ad797783abc4ed37c2cbcd732754c768

Sharing

Copy URL Twitter E-mail

General

Target

ad797783abc4ed37c2cbcd732754c768
Size

68KB
MD5

ad797783abc4ed37c2cbcd732754c768
SHA1

62b67a7e2d1703ad2b33ca5fc0552419b216fe08
SHA256

6e2326012b5b5c8e1579ba5154769fa7f5bdd88b977a2867361cd6202183d66b
SHA512

32619767efb97f4d5dcac79f29d0d3f5f8db5214119be1d49d9504bb1acb32dda9337b3dffa1226eb0f8232071272b48868fe89664e2442f65aa59ff72f52ef9
SSDEEP

1536:MA9sRYNTk0pAVrR1eXyefVDx3NetsMOSz:MAoVDeisV5MOS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad797783abc4ed37c2cbcd732754c768

Files

ad797783abc4ed37c2cbcd732754c768
.dll windows:4 windows x86 arch:x86

e18f7212ed4917172009257076108233

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFileEx
DeleteTimerQueueEx
QueryPerformanceFrequency
GetSystemWow64DirectoryW
GetProfileIntA
LoadResource
SetConsoleTitleA
GetStringTypeA
VirtualFree
WriteConsoleW
GetModuleFileNameW
PurgeComm
VirtualUnlock
FreeLibraryAndExitThread
CreateToolhelp32Snapshot
GetProfileIntW
GetFullPathNameA
SetVolumeLabelW
GetUserDefaultLCID
LockFile
GlobalAddAtomA
ExpandEnvironmentStringsW
CreateRemoteThread
LocalAlloc
SetCurrentDirectoryA
GlobalHandle
GetCompressedFileSizeW
WriteFile
SetConsoleTextAttribute
FlushViewOfFile
EnterCriticalSection
VirtualProtect
VirtualQuery
InterlockedExchange
CreateMutexA
lstrlenW
CopyFileA
LoadLibraryA
LeaveCriticalSection
WaitForSingleObject
GetSystemTimeAsFileTime
InitializeCriticalSection
lstrcatW
GetProcessHeap
GetProcAddress
GetComputerNameA
GetModuleFileNameA
MoveFileExA
UnmapViewOfFile
CloseHandle
CreateThread
lstrcpyW
RaiseException
HeapAlloc

ole32

RegisterDragDrop
OleQueryLinkFromData
CoInitializeEx
CoCreateInstance
OleDestroyMenuDescriptor
OleRegGetUserType
OleUninitialize
CoTaskMemRealloc
CoImpersonateClient
OleCreateFromData
PropVariantClear
CreateBindCtx
OleLockRunning
OleRegGetMiscStatus
CoAllowSetForegroundWindow
CoUninitialize
CoTaskMemFree

advapi32

RegSetValueExW
GetUserNameW
RegOpenCurrentUser
UnlockServiceDatabase
RegQueryInfoKeyW
RegCreateKeyA
DeregisterEventSource
ReadEventLogA
QueryServiceLockStatusA
RegSetValueA
CreateProcessAsUserW
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

gdi32

EnumFontFamiliesExW
SetViewportOrgEx
SwapBuffers
GetROP2
Ellipse
PolyPolyline
PathToRegion
GetTextExtentPoint32A
GetGlyphOutlineW
StretchBlt
PlayEnhMetaFileRecord
ResizePalette
GetWinMetaFileBits
GetBitmapBits
GetViewportOrgEx
RectVisible
PtVisible

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e18f7212ed4917172009257076108233

Headers

File Characteristics

Imports

kernel32

ole32

advapi32

gdi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 1KB