8bd9c66bd493f80eb62ad34a704f6eb2

Sharing

Copy URL Twitter E-mail

General

Target

8bd9c66bd493f80eb62ad34a704f6eb2
Size

52KB
MD5

8bd9c66bd493f80eb62ad34a704f6eb2
SHA1

4be6b6327ad948c4bc54fa17988ef6bbffd34fee
SHA256

cff3094ef722daeefcc1154224f5e17bf27812a41790b225012f4d579a8db163
SHA512

4fa1ee214abbc67e63cdc2c1c7ab2f6b29e5466f26cbd050c31f6efb79f865fdd2aec60afd8a571aef5240ff1c602c5857659481ef74f8006e72bafbb98075ad
SSDEEP

768:wPsgXX0RmPzG4qKALCGCmLBQQXmGgDfzU:wPsgXX0ALG4qKAL2mlWTDf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bd9c66bd493f80eb62ad34a704f6eb2

Files

8bd9c66bd493f80eb62ad34a704f6eb2
.dll regsvr32 windows:4 windows x86 arch:x86

b150bfc2f16f05041734c49b7fa98873

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadLocale
GetVersionExA
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrcmpA
lstrlenW
GetProcAddress
LoadLibraryA
GetLocaleInfoA
FreeLibrary
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetACP
InterlockedExchange
lstrlenA
lstrcmpiA
Sleep
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineA
ExitProcess
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetOEMCP
GetCPInfo

user32

GetPropA
EnumThreadWindows
EnumChildWindows
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SetPropA
GetClassNameA
GetParent

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

ole32

StringFromGUID2

Exports

Exports

CallWndProcHookFunc
DllRegisterServer
DllUnregisterServer
RemoveHook
SetHook

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b150bfc2f16f05041734c49b7fa98873

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.shared Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 856B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.shared
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 856B

.reloc
Size: 4KB - Virtual size: 3KB