85c81513132f432079a57e49a208bdab

General

Target

85c81513132f432079a57e49a208bdab
Size

249KB
MD5

85c81513132f432079a57e49a208bdab
SHA1

d49ac477a1a301517d17be7534160738da029fb9
SHA256

9f8ef494256ef96abb97c88b16bbfe9fc39ea5f1088b6041e555859318d00515
SHA512

d48e2eec62f7416b0fca7245c63b9fcaedc799877b476266d3a1820c0a2fd8cb637e31b2cbebdf0422170e3af98ef78d2f3bf0829b844fe85b334f4ba11f15a9
SSDEEP

6144:hpM/5vYJdaWuqMATAeJEO7dITzL23IAcXkJp99P:hpM/NYJdzjVdMwXfp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85c81513132f432079a57e49a208bdab

Files

85c81513132f432079a57e49a208bdab
.dll regsvr32 windows:5 windows x86 arch:x86

db5e0345401947c99c6eaca45ab11831

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
GetLastError
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
RtlUnwind
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

user32

MessageBoxA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db5e0345401947c99c6eaca45ab11831

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 136KB - Virtual size: 138KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 136KB - Virtual size: 138KB

.reloc
Size: 5KB - Virtual size: 4KB