88e281239bfda9665254c21c6c0fa561

Sharing

Copy URL Twitter E-mail

General

Target

88e281239bfda9665254c21c6c0fa561
Size

72KB
MD5

88e281239bfda9665254c21c6c0fa561
SHA1

28227aa4dda93c943b8e30b76f039810d0577e3b
SHA256

071be50384c8ad9ed741aab4bea49c9437d2308ca74092be7acac8fabe4ff3b7
SHA512

3e88f0558b5af00785fea8e175c363c213b12eeaacbbed84f46c67fcbf1116799b543239744052224e2a862620b80d615404096c8c3a880a9c8a3610c9378f0b
SSDEEP

1536:ueTKpLajammpYXt0HUw8q+diM82034/06LCUHx6e9:3ALasYXMKqQT82zLC8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88e281239bfda9665254c21c6c0fa561

Files

88e281239bfda9665254c21c6c0fa561
.dll regsvr32 windows:4 windows x86 arch:x86

b897ee6e22411aaa3299f066d1b94629

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetExitCodeProcess
CloseHandle
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
ExitProcess
Sleep
RemoveDirectoryA
lstrlenA
GetCommandLineW
CreateDirectoryA
GetProcAddress
MoveFileA
Process32Next
Process32First
CreateThread
GetCurrentProcessId
WritePrivateProfileStringA
MultiByteToWideChar
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFree
lstrlenW
WideCharToMultiByte
FindFirstFileA
GetPrivateProfileStringA
SetFileAttributesA
FindNextFileA
DeleteFileA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

memcmp
_strlwr
_strupr
_adjust_fdiv
malloc
_initterm
free
atoi
strcmp
strncmp
strchr
strncpy
fopen
fseek
ftell
fread
strstr
memset
strrchr
sprintf
strcat
strlen
??3@YAXPAX@Z
memcpy
_purecall
??2@YAPAXI@Z
_stricmp
strcpy
_access
wcsstr
_wcslwr
fclose

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ndata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b897ee6e22411aaa3299f066d1b94629

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

cdata Size: 4KB - Virtual size: 4B

ndata Size: 4KB - Virtual size: 4B

mdata Size: 4KB - Virtual size: 4B

bdata Size: 4KB - Virtual size: 4B

idata Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

cdata
Size: 4KB - Virtual size: 4B

ndata
Size: 4KB - Virtual size: 4B

mdata
Size: 4KB - Virtual size: 4B

bdata
Size: 4KB - Virtual size: 4B

idata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB