a1885714af2de4074300eb3b9c3f4cca

Sharing

Copy URL Twitter E-mail

General

Target

a1885714af2de4074300eb3b9c3f4cca
Size

184KB
MD5

a1885714af2de4074300eb3b9c3f4cca
SHA1

dab5db533efa52d37a1953443de373aba0a7bb68
SHA256

00c4efd1af30962c09c4f97164c1ed5b1ea5bc6806158dc49de9d2cfb9ebd5e2
SHA512

0695ba583b3d91d6b60d28e7f38e243613b1401c7b74601217f1dbf917340a8aa8b12e67fa430741591d3b947231766a59491b799254635488826e1e430319c0
SSDEEP

3072:maAmMrs1kGJ9XYYJs1gIgrN+iZEoKR1g2dOqaasiJDnkvR39vist3:mjCj8gfx/ZEoKR62gqXs4iNvis

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1885714af2de4074300eb3b9c3f4cca

Files

a1885714af2de4074300eb3b9c3f4cca
.dll regsvr32 windows:4 windows x86 arch:x86

eb4a21f0e6200bcecd09ff3d7e801f25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

advapi32

CryptReleaseContext
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegCloseKey
RegOpenKeyExA
CryptGenRandom
CryptAcquireContextA

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA

msvcrt

_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__dllonexit
strstr
strtol
atoi
tmpnam
fopen
fwrite
strtok
toupper
strchr
isspace
isalpha
islower
isxdigit
wcscmp
wcslen
?what@exception@@UBEPBDXZ
ispunct
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
wctomb
isupper
strerror
printf
isgraph
isalnum
tolower
??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
strncpy
fclose

winmm

timeGetTime

ole32

CoCreateGuid
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

user32

GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
wsprintfA
KillTimer
SetTimer
DefWindowProcA
SystemParametersInfoA
SetWindowPos
OpenClipboard
CloseClipboard
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
DispatchMessageA
TranslateMessage

rpcrt4

UuidToStringA

oleaut32

VariantClear
SysAllocString
SysFreeString
GetErrorInfo

netapi32

Netbios

kernel32

GetWindowsDirectoryA
GetThreadTimes
GetCurrentThread
GetModuleHandleA
GetModuleFileNameA
HeapFree
GetLocalTime
GetCurrentDirectoryA
QueryPerformanceCounter
GetTickCount
FreeLibrary
CloseHandle
CreateRemoteThread
WriteProcessMemory
GetVersion
HeapSize
HeapAlloc
GetProcessHeap
SleepEx
GetVersionExA
lstrcpyA
lstrlenA
GetLastError
FreeEnvironmentStringsA
GetEnvironmentStrings
MultiByteToWideChar
GetSystemDirectoryA
GetProcessTimes
GetCurrentProcess
GetSystemInfo
SetLastError
GetProcAddress
GetFullPathNameA
VirtualAllocEx
OpenProcess
LoadLibraryA
Sleep
LocalFree
FormatMessageA
lstrcpynA
lstrcmpiA
QueryPerformanceFrequency
lstrcmpA
CreateFileA
GetCurrentProcessId
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb4a21f0e6200bcecd09ff3d7e801f25

Headers

File Characteristics

Imports

shlwapi

advapi32

wininet

msvcrt

winmm

ole32

version

psapi

user32

rpcrt4

oleaut32

netapi32

kernel32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 24KB - Virtual size: 24KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 24KB - Virtual size: 24KB

.reloc
Size: 12KB - Virtual size: 8KB