75eb56df3ff7c841aabb7d5048356bdf

Sharing

Copy URL Twitter E-mail

General

Target

75eb56df3ff7c841aabb7d5048356bdf
Size

52KB
MD5

75eb56df3ff7c841aabb7d5048356bdf
SHA1

7501a19b8d7605fff4fe282eefe5ffcca5332a51
SHA256

6b936bfe87e670148e67dd918fa2bbda32f5c694b13a36f7a3afdee480b5eec2
SHA512

0b3ad233bc66e64b8abc0fd68e361d62cff2801edf4de3cfadf46a69084c7eedd76f6f78641c3dfd78a5cb39146200117a2502a9a411e1db70a5a9c5ffaaa404
SSDEEP

1536:Iu8bmxVQD18DJ6kG1GgErLxkiSnkknWfLA:Iu8+VQD18Td6iSL6LA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75eb56df3ff7c841aabb7d5048356bdf

Files

75eb56df3ff7c841aabb7d5048356bdf
.dll regsvr32 windows:4 windows x86 arch:x86

14cb7dc6e7ec0e30b4e0abf1a0faf1ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
RemoveDirectoryA
LocalFree
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapDestroy
GetShortPathNameA
GetModuleHandleA
GetCommandLineW
GetExitCodeProcess
EnterCriticalSection
WaitForSingleObject
GetSystemDirectoryA
MoveFileA
SetFileAttributesA
GetCurrentProcessId
CreateThread
ExitProcess
Process32Next
Process32First
CreateDirectoryA
LeaveCriticalSection
FindFirstFileA
GetPrivateProfileStringA
FindNextFileA
DeleteFileA
WritePrivateProfileStringA
Sleep
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
LoadLibraryA
FreeLibrary
GetProcAddress
CloseHandle

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance

oleaut32

VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
SysFreeString

msvcrt

strcat
_strlwr
_stricmp
_adjust_fdiv
malloc
_initterm
free
_wcslwr
wcsstr
strcmp
atoi
strncmp
strchr
strncpy
strlen
_purecall
memcmp
??3@YAXPAX@Z
sprintf
fclose
fread
memset
??2@YAPAXI@Z
ftell
fseek
fopen
_strupr
strrchr
strstr
memcpy
strcpy
_access

shlwapi

SHSetValueA
SHDeleteKeyA
SHDeleteValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14cb7dc6e7ec0e30b4e0abf1a0faf1ad

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB