ab86a535d47554957d1344063d14ab40

Sharing

Copy URL Twitter E-mail

General

Target

ab86a535d47554957d1344063d14ab40
Size

132KB
MD5

ab86a535d47554957d1344063d14ab40
SHA1

6dfa2d4cbb4d65091f3e51be33f0918cb52c2e86
SHA256

71d56c0db04130e3d487e94c20ca97ed3fc79a0fbcc4bef0628c87aacc8cadfc
SHA512

1409f71b4792288d24a1f09b0aa1b0434d63f3c2bed7fcf9e0f7634a7492bd55883404aee0d43853da88da3e62997e8dfa5eb6ecd198228d6a943f9324a2e412
SSDEEP

3072:U2wXXWqMyEu8teVyn8wRUgt0KMMiU1m9:yXTWMyltt0KNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab86a535d47554957d1344063d14ab40

Files

ab86a535d47554957d1344063d14ab40
.dll windows:4 windows x86 arch:x86

f1cc903f6f6cc42f11b529faa05c2fc0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen
LoadTypeLib

advapi32

CloseServiceHandle
SetSecurityDescriptorDacl
QueryServiceStatus
OpenServiceA
InitializeSecurityDescriptor
DeleteService
CreateServiceA
ControlService
AdjustTokenPrivileges

ole32

WriteClassStm
RevokeDragDrop
ProgIDFromCLSID
CLSIDFromProgID
OleSetClipboard
OleSaveToStream
OleLockRunning
OleGetClipboard
GetRunningObjectTable
GetConvertStg
DoDragDrop
CoRegisterMessageFilter
CoLockObjectExternal
CoGetMalloc
CoCreateGuid
RegisterDragDrop

user32

EndDeferWindowPos
DestroyIcon
DestroyCaret
CreateCursor
CloseWindow
ShowCursor

shell32

SHGetMalloc
SHFileOperationA
SHGetFileInfoA
SHBindToParent

shlwapi

PathIsDirectoryA
PathFindExtensionA
PathQuoteSpacesA
PathAppendA
PathUnquoteSpacesA
StrChrA
StrStrIA
PathCanonicalizeA

msvcrt

strstr
strlen
sprintf
sscanf
fflush
free
rand

kernel32

lstrlenA
WriteFile
VirtualFree
SleepEx
SetLastError
SetEndOfFile
RtlUnwind
RaiseException
OpenFile
MapViewOfFile
LocalAlloc
HeapAlloc
GetVersion
GetModuleHandleA
FlushFileBuffers
lstrcmpiA

Exports

Exports

Cng
Dip
Fzl
Jyi
Nly
Pcx
Qwt
Syw

Sections

.text
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1cc903f6f6cc42f11b529faa05c2fc0

Headers

File Characteristics

Imports

oleaut32

advapi32

ole32

user32

shell32

shlwapi

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 32KB

.rdata Size: 31KB - Virtual size: 32KB

.data Size: 35KB - Virtual size: 36KB

.idata Size: 10KB - Virtual size: 12KB

.rsrc Size: 24KB - Virtual size: 28KB

.text
Size: 30KB - Virtual size: 32KB

.rdata
Size: 31KB - Virtual size: 32KB

.data
Size: 35KB - Virtual size: 36KB

.idata
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 24KB - Virtual size: 28KB