9c72016880ea939cc9dd799b7c657ca2defdb3eece9302289e1fd20e4a97316a

Sharing

Copy URL

Twitter E-mail

General

Target

9c72016880ea939cc9dd799b7c657ca2defdb3eece9302289e1fd20e4a97316a
Size

88KB
MD5

19fd0de009a1c7870bdc4d8b0727f1ba
SHA1

65af00e4128afc4fee7abbc60aea8da1b3600866
SHA256

9c72016880ea939cc9dd799b7c657ca2defdb3eece9302289e1fd20e4a97316a
SHA512

8b79e03c38f13aa6b98f7976e11af35205bc569c246d4c329b72e9d4774bacd3cdd13b9353e9aea62098d4458469fb58c57397339230e8faa8ab5ce98ad11b18
SSDEEP

1536:UAAayWIWQLftPnCLkpBXSDNIOdUTf49+2QvrHuZXPzsmWv/DgNW4c7I7MJOQs5jY:UAXINFPnCITXUUTg9ORephs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c72016880ea939cc9dd799b7c657ca2defdb3eece9302289e1fd20e4a97316a

Files

9c72016880ea939cc9dd799b7c657ca2defdb3eece9302289e1fd20e4a97316a
.dll regsvr32 windows:4 windows x86 arch:x86

002a5d7c857adda2f86f0426260d01f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workspace\DevDLL\OutputRelease\DevCCAD.pdb

Imports

router

ord3
ord4
ord2
ord1

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetLastError
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
lstrlenA
lstrcmpiA
lstrlenW
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcpynA
IsDBCSLeadByte
lstrcatA
GetLocalTime
InterlockedExchange
SetEvent
CreateDirectoryA
CreateFileA
FlushFileBuffers
WriteFile
CloseHandle
TerminateThread
WaitForSingleObject
CreateThread
CreateEventA
GetTickCount
lstrcpynW
Sleep
CreateFileW
MoveFileExW
GetFileSizeEx
DeleteCriticalSection
ReleaseMutex
CreateMutexW
InitializeCriticalSection
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
RaiseException
ExitThread
SetFilePointerEx

user32

GetClassInfoExA
wsprintfA
SetWindowLongA
UnregisterClassA
ShowWindow
PostThreadMessageA
PeekMessageA
GetMessageA
CallWindowProcA
GetWindowLongA
CreateWindowExA
RegisterClassExA
CharNextA
DefWindowProcA
DestroyWindow
LoadCursorA
PostMessageA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

shell32

SHGetFileInfoA

ole32

StringFromGUID2
CoCreateInstance
StringFromCLSID
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
SetErrorInfo
VariantInit
VarUI4FromStr
VariantClear
VariantChangeType
LoadTypeLi
LoadRegTypeLi
SysStringLen
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo

shlwapi

PathIsDirectoryA
wnsprintfA
PathFindExtensionA
wvnsprintfA
PathFileExistsA

msvcr71

_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
__CxxFrameHandler
_onexit
__dllonexit
memset
_snprintf
wcsncpy
_resetstkoflw
__CppXcptFilter
??_U@YAPAXI@Z
_except_handler3
_CxxThrowException
malloc
_mbschr
free
_adjust_fdiv
_wcsicmp
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
_purecall
??_V@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

002a5d7c857adda2f86f0426260d01f8

Headers

File Characteristics

PDB Paths

Imports

router

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcr71

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 5KB