9a81983c4210d1618043e72c0f04749d

Sharing

Copy URL Twitter E-mail

General

Target

9a81983c4210d1618043e72c0f04749d
Size

253KB
MD5

9a81983c4210d1618043e72c0f04749d
SHA1

8f64856d8181dc31c8e23b14117789447553d6dd
SHA256

5c0c2925d1bd66ce21a0b5d292177a2b87441aceff91a1ebe570f51bfbcfa5b9
SHA512

323c2e5355dd2c4c4c329f1c4498ac3502e7471187eeb19a7d55fa37936bbb5333eebe4d85fb3b4c50e442ae82167b05218c2204ed90bd23acd533de25259e5e
SSDEEP

6144:NWEB5zWTgKcFaSFVz9li4if2de1Rq+Bvy4DNQEOOyQch:JzZJFVzDi4if9q2eEO5Q8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a81983c4210d1618043e72c0f04749d

Files

9a81983c4210d1618043e72c0f04749d
.dll regsvr32 windows:6 windows x86 arch:x86

15b84d9d3ac07eed86723fba41ed8706

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SearchHistoryStore.pdb

Imports

kernel32

LoadLibraryA
OpenFileMappingW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
WaitForSingleObject
ReleaseMutex
CreateMutexW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThread
GetSystemTime
GetModuleFileNameW
GetModuleHandleExW
GetVersionExW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
SetThreadLocale
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
DecodePointer
GetCommandLineA
RtlUnwind
EncodePointer
VirtualProtect
VirtualAlloc
GetSystemInfo
MapViewOfFile
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
FlushViewOfFile
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
UnmapViewOfFile
CreateFileW
CloseHandle
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
WideCharToMultiByte
SystemTimeToFileTime
VirtualQuery
GetTickCount

user32

CharUpperW
CharNextW

advapi32

RegCreateKeyExW
RegEnumKeyExW
ConvertSidToStringSidW
IsValidSid
GetLengthSid
CopySid
GetTokenInformation
ImpersonateSelf
OpenThreadToken
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance

oleaut32

LoadRegTypeLi
VariantInit
VariantClear
SysStringLen
SysFreeString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString

userenv

UnloadUserProfile

shlwapi

ChrCmpIW
PathRemoveFileSpecW
PathCombineW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15b84d9d3ac07eed86723fba41ed8706

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

userenv

shlwapi

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 136KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 137KB - Virtual size: 136KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 9KB - Virtual size: 9KB