lstrcpyW
GetLocalTime
lstrcmpiW
DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo
GetVersionExW
HeapCreate
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
GetShortPathNameW
GetModuleHandleW
EnterCriticalSection
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
MultiByteToWideChar
lstrcpynW
HeapDestroy
GetProcAddress
LoadLibraryW
MoveFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
WideCharToMultiByte
GetVolumeInformationW
DebugBreak
HeapReAlloc
HeapFree
GetStringTypeA
GetStringTypeW
RtlUnwind
WriteFile
lstrcatW
GetFileTime
SetFileTime
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameW
DeleteTimerQueue
CreateTimerQueue
FreeLibrary
CreateTimerQueueTimer

urlmon

CoInternetGetSession

wininet

InternetOpenW
HttpEndRequestW
InternetConnectW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
InternetWriteFile
InternetReadFile

user32

CharNextW
CharLowerW
CharUpperW
wsprintfW
ExitWindowsEx

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW

ole32

CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
DispCallFunc
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
VariantInit

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d97cffef9936dcbcb75b8efdcee3407

Headers

File Characteristics

Imports

kernel32

urlmon

wininet

user32

advapi32

ole32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB