3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b

Sharing

Copy URL

Twitter E-mail

General

Target

3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b
Size

1.0MB
MD5

cc7916cc4d2a8043adccba82401dd169
SHA1

374273f6ed840f87f85ad915f612770af82dabf7
SHA256

3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b
SHA512

9cbc2297ec2a31b02c22aa1aa98a8ea1bf00829aef4b12d4049ae4ba82974341e8683a0e655dca45d9ddac7fae9de267a68fc336108e9fcf57ede49705097041
SSDEEP

6144:TAbQT+rY8tt9mJ3MNYtPB/zoquSJCpeOlORV8:TAW41/G7B/zPuSa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b

Files

3729397f7b50956f55dceb9f32f09ba966067c866c843d7eb87a6a5f36ec949b
.dll regsvr32 windows:5 windows x64 arch:x64

174d689e903e836dfbefa5be3214247c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

timeGetDevCaps
timeGetTime
timeBeginPeriod
timeEndPeriod

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crt_debugger_hook
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
_lock_file
_unlock_file
fflush
setvbuf
memcpy_s
fwrite
fgetpos
_fseeki64
fsetpos
free
_initterm_e
_initterm
_malloc_crt
memcmp
_wtoi
_purecall
_vsnwprintf
??_U@YAPEAX_K@Z
sprintf_s
fclose
atoi
fputc
fgetc
ungetc
memmove
malloc
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??2@YAPEAX_K@Z
??0exception@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??3@YAXPEAX@Z
memcpy
??1bad_cast@std@@UEAA@XZ
memset
__CxxFrameHandler3
??0bad_cast@std@@QEAA@PEBD@Z
_CxxThrowException

kernel32

GetTickCount
SetThreadPriority
GetCurrentThreadId
GetProcAddress
CreateEventW
ResetEvent
WaitForSingleObject
SetEvent
lstrlenW
CreateThread
GetVersionExW
Sleep
OpenFileMappingW
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
ReleaseSemaphore
GetCurrentProcess
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
MultiByteToWideChar
lstrlenA
GetLastError
FreeLibrary

user32

LoadBitmapW
SetRectEmpty

gdi32

DeleteObject

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegSetValueW
RegCreateKeyW

shell32

SHGetFolderPathA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize

gdiplus

GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipImageRotateFlip
GdipDisposeImage
GdipAlloc
GdipFree
GdipDeleteGraphics

msvcp100

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
?_Incref@facet@locale@std@@QEAAXXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?_BADOFF@std@@3_JB
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Decref@facet@locale@std@@QEAAPEAV123@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

174d689e903e836dfbefa5be3214247c

Headers

DLL Characteristics

File Characteristics

Imports

winmm

msvcr100

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

msvcp100

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 157KB

IPPCODE Size: 2KB - Virtual size: 2KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 855KB - Virtual size: 854KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 158KB - Virtual size: 157KB

IPPCODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 855KB - Virtual size: 854KB

.reloc
Size: 4KB - Virtual size: 3KB