77201b435d1d4563b37eb4739d6461b3

Sharing

Copy URL Twitter E-mail

General

Target

77201b435d1d4563b37eb4739d6461b3
Size

32KB
MD5

77201b435d1d4563b37eb4739d6461b3
SHA1

766814f4877f5b4b8d26a1572a259c19e6a0621f
SHA256

4ca9395bb7189c130277d8d834c2f6ae52c2138c302de3d6f8f9071620d19f1c
SHA512

399366c499c4c8a58a9bb94fd82340f2cff6c7130b7278169b7912081692099e88aaadf453d7ff063c407e464b6b4b89ea728671a68b3fe250aaa49e4c78621a
SSDEEP

384:8yuZVy14voTb7olE3duBBQARQkBWPhUxYMxYWTzPH8q:ZGvkb7olYQBBQARQk4uxpxYSzPc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77201b435d1d4563b37eb4739d6461b3

Files

77201b435d1d4563b37eb4739d6461b3
.dll regsvr32 windows:4 windows x86 arch:x86

21872357a3dc0841c9a2933ec2121b99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
lstrlenA
GetCurrentDirectoryA
ExitProcess
DeleteCriticalSection
ReadProcessMemory
OpenProcess
GetCurrentProcessId
GlobalLock
GlobalAlloc
GetModuleHandleA
IsBadStringPtrA
lstrcatA
LoadLibraryA
VirtualProtect
DisableThreadLibraryCalls
GetCurrentProcess
TerminateProcess
CreateEventA
CreateThread
OpenEventA
SetEvent
WinExec
CloseHandle
Sleep
GetModuleFileNameA
IsBadReadPtr

user32

SetTimer
GetForegroundWindow
wsprintfA
GetWindowTextA
KillTimer
CallNextHookEx
SetWindowsHookExA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi

atl

ord21
ord16
ord15
ord18
ord57
ord58
ord30
ord32
ord23

msvcrt

fputs
_strcmpi
_adjust_fdiv
malloc
_initterm
free
isprint
strstr
exit
strrchr
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
fread
fclose
_strlwr
fopen

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21872357a3dc0841c9a2933ec2121b99

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

atl

msvcrt

wininet

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB