8cf113c5bea3bb0d366ad8e4e6c9c810

Sharing

Copy URL Twitter E-mail

General

Target

8cf113c5bea3bb0d366ad8e4e6c9c810
Size

224KB
MD5

8cf113c5bea3bb0d366ad8e4e6c9c810
SHA1

63b70d8d1daa6e630d08e737ecda816ae517322a
SHA256

5c649d4a0b536f6dfe20fe45d4db441c38541228b82f0cf717148ce62969f76a
SHA512

cee198f40b260bcddd53c30d31cc9ca319e23467d6325f5f0982574afb98c8f2a5384da47aa516923e05256f9e265f63e58880db5a8113763e74c552137b8d62
SSDEEP

3072:lT/C25dcOp4alzK+YdG/G1ysb2zoEZ1wKKeHnplcn2SJ:lr53p4ala/1ysb2zZZpHnI3J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cf113c5bea3bb0d366ad8e4e6c9c810

Files

8cf113c5bea3bb0d366ad8e4e6c9c810
.dll regsvr32 windows:4 windows x86 arch:x86

0f2d76dccafcdaa87eb8828fc1d92802

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrA

kernel32

lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
InterlockedDecrement
lstrcmpA
FlushFileBuffers
UnmapViewOfFile
WideCharToMultiByte
MapViewOfFile
CreateFileMappingA
GlobalAlloc
GetTickCount
GetLastError
LocalFree
GetLocaleInfoA
GetStringTypeW
GlobalFree
VirtualProtect
MultiByteToWideChar
GetCommandLineA
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
RtlUnwind
GetSystemInfo
HeapFree
HeapAlloc
ExitProcess
RaiseException
HeapReAlloc
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
InterlockedExchange
VirtualQuery
SetUnhandledExceptionFilter

user32

wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

oleaut32

SysAllocString
VariantClear
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f2d76dccafcdaa87eb8828fc1d92802

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 41KB

.rsrc Size: 4KB - Virtual size: 916B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 41KB

.rsrc
Size: 4KB - Virtual size: 916B

.reloc
Size: 8KB - Virtual size: 5KB