9c548e6b4626199b7322fbe42310db8b

General

Target

9c548e6b4626199b7322fbe42310db8b
Size

116KB
MD5

9c548e6b4626199b7322fbe42310db8b
SHA1

53a2f6731e6a4becfc5312c306da39d26b2425a1
SHA256

8acea73a6413920d8d892b170fa1db58ab6aee1682465a2a93945404e5596a2d
SHA512

aaf1b856fc7fee3eba5872d9e7052b25087e139e4ab94dc1b66f7caa78f78e2b4f4b46dde4203ace5d33dcc543940d7baabe49aa4a599c2e8322101db67653d5
SSDEEP

3072:LqR1qd+mJn4JX0U3GEdv7+sbJHYfwlD+1WDdf:LMWP8kUWE0k+wvR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c548e6b4626199b7322fbe42310db8b

Files

9c548e6b4626199b7322fbe42310db8b
.dll regsvr32 windows:4 windows x86 arch:x86

709574b3007d107367031825f9850723

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
CreateEventW
GetCurrentProcessId
MultiByteToWideChar
FindNextChangeNotification
LoadResource
CloseHandle
FindNextFileW
DeleteFileW
FindFirstChangeNotificationW
lstrcpyW
GlobalDeleteAtom
GetTickCount
WaitForMultipleObjects
ResumeThread
SizeofResource
FindClose
SetEndOfFile
GetProcAddress
GetModuleFileNameW
WaitForSingleObject
SetFilePointer
FreeResource
GlobalAddAtomW
GetCurrentProcess
FindFirstFileW
LockResource
LoadLibraryA
GetSystemTime

user32

GetWindowThreadProcessId
GetSystemMetrics
GetClassNameW
IsWindow
PostMessageW
SetCursorPos
FillRect
InvalidateRect
DestroyMenu
IsDlgButtonChecked
GetCursorPos
GetParent
DispatchMessageW
LoadBitmapW
MessageBoxW
GetSysColor
RedrawWindow
RegisterHotKey

gdi32

DPtoLP
CreateDCW
Rectangle
SelectObject
SetTextColor
CreateBitmap
CreateCompatibleBitmap
MoveToEx

advapi32

InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegNotifyChangeKeyValue
LookupAccountSidW
RegQueryValueExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.obrsw
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qedbfv
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.spad
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

709574b3007d107367031825f9850723

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.obrsw Size: 96KB - Virtual size: 95KB

.qedbfv Size: 4KB - Virtual size: 1KB

.spad Size: 4KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 6KB

.obrsw
Size: 96KB - Virtual size: 95KB

.qedbfv
Size: 4KB - Virtual size: 1KB

.spad
Size: 4KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 6KB