7be6da9262a0358c3fcb92ba7b756113

Sharing

Copy URL Twitter E-mail

General

Target

7be6da9262a0358c3fcb92ba7b756113
Size

164KB
MD5

7be6da9262a0358c3fcb92ba7b756113
SHA1

5bb6be081e0bc7936e24bd20f7228ef9c97a07bf
SHA256

75f9dda49123105342d3495c7d157c7de152cfb9f67b24089e627980285af107
SHA512

ca739e28a2dc7d137d13c0948301499c279f6e6e4808d62140888ec6d2cbba05518b0fee92acebd4ff8666aaac377633e45624d6f564cdd4235dc43c5cfba552
SSDEEP

3072:1Sj4g59acSH+hP+4sk6cHAdUlkzrohf1/:/H+57gdUl4SN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7be6da9262a0358c3fcb92ba7b756113

Files

7be6da9262a0358c3fcb92ba7b756113
.dll regsvr32 windows:4 windows x86 arch:x86

69bf59176da7dd8e38b5984c8fbb3beb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

kernel32

IsDBCSLeadByte
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrcatA
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
DisableThreadLibraryCalls
InitializeCriticalSection
Sleep
GetTickCount
RemoveDirectoryA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
SetLastError
FindFirstFileA
FindNextFileA
FindClose
lstrcmpA
GetCurrentThreadId
WinExec
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
DeleteFileA
GlobalAlloc
GetModuleFileNameA
FlushFileBuffers
CreateDirectoryA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetDriveTypeA
UnhandledExceptionFilter
HeapSize
TerminateProcess
TlsGetValue
TlsFree
TlsAlloc
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
ExitProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
RaiseException
GetVersion
GetCommandLineA
SetStdHandle
GetFullPathNameA
LocalFree
SetCurrentDirectoryA
WideCharToMultiByte
FreeLibrary
GetCurrentDirectoryA
SetEnvironmentVariableA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
ExitThread
TlsSetValue
CreateThread
ResumeThread
RtlUnwind
HeapReAlloc
HeapFree
InterlockedExchange
SetEndOfFile
ReadFile
SetFilePointer
HeapAlloc

user32

SetWindowTextA
GetWindow
InvalidateRgn
GetDesktopWindow
CreateAcceleratorTableA
GetWindowTextA
CharNextA
SetWindowLongA
DefWindowProcA
GetWindowLongA
CallWindowProcA
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
CreateWindowExA
GetDlgItem
SendMessageA
DestroyWindow
FillRect
InvalidateRect
SetCapture
ReleaseCapture
DestroyAcceleratorTable
GetWindowTextLengthA
ReleaseDC
GetParent
GetClassNameA
RedrawWindow
IsWindow
SetWindowPos
BeginPaint
GetClientRect
GetSysColor
EndPaint
GetDC
LoadStringA
GetFocus
IsChild
SetFocus
DispatchMessageA
CharLowerA
ShowWindow
PeekMessageA
FindWindowExA

gdi32

CreateSolidBrush
GetDeviceCaps
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetObjectA
GetStockObject

advapi32

RegDeleteValueA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

OleInitialize
OleLockRunning
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
DispCallFunc
VariantInit
SysAllocStringLen
SysAllocStringByteLen
OleCreateFontIndirect
SysFreeString
VarUI4FromStr

setupapi

SetupIterateCabinetA

shlwapi

StrTrimA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69bf59176da7dd8e38b5984c8fbb3beb

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 23KB

.SHARED Size: 4KB - Virtual size: 1B

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 23KB

.SHARED
Size: 4KB - Virtual size: 1B

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 9KB