aa428ec3bdbf6de2917f1292e4bdd1a9

Sharing

Copy URL

Twitter E-mail

General

Target

aa428ec3bdbf6de2917f1292e4bdd1a9
Size

1.7MB
MD5

aa428ec3bdbf6de2917f1292e4bdd1a9
SHA1

3955d1512e02a81155eed6861e812f70cc590887
SHA256

c785a692f4504dbef9b3986de9a740fc2baf601d2ecf29cc689074f3cfd6cfd2
SHA512

3d869061279ce840acbd5bbc92e319e2d24cad5cafb850c56e9d39ee419adcbafbc72402953d6bae18b64a6a545e443ae658f2affe89a38d357a82432134745d
SSDEEP

12288:kVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ18U8wB:BfP7fWsK5z9A+WGAW+V5SB6Ct4bnb8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa428ec3bdbf6de2917f1292e4bdd1a9

Files

aa428ec3bdbf6de2917f1292e4bdd1a9
.dll regsvr32 windows:5 windows x64 arch:x64

6668be91e2c948b183827f040944057f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

LookupIconIdFromDirectoryEx
WaitForInputIdle
GetParent
GetFocus

setupapi

CM_Get_Resource_Conflict_DetailsW

kernel32

DeleteCriticalSection
DeleteTimerQueue
TerminateJobObject
GetFileInformationByHandle
GetThreadLocale
GetNamedPipeServerProcessId
GetConsoleFontSize

gdi32

CreateBitmapIndirect
GetPolyFillMode

crypt32

CertGetCTLContextProperty

advapi32

AddAccessDeniedObjectAce

shlwapi

ChrCmpIW

Exports

Exports

?AfxFreeLibrary@@YAHPEAUHINSTANCE__@@@Z
?AfxLoadLibrary@@YAPEAUHINSTANCE__@@PEBG@Z
?AfxLockGlobals@@YAXH@Z
?AfxUnlockGlobals@@YAXH@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.qkm
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cvjb
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tlmkv
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wucsxe
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fltwtj
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sfplio
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rpg
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bewzc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vksvaw
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wmhg
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gebpi
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fwhzuc
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vvsvb
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ajtavw
Size: 4KB - Virtual size: 571B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.echrlp
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ukoy
Size: 4KB - Virtual size: 571B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xewc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6668be91e2c948b183827f040944057f

Headers

DLL Characteristics

File Characteristics

Imports

user32

setupapi

kernel32

gdi32

crypt32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 257KB

.rdata Size: 404KB - Virtual size: 403KB

.data Size: 96KB - Virtual size: 94KB

.pdata Size: 4KB - Virtual size: 300B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 8KB

.qkm Size: 4KB - Virtual size: 1KB

.cvjb Size: 8KB - Virtual size: 7KB

.tlmkv Size: 4KB - Virtual size: 2KB

.wucsxe Size: 280KB - Virtual size: 276KB

.fltwtj Size: 8KB - Virtual size: 4KB

.sfplio Size: 4KB - Virtual size: 1KB

.rpg Size: 280KB - Virtual size: 276KB

.bewzc Size: 8KB - Virtual size: 4KB

.vksvaw Size: 4KB - Virtual size: 1KB

.wmhg Size: 8KB - Virtual size: 4KB

.gebpi Size: 4KB - Virtual size: 1KB

.fwhzuc Size: 280KB - Virtual size: 276KB

.vvsvb Size: 8KB - Virtual size: 4KB

.ajtavw Size: 4KB - Virtual size: 571B

.echrlp Size: 4KB - Virtual size: 2KB

.ukoy Size: 4KB - Virtual size: 571B

.xewc Size: 28KB - Virtual size: 27KB

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 404KB - Virtual size: 403KB

.data
Size: 96KB - Virtual size: 94KB

.pdata
Size: 4KB - Virtual size: 300B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 8KB

.qkm
Size: 4KB - Virtual size: 1KB

.cvjb
Size: 8KB - Virtual size: 7KB

.tlmkv
Size: 4KB - Virtual size: 2KB

.wucsxe
Size: 280KB - Virtual size: 276KB

.fltwtj
Size: 8KB - Virtual size: 4KB

.sfplio
Size: 4KB - Virtual size: 1KB

.rpg
Size: 280KB - Virtual size: 276KB

.bewzc
Size: 8KB - Virtual size: 4KB

.vksvaw
Size: 4KB - Virtual size: 1KB

.wmhg
Size: 8KB - Virtual size: 4KB

.gebpi
Size: 4KB - Virtual size: 1KB

.fwhzuc
Size: 280KB - Virtual size: 276KB

.vvsvb
Size: 8KB - Virtual size: 4KB

.ajtavw
Size: 4KB - Virtual size: 571B

.echrlp
Size: 4KB - Virtual size: 2KB

.ukoy
Size: 4KB - Virtual size: 571B

.xewc
Size: 28KB - Virtual size: 27KB