9c66282c643418fc762edc20e97578c2

Sharing

Copy URL Twitter E-mail

General

Target

9c66282c643418fc762edc20e97578c2
Size

82KB
MD5

9c66282c643418fc762edc20e97578c2
SHA1

21c13369bab539f6f5a61e0282ef615d16875e65
SHA256

b97670b63be82863b0d4ec07b36e5325fd2b070f1206d85095cea9cac30fc008
SHA512

d221d11d9d4288a89648baeaed3c573c0a25c1cce0a8170cb7a65841cf0f0b28130fe9ae332f95d61004fb93183bf72e90ed965061bf35de5070520aff88a853
SSDEEP

1536:UvpDx5uPuG+IjqN0/KSVYxmsixdWfxM93ISr4pr+yOPLhJ3Sy9OEPbT03xNyCsxJ:jKnxmscdW5qym1J3SXQ0to

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c66282c643418fc762edc20e97578c2

Files

9c66282c643418fc762edc20e97578c2
.dll regsvr32 windows:4 windows x86 arch:x86

42e792561d9643208d503be211df3b2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA
SHDeleteKeyA
PathFileExistsW

crypt32

CryptUnprotectData

kernel32

GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
WritePrivateProfileStringW
FlushFileBuffers
WriteFile
CreateFileW
InterlockedIncrement
InterlockedDecrement
GetSystemDirectoryA
GetPrivateProfileIntA
DeleteFileW
GetSystemDirectoryW
GetWindowsDirectoryA
GetFileSize
CreateFileA
MoveFileA
GetLocaleInfoA
GetSystemDefaultLCID
GetVersionExA
GetTickCount
CreateThread
LoadLibraryA
GetLastError
CreateMutexA
GetModuleFileNameW
GetModuleHandleA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFree
lstrcatA
lstrcpyA
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
ReadFile
ExpandEnvironmentStringsW
GlobalFree
lstrcmpiW
GlobalAlloc
GetCurrentThreadId
Sleep
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateProcessA
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls

user32

EnumWindows
DispatchMessageA
TranslateMessage
GetMessageA
IsCharAlphaNumericA
PostThreadMessageA
ShowWindow
FindWindowExA
GetWindowTextA
GetDC
GetSystemMetrics

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegCloseKey
IsTextUnicode
RegOpenKeyA

ole32

CreateStreamOnHGlobal
OleInitialize
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayCreateVector
SysFreeString
SysAllocString
SafeArrayDestroy
VariantClear
VariantCopy
VariantChangeType
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SafeArrayAccessData

wininet

DeleteUrlCacheEntry
HttpSendRequestA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

msvcrt

srand
rand
wcscat
fwrite
tmpnam
_unlink
wcscpy
_strcmpi
wcsstr
_wcslwr
wcsncpy
wcschr
_wcsnicmp
_strnicmp
time
sscanf
free
strtok
rewind
fread
fopen
_wcsicmp
fclose
fprintf
fflush
wcslen
strstr
_strupr
isupper
tolower
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
div

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42e792561d9643208d503be211df3b2b

Headers

File Characteristics

Imports

shlwapi

crypt32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 7KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 7KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 4KB