792c1807da037fe9b2fe452d273bd8bc

Sharing

Copy URL Twitter E-mail

General

Target

792c1807da037fe9b2fe452d273bd8bc
Size

376KB
MD5

792c1807da037fe9b2fe452d273bd8bc
SHA1

6aea113b7974543dd9753f2c774f8155f57f5b6b
SHA256

56e34ee7bdca4137f9832146d356b66468c8c49b7b706b255be9eea4ded65586
SHA512

747cb3b9ec94e78c918c00465582103f07667530472ed1c877856d580ebaf59c6246570c7a5ff7e0899bfb950efe16991fdfaf0c1360a09b506eba2278439265
SSDEEP

6144:GJ37QngPChX/8r2e2xXGBy8B0WUkNEbE94ErY/MVqGufINswegE65NhT:GXPChK2GBy8ByRMVVufINsSx3V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
792c1807da037fe9b2fe452d273bd8bc

Files

792c1807da037fe9b2fe452d273bd8bc
.dll regsvr32 windows:4 windows x86 arch:x86

e27c3ca18c68c38070191567439b50a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc71

ord2248
ord1049
ord1917
ord308
ord2436
ord1123
ord2271
ord3635
ord3609
ord3428
ord2250
ord2253
ord2252
ord6180
ord6174
ord908
ord4081
ord3830
ord1230
ord5529
ord757
ord566
ord3333
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord764
ord581
ord1167
ord1092
ord1209
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord1084
ord3683
ord265
ord266
ord4035
ord784
ord2468
ord3997
ord6173
ord4108
ord4085
ord911
ord555
ord2272
ord5563
ord4109
ord314
ord5490
ord590
ord331
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2714
ord4307
ord2835
ord2731
ord2537
ord1486
ord6168
ord6178
ord6172
ord781
ord1482
ord6118
ord2933
ord299
ord2902
ord1489
ord384
ord5089
ord1439
ord629
ord3934
ord2451
ord1916
ord2322
ord907
ord297
ord876
ord304
ord1187
ord1191
ord310
ord578
ord2131
ord762
ord300

msvcr71

_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_flushall
_stat
_mbslen
_adjust_fdiv
vsprintf
wcscpy
_resetstkoflw
malloc
_except_handler3
memcmp
_atoi64
__CppXcptFilter
__security_error_handler
sprintf
fclose
fseek
fread
_mbstrlen
memset
_time64
memmove
_localtime64
_mbsnbcpy
atoi
_purecall
_splitpath
_mktime64
free
_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
fopen
realloc

kernel32

GetVersion
UnmapViewOfFile
CreateFileMappingA
GetLastError
OpenFileMappingA
MapViewOfFile
WideCharToMultiByte
lstrlenW
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
FindNextFileA
GetTickCount
FindFirstFileA
FindClose
GetSystemTime
SystemTimeToFileTime
OpenMutexA
GetExitCodeThread
TerminateThread
lstrcmpiA
MulDiv
FileTimeToLocalFileTime
FileTimeToSystemTime
RemoveDirectoryA
CreateMutexA
ReleaseMutex
ExitThread
GetFileAttributesA
DeleteFileA
GetLocalTime
Sleep
MultiByteToWideChar
ReleaseSemaphore
WaitForSingleObject
SetFileTime
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateSemaphoreA
CloseHandle
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CompareStringW
CompareStringA
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
LocalFileTimeToFileTime
GetDiskFreeSpaceA
GetProcAddress
FlushFileBuffers
CreateFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
LocalFree
LocalAlloc
RaiseException
CreateThread
ExitProcess

user32

RegisterClassA
CharLowerA
CharLowerW
ShowWindow
SetTimer
KillTimer
IsWindow
CharUpperA
UnregisterClassA
LoadIconA
LoadCursorA
DestroyWindow
DefWindowProcA
MessageBoxA
CreateWindowExA
RegisterWindowMessageA
PostMessageA
SystemParametersInfoA
CharUpperW

gdi32

GetStockObject

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

ole32

CoCreateInstance
CLSIDFromProgID
CoInitialize

oleaut32

SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
SysFreeString

atl71

ord49
ord23
ord61
ord32
ord58
ord31
ord66
ord65
ord64
ord30
ord15
ord22
ord18

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e27c3ca18c68c38070191567439b50a9

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

ole32

oleaut32

atl71

msvcp71

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 16KB - Virtual size: 15KB

.text Size: 180KB - Virtual size: 180KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 180KB - Virtual size: 180KB