8f55d95f7dc768e2c0b9b27b2d4f6a34

Sharing

Copy URL

Twitter E-mail

General

Target

8f55d95f7dc768e2c0b9b27b2d4f6a34
Size

296KB
MD5

8f55d95f7dc768e2c0b9b27b2d4f6a34
SHA1

cc5ae79daa4219c648fb22c586ae1da847cd4a1b
SHA256

7c584a7e6210364aff31ca13a5592b8ab408c2074c2696821fc028882c5de0e2
SHA512

444e2d70131fab6d83d7df6849281d39f3b47619e2e87462fc5d5e2fde10a1138463ff5502a6fc9bf1898d27b6ac802ddee5a75d4deaaad744beaf1ee5951d20
SSDEEP

6144:MoUVAuuDR0hitxXmgdJMIf2TargB4snv:M+DRxtxXpIIf2TargS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f55d95f7dc768e2c0b9b27b2d4f6a34

Files

8f55d95f7dc768e2c0b9b27b2d4f6a34
.dll regsvr32 windows:5 windows x86 arch:x86

797044d58fc2c95c7914cbd922f670f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
InternetCrackUrlA
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
InternetGetConnectedState
HttpAddRequestHeadersA

shlwapi

StrStrA
StrNCatA
PathFileExistsA
StrRChrA
wvnsprintfA
StrCmpNIA
StrStrIA
StrToIntA
wnsprintfA

rpcrt4

UuidToStringA
UuidCreate

comctl32

InitCommonControlsEx

kernel32

GetProcessHeap
lstrcmpiA
TlsFree
TlsAlloc
GetModuleFileNameA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetVersionExA
GetTempPathA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetLastError
lstrlenA
WinExec
IsDBCSLeadByte
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleW
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExA
HeapFree
CloseHandle
WriteFile
CreateFileA
TerminateThread
GetTickCount
TlsSetValue
TlsGetValue
ReleaseMutex
SleepEx
lstrcpyA
WaitForSingleObject
CreateMutexA
Sleep
CreateThread
HeapReAlloc
ResetEvent
CreateEventA
GetOEMCP
OpenEventA
HeapAlloc
VirtualAlloc
VirtualProtect
LoadLibraryA
VirtualFree
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalFree
GlobalAlloc
GetCurrentProcessId
GetExitCodeProcess
CreateProcessA
DeleteFileA
LocalFree
ExitProcess
SetLastError
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
RtlUnwind
HeapSize
HeapDestroy
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetEnvironmentStringsW
IsValidCodePage
HeapCreate
GetStdHandle
InterlockedDecrement
InterlockedIncrement
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FlushInstructionCache
GetACP
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetLocaleInfoA
SetEvent
FreeEnvironmentStringsW
QueryPerformanceCounter

user32

DispatchMessageA
SystemParametersInfoA
SetWindowPos
DefWindowProcA
FindWindowA
SendMessageA
SetWindowLongA
GetWindowLongA
PostMessageA
TranslateMessage
KillTimer
GetWindowDC
ReleaseDC
CharNextW
GetClientRect
GetWindowRect
GetCursorPos
SetCursorPos
mouse_event
CharNextA
GetMessageA
SetActiveWindow
CreateWindowExA
GetActiveWindow
RegisterClassExA
LoadIconA
LoadCursorA
GetSysColorBrush
UpdateWindow
ShowWindow
IsWindow
SetTimer
MessageBoxA

gdi32

CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
GetPixel

advapi32

GetLengthSid
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
SetTokenInformation

shell32

SHGetFolderPathA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleSetContainedObject
OleCreate
OleUninitialize
OleInitialize
CoTaskMemAlloc

oleaut32

VariantInit
VarUI4FromStr
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VariantClear
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreate
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetLocid
GetTicket
ShowDoneMessage
ShowWelcomePage

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

797044d58fc2c95c7914cbd922f670f9

Headers

File Characteristics

Imports

wininet

shlwapi

rpcrt4

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 212KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 15KB - Virtual size: 23KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 213KB - Virtual size: 212KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 15KB - Virtual size: 23KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 15KB - Virtual size: 14KB