98b8cd949b83360334a8f35035f224d6

General

Target

98b8cd949b83360334a8f35035f224d6
Size

116KB
MD5

98b8cd949b83360334a8f35035f224d6
SHA1

728aa240b617f9208a56e896971236baccc5299a
SHA256

e73f17a0d724b177e8c847bab9107d0befb4f05e28c7a8a256ee09125861c1c5
SHA512

6a551c50a69680adf4fcc56edfb2ec50e5102ca0fdc60eaef241c55209f2e303e1ecba75d58182f8024db234d7f00f1a0595614a25aaf86f0af721e86bffc88b
SSDEEP

3072:o8f0hQ0hEr6Yd8FiszrtKv5jBqaCtWZ+p+JZN:oyJZr6DzJKv587tWsu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98b8cd949b83360334a8f35035f224d6

Files

98b8cd949b83360334a8f35035f224d6
.dll regsvr32 windows:4 windows x86 arch:x86

b5e59c581627fbc390c734d8454c92ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
SetWaitableTimer
GetCurrentProcess
MoveFileW
SetEvent
GetDriveTypeW
WriteFile
ResumeThread
FindNextChangeNotification
Sleep
GetFileSize
SizeofResource
GetProcAddress
FindClose
GetCurrentProcessId
MulDiv
FreeLibrary
LoadLibraryA
lstrcpyW
ResetEvent
ReadFile
GetCurrentThread
QueryDosDeviceW
GetLogicalDrives
SetCurrentDirectoryW
GetModuleFileNameW
GetTickCount
DeleteFileW
CancelWaitableTimer

user32

GetKeyState
GetWindowRect
SetWindowTextW
SetCursor
LoadStringW
LoadImageW
LoadIconW
TranslateMessage
GetMessageW
IsDlgButtonChecked
DrawTextW
DestroyMenu
SystemParametersInfoW
DispatchMessageW
VkKeyScanW
DialogBoxParamW
SendDlgItemMessageW
CreateWindowExW
LoadCursorW
TrackPopupMenu
RegisterWindowMessageW
GetWindowThreadProcessId

gdi32

CreateBitmap
CreateCompatibleDC
SetDIBits
LineTo
SetTextColor
CreateRoundRectRgn
GetDeviceCaps
GetObjectW
CreatePen
DPtoLP
CreateICW
SelectObject

advapi32

RegSetValueExW
RegCreateKeyExW
LookupAccountSidW
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
StartServiceW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.ztyz
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.oeik
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vfmyvq
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5e59c581627fbc390c734d8454c92ac

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.ztyz Size: 96KB - Virtual size: 94KB

.oeik Size: 4KB - Virtual size: 2KB

.vfmyvq Size: 4KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 6KB

.ztyz
Size: 96KB - Virtual size: 94KB

.oeik
Size: 4KB - Virtual size: 2KB

.vfmyvq
Size: 4KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 6KB