64e88599e13b2b69a9e498a1dbbf0c10

Sharing

Copy URL Twitter E-mail

General

Target

64e88599e13b2b69a9e498a1dbbf0c10
Size

64KB
MD5

64e88599e13b2b69a9e498a1dbbf0c10
SHA1

dfda935191ae6ad8175480737247a16e9b306468
SHA256

ccfd905109ab95587790e5f860a558465138103aaed723a6dc95235a770292bc
SHA512

17a8172ce8c5329e97aea5e07adc18ae408050e509e98a267c3e303a73a451bbd1d67034ea4b78a6a0c1199e842fb6b64c30481f2b0c09417d58cab3b91dedbb
SSDEEP

768:iCZiOKmp8ZjQGJTIxq3nZN9nuWknfyD4I6xLWHeNhF+GQF9sQmJl69vF:SOVp8ZjpoqXgWT6xHN6G0jmPw9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64e88599e13b2b69a9e498a1dbbf0c10

Files

64e88599e13b2b69a9e498a1dbbf0c10
.dll regsvr32 windows:4 windows x86 arch:x86

4a0af7dc700dac59cc1187e16d0540cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LeaveCriticalSection
LoadLibraryExW
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcpyW
lstrcatW
DeleteFileA
WinExec
GetBinaryTypeA
GetTickCount
GetTempPathA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
DisableThreadLibraryCalls
GetCurrentThreadId
lstrlenA
LoadLibraryW
GetProcAddress
WideCharToMultiByte
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
CreateThread
Sleep
GetCurrentProcess
GetLastError
CloseHandle

user32

SetWindowsHookExW
CallNextHookEx
FindWindowA
CharNextW
GetMessageW
PostThreadMessageW
SetForegroundWindow
UnhookWindowsHookEx
FindWindowExA
SendMessageW
FindWindowExW
GetClassNameA
SendMessageA
PostMessageW
CharLowerA

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegQueryValueExW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
AdjustTokenPrivileges

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysStringLen
LoadTypeLi
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
SysFreeString
RegisterTypeLi

oleacc

GetRoleTextA
AccessibleObjectFromWindow
WindowFromAccessibleObject
GetStateTextA

msvcrt

free
realloc
memcmp
strchr
strncmp
fclose
fwrite
rename
_access
wcslen
wcscmp
_initterm
_adjust_fdiv
_stricmp
malloc
calloc
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
atoi
strcat
swprintf
getchar
wprintf
strcmp
_splitpath
fopen
fgets
strstr
strcpy
memcpy
sprintf
strlen
memset

ws2_32

connect
htons
closesocket
socket
recv
gethostbyname
WSAStartup
inet_addr
send

netapi32

Netbios

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVer
Install

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WOWCLin
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a0af7dc700dac59cc1187e16d0540cf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

oleacc

msvcrt

ws2_32

netapi32

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 13KB

WOWCLin Size: 4KB - Virtual size: 6B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 13KB

WOWCLin
Size: 4KB - Virtual size: 6B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB