71621c08c4f31e41f95b411c98eb732a

Sharing

Copy URL Twitter E-mail

General

Target

71621c08c4f31e41f95b411c98eb732a
Size

160KB
MD5

71621c08c4f31e41f95b411c98eb732a
SHA1

24ef726998e8c234905eb6372d1225af35f81f34
SHA256

a95ceec9b2e2ae0431fc2658d06872dd590c98a8094f72a8e570eb8ef9611cb7
SHA512

796923cb46b535f687a0d3870626b8d6ce83cfb3a8bca05644ec29da06e7e6803bc21c3fd742e84224ee35ad85a2b22535da717e92b629ea6d108f4bd2e4ece1
SSDEEP

1536:Y2lzrrbGfSe4sOxdIVxRJ6TJDWubbkK2wHR9RRICS4AS5YV7R2cZoRGqcaLaUCMy:BzrrifSI97jAbP0AgR24owqc9UC8a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71621c08c4f31e41f95b411c98eb732a

Files

71621c08c4f31e41f95b411c98eb732a
.dll regsvr32 windows:4 windows x86 arch:x86

a99a960c2da8f25052d84712a576fe09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
SystemParametersInfoA
SetWindowPos
GetClassNameA
GetWindowThreadProcessId
SetTimer
KillTimer
DispatchMessageA
EnumWindows
EnumChildWindows
DefWindowProcA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage

kernel32

RaiseException
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
MoveFileExA
CloseHandle
WaitForSingleObject
CreateProcessA
LocalFree
GetProcAddress
LoadLibraryA
DeleteFileA
GetSystemDirectoryA
GetLocalTime
SleepEx
GetModuleFileNameA
OpenProcess
GetCurrentProcessId
GetTickCount
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CreateFileA
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
FreeLibrary
WideCharToMultiByte
GetStringTypeW
IsBadWritePtr
VirtualAlloc
VirtualFree
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetEndOfFile
SetFilePointer
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
HeapCreate
HeapDestroy
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetLastError
MultiByteToWideChar
GetVersionExA
RtlUnwind
HeapFree
HeapReAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetFileAttributesA
GetFileType
GetModuleHandleA
GetEnvironmentVariableA
SetHandleCount

advapi32

CryptGenRandom
CryptReleaseContext
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA

shell32

StrStrIA

ole32

CoInitialize
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
SysAllocString
GetErrorInfo

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

rpcrt4

UuidToStringA

shlwapi

SHGetValueA
SHSetValueA

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a99a960c2da8f25052d84712a576fe09

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

psapi

wininet

rpcrt4

shlwapi

netapi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 24KB - Virtual size: 31KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 24KB - Virtual size: 31KB

.reloc
Size: 8KB - Virtual size: 5KB