7cdd9a971ee60812d46e9abc4966db60

Sharing

Copy URL

Twitter E-mail

General

Target

7cdd9a971ee60812d46e9abc4966db60
Size

55KB
MD5

7cdd9a971ee60812d46e9abc4966db60
SHA1

772bd68e3af9db6a45fcc07d9f3e1ea3d199c470
SHA256

865cbe33eba0920c2e65b36ae89ac12d6df1234eb6d6d76db965ae7695fb0f69
SHA512

3b12740e5c6fe4e4f51ce9fdf4cceab0464dfffe02d305277e8fe50611eb4737b1e65336f855cbd47b7c6bc9f964426abcbcf33b709bfcf554101e178d72235a
SSDEEP

768:szDuL3ybZwClTGidSoJl9wHbCUGTVpT19kMhG/saZvtCPkCIV9oVl6M:ss3IUPob9wHWZxpT19+/LVxCeoVl6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7cdd9a971ee60812d46e9abc4966db60

Files

7cdd9a971ee60812d46e9abc4966db60
.dll regsvr32 windows:4 windows x86 arch:x86

d7e2162d2eb564ef5089495f562b24cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
CreateThread
DisableThreadLibraryCalls
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
GetShortPathNameA
WideCharToMultiByte
FreeLibrary
GetModuleFileNameA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
CloseHandle
GetCurrentProcess
FindClose
FindFirstFileA
lstrcmpiA
GetTempPathA
GetTempFileNameA
DeleteFileA
ExitProcess
CopyFileA
Sleep
lstrcpyA
GetSystemDirectoryA
lstrlenA
lstrcatA
FindResourceA
SizeofResource
LoadResource
GetLastError
LockResource
GetStringTypeW
GetStringTypeA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WriteFile
SetFilePointer
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr

user32

CharNextA
wsprintfA

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi

wininet

InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DownSoftGo

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7e2162d2eb564ef5089495f562b24cf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB