97707577346188009caefe94ba1e5ced

Sharing

Copy URL Twitter E-mail

General

Target

97707577346188009caefe94ba1e5ced
Size

183KB
MD5

97707577346188009caefe94ba1e5ced
SHA1

755399be0ed6275a3fe7ac9f52a9f53f9e13a458
SHA256

746631dc739aa8cb35d20b8bce294d41a275538421a365245b9a909124c42a2f
SHA512

0e4378a0c49ec28a3ede326591829418cb1a4ed900867fa94eeb39d05b224dce727a59c9fa1184ae097991cbc8dc30d55861a38abd2fe0335e576037281460de
SSDEEP

3072:hvZ/BpOppFOM5ene/KBJdjsFF4R7CQzK5rz12MYrH+Ricnm:R3Ip6M0nGKBJdjsFwG4gztYr80

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97707577346188009caefe94ba1e5ced

Files

97707577346188009caefe94ba1e5ced
.dll regsvr32 windows:5 windows x86 arch:x86

81f4ecba3bbc272024c785755250e52f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cloudverb\smallneck\HadClimb\Heavy.pdb

Imports

kernel32

GetVolumeInformationW
GetSystemTime
CloseHandle
VirtualProtect
GetLocalTime
GetProcAddress
CreateFileW
GetVersionExW
Sleep
LoadLibraryW
OpenProcess
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
WriteFile
HeapReAlloc
VirtualAlloc
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
QueryPerformanceCounter
LoadResource
FreeLibrary
GetDateFormatW
GetCommandLineW
GetLocaleInfoA
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
HeapAlloc
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetCurrentProcessId
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
GetTokenInformation
OpenServiceW
RegSetValueExW
RegCloseKey
RegisterServiceCtrlHandlerW
RegOpenKeyExW
FreeSid
SetEntriesInAclW
SetServiceStatus
AllocateAndInitializeSid
QueryServiceStatus
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
OpenProcessToken
DeleteService
OpenThreadToken
OpenSCManagerW
RegDeleteKeyW

user32

CreateMenu
CheckMenuItem
UnregisterHotKey
BeginDeferWindowPos
DeferWindowPos
RegisterWindowMessageW
LoadImageW
IsWindowEnabled
DrawIcon
GetClassNameW
TranslateMessage
CheckMenuRadioItem
DispatchMessageW

gdi32

CreatePen
GetObjectW
SetMapMode
DPtoLP
DeleteObject
CreateDCW
DeleteDC

ole32

CoUninitialize
OleInitialize
CoInitialize
CoCreateInstance
OleUninitialize

Exports

Exports

DllRegisterServer
Starlight
Yearthey

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81f4ecba3bbc272024c785755250e52f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 9KB - Virtual size: 79KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 9KB - Virtual size: 79KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 7KB