9c348c12a2e23b216a6dfc44f9b5886b

Sharing

Copy URL

Twitter E-mail

General

Target

9c348c12a2e23b216a6dfc44f9b5886b
Size

292KB
MD5

9c348c12a2e23b216a6dfc44f9b5886b
SHA1

fc40e302ccb05e25b10258bde7fbc3345e3bd7c2
SHA256

9b0dacfb30ea9781be0bcbd133a62a74b5ec4eccfd8f0570684f2fc24060e0ae
SHA512

edde59feb795bcf501b04cb2d51727ad9c63a2f27d4b34f511b33298d5ea0ecc938beccea7a8fb2adc3608185d98226e66b2cf1e92edecef1a036209bfba0c6d
SSDEEP

6144:F7z6KfhQwEVtXEs2dO67xEhUeAZVkv5ve1d6bjtGemR3TECTIX86WTHcg:FP6KmwEzUsEE2eAHkxW18bjoR3TEUILG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c348c12a2e23b216a6dfc44f9b5886b

Files

9c348c12a2e23b216a6dfc44f9b5886b
.dll regsvr32 windows:4 windows x86 arch:x86

229267d8fdaa8e7ad90ec599c9fa7334

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
lstrlenW
lstrcmpiW
lstrcpynW
HeapDestroy
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetTempPathW
CreateDirectoryW
LoadLibraryExW
GetCurrentDirectoryW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile

user32

CharNextW

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueW

shell32

SHFileOperationW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

shlwapi

PathIsDirectoryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

229267d8fdaa8e7ad90ec599c9fa7334

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 240KB - Virtual size: 241KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 240KB - Virtual size: 241KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB