806d14bf1d2836b244a9dc680419dea2

Sharing

Copy URL

Twitter E-mail

General

Target

806d14bf1d2836b244a9dc680419dea2
Size

52KB
MD5

806d14bf1d2836b244a9dc680419dea2
SHA1

35074e4edffd51963bbbe189f462ddbe1d939e7c
SHA256

5bb9b1d8db11df831323a1cbc4b8e0aac7d62f22e395dd174726bd4468425e37
SHA512

ff81f0e6cd18d5ef82449e5d5054915ab8a95246b8d2ce129b0baa3aac0c8e4612e17fecbb91dca4ddd1eb9e65396b0c6c448f252884fa8407fb072d367c0c8f
SSDEEP

1536:oG7iUd/wW9apYef5zn9J/hQJltb/sr+sd1Rn4i:37iGclt/e/61Rx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
806d14bf1d2836b244a9dc680419dea2

Files

806d14bf1d2836b244a9dc680419dea2
.dll regsvr32 windows:4 windows x86 arch:x86

36d5badcacbbf403c7aed15902aef553

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
CloseHandle
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
CreateDirectoryA
GetProcAddress
LoadLibraryA
FreeLibrary
FindNextFileA
DeleteFileA
GetPrivateProfileStringA
FindFirstFileA
CreateThread
WideCharToMultiByte
Sleep
Process32Next
Process32First
GetCommandLineW
ExitProcess
WritePrivateProfileStringA
RemoveDirectoryA
GetCurrentProcessId
SetFileAttributesA
LocalFree
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
MoveFileA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

strrchr
_strupr
_stricmp
_adjust_fdiv
malloc
_initterm
free
strcmp
fopen
fseek
ftell
fread
fclose
atoi
_wcslwr
wcsstr
sprintf
memcpy
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
memset
_access
strcat
strstr
_strlwr
strlen
strcpy
strncpy
strchr
strncmp

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36d5badcacbbf403c7aed15902aef553

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB