a895a16793403c5df0710672bfaa69b0f096742b6b826bbe80040f23846dc202

Sharing

Copy URL

Twitter E-mail

General

Target

a895a16793403c5df0710672bfaa69b0f096742b6b826bbe80040f23846dc202
Size

1004KB
MD5

4af826422ed9b2cc498c34a52eee464e
SHA1

b91c6461240eb02acfbf747af5836823996c3aae
SHA256

a895a16793403c5df0710672bfaa69b0f096742b6b826bbe80040f23846dc202
SHA512

b0333004374595d8b720c96e2490dae6e89a45d30b64cf3afa17b04fed2705a914222e6905fd3ad16115a4a03f4c4603e3e4a3ba2d4a6e4da112cfc6843af19d
SSDEEP

12288:6caLILOJcC7Mx3NFvVP9orVD2dotpdLRKN5tFjNRLU:6caLIqJcxF9WrVD2kpdobLU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a895a16793403c5df0710672bfaa69b0f096742b6b826bbe80040f23846dc202

Files

a895a16793403c5df0710672bfaa69b0f096742b6b826bbe80040f23846dc202
.dll regsvr32 windows:4 windows x86 arch:x86

0e8a17377c9b4601e7a0971e33ed66d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetCommandLineA
ExitThread
CreateThread
HeapReAlloc
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetLocaleInfoW
HeapAlloc
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalFlags
InterlockedDecrement
RaiseException
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
lstrcmpA
GetModuleFileNameA
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
GlobalGetAtomNameA
GlobalAddAtomA
SetLastError
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
SuspendThread
GetCurrentThreadId
ResumeThread
CloseHandle
CreateEventA
ResetEvent
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
GetStringTypeExA
FreeLibrary
lstrcpynA
LoadLibraryA
GetProcAddress
GetTickCount
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStrings
InterlockedExchange

user32

GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxA
TrackPopupMenu
SetForegroundWindow
GetClientRect
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
PtInRect
GetWindowTextLengthA
GetWindowTextA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
CheckDlgButton
RegisterWindowMessageA
LoadMenuA
DestroyMenu
GetClassNameA
GetSysColor
SetWindowPos
WinHelpA
SetFocus
EqualRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
GetMenu
UnpackDDElParam
BeginPaint
LoadIconA
GetClassInfoA
SetCursor
GetCapture
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
UpdateWindow
IsIconic
InsertMenuItemA
CreatePopupMenu
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
BringWindowToTop
SetMenu
ShowWindow
GetWindowLongA
GetDesktopWindow
GetWindow
IsWindowEnabled
TranslateAcceleratorA
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
LoadCursorA
GetSysColorBrush
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsZoomed
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
SetCapture
LockWindowUpdate
GetDCEx
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindow
EnableWindow
PostMessageA
wsprintfA
SendMessageA
CharUpperA
GetMenuItemInfoA
InflateRect
SetActiveWindow
EndPaint
WindowFromPoint
KillTimer
SetTimer
ClientToScreen
SetRect
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
GetDC
ReleaseDC
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
ReuseDDElParam
UnhookWindowsHookEx

gdi32

IntersectClipRect
SelectClipRgn
CreateRectRgn
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ExcludeClipRect
CreatePatternBrush
GetStockObject
CreateSolidBrush
CreateFontIndirectA
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
GetTextMetricsA
GetBkColor
CreateFontA
GetCharWidthA
DeleteObject
SelectObject
StretchDIBits
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
ScaleWindowExtEx
CreateBitmap
GetDeviceCaps

comdlg32

CommDlgExtendedError
PrintDlgA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey

shell32

DragQueryFileA
DragFinish

comctl32

ImageList_Draw
ImageList_GetImageInfo
ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ws2_32

WSAStartup
inet_ntoa
ntohl
WSACleanup
gethostname
gethostbyaddr
gethostbyname
inet_addr

snmpapi

SnmpUtilOidFree
SnmpUtilOidCpy
SnmpUtilMemAlloc
SnmpUtilMemFree

oleaut32

VariantClear
VariantInit
SysAllocStringLen
VariantChangeType

Exports

Exports

DllRegisterServer
DllUnregisterServerrst

Sections

.text
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e8a17377c9b4601e7a0971e33ed66d1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ws2_32

snmpapi

oleaut32

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 208KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 156KB - Virtual size: 155KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 212KB - Virtual size: 208KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 32KB - Virtual size: 31KB