7ded5dd62613663a4146ec4974a3176b

Sharing

Copy URL

Twitter E-mail

General

Target

7ded5dd62613663a4146ec4974a3176b
Size

92KB
MD5

7ded5dd62613663a4146ec4974a3176b
SHA1

ecc9a432ae6f7dea8790401aea2f14d05f799f58
SHA256

8f31a8d28d613e52ae44d6abbf6132655a054532ff219905b85087359f2cab10
SHA512

12ba17a78b239fe2cf00c280d316fd1f7c00fc0a4091d0012a679ff106c209716942139f50f85e9bd71f6bff14f586add59c020f3b6c888731088a2cb7de6709
SSDEEP

1536:N8AEKBi9GdfYAG+ICS4AHhoY/F2cLaRZ:+AEudfYAGFFhh8RZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ded5dd62613663a4146ec4974a3176b

Files

7ded5dd62613663a4146ec4974a3176b
.dll regsvr32 windows:4 windows x86 arch:x86

fb0b1986e9306462bd7be04bbaad96fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
VirtualAllocEx
OpenProcess
LoadLibraryA
GetCurrentProcessId
GetLocalTime
MoveFileExA
WaitForSingleObject
WriteProcessMemory
DeleteFileA
GetSystemDirectoryA
SleepEx
GetModuleFileNameA
CreateFileA
CreateRemoteThread
LocalFree
CloseHandle
FreeLibrary
GetTickCount
QueryPerformanceCounter
CreateProcessA
QueryPerformanceFrequency

user32

EnumChildWindows
DefWindowProcA
SetTimer
KillTimer
wsprintfA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
SetWindowPos
GetClassNameA
GetWindowThreadProcessId
DispatchMessageA
EnumWindows
SystemParametersInfoA

advapi32

SetEntriesInAclA
GetSecurityInfo
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityInfo

shell32

StrStrIA

ole32

CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

VariantInit
GetErrorInfo
SysAllocString

shlwapi

SHSetValueA
SHGetValueA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
HttpQueryInfoA
InternetCloseHandle
InternetSetOptionA

netapi32

Netbios

rpcrt4

UuidToStringA

msvcrt

strtok
__CxxFrameHandler
toupper
free
__dllonexit
_onexit
_initterm
_adjust_fdiv
_CxxThrowException
strstr
mbstowcs
strchr
strtol
atoi
tmpnam
fopen
fwrite
fclose
??3@YAXPAX@Z
strncpy
ispunct
__mb_cur_max
malloc
wctomb
??1type_info@@UAE@XZ
isxdigit
isalpha
isupper
islower
strerror
printf
isgraph
??2@YAPAXI@Z
tolower
isspace
isalnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb0b1986e9306462bd7be04bbaad96fd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

wininet

netapi32

rpcrt4

msvcrt

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 2KB