ade564ec072c46f6fc0b9db3bdd9a4b3

Sharing

Copy URL Twitter E-mail

General

Target

ade564ec072c46f6fc0b9db3bdd9a4b3
Size

305KB
MD5

ade564ec072c46f6fc0b9db3bdd9a4b3
SHA1

47b09cafbc27930970d7d44c2aef3055458c237f
SHA256

e3d36a8fb963147a65672c230a508d248b5fd20bf069e620e5026e50f2db2ffe
SHA512

36a8f655728ef41dabc8ddc703e82a6eb354e9e3014f7855499ea188677a3bebfd02c38f17571981fa30ac4bc6e139ffa7c5c8dae3e6f33cb6b0b060c1de3d13
SSDEEP

6144:Ea2Efxxy9mw3s/FseJllP6D19SgdQybNtMly:E0J1w3s/FseJ4GcFbNtZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ade564ec072c46f6fc0b9db3bdd9a4b3

Files

ade564ec072c46f6fc0b9db3bdd9a4b3
.dll regsvr32 windows:4 windows x86 arch:x86

b833fa66e2a4b6643fa5630623250fbd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeBeginPeriod
timeEndPeriod
timeSetEvent
timeGetTime

d3d9

Direct3DCreate9

gdi32

ExtTextOutW
CreateCompatibleDC
SetBkColor
SelectObject
GetTextMetricsW
GetGlyphOutlineW
DeleteObject
DeleteDC
FillRgn
CreateSolidBrush
CombineRgn
CreateRectRgn
CreateRectRgnIndirect
CreateFontW

kernel32

CloseHandle
LoadResource
SetThreadPriority
CreateSemaphoreW
FindResourceExW
WideCharToMultiByte
InterlockedCompareExchange
InitializeCriticalSection
MultiByteToWideChar
DeleteCriticalSection
SetEvent
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
FlushFileBuffers
CreateFileA
ReadFile
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
RtlUnwind
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LockResource
WriteFile
ExitProcess
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapCreate
GetCommandLineA
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
lstrcmpiA
GetModuleHandleW
InterlockedExchange
GetModuleFileNameA
GetVersionExW
DisableThreadLibraryCalls
GetLastError
VirtualFree
ResetEvent
CreateThread
SizeofResource
CreateEventW
InterlockedDecrement
ReleaseSemaphore
FindResourceW
InterlockedIncrement
LCMapStringW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
DuplicateHandle
SetStdHandle
GetCurrentThreadId
VirtualAlloc
lstrlenW
lstrcmpW
GetSystemInfo
lstrcpynW
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
OutputDebugStringA
lstrlenA
GetVersionExA
RaiseException
GetStringTypeW
GetStdHandle

user32

UnregisterClassA
GetDesktopWindow
LoadStringW
MoveWindow
CreateDialogParamW
InvalidateRect
SendMessageTimeoutW
GetClassLongW
GetParent
UnionRect
SetWindowPos
SetRectEmpty
SetDlgItemTextA
PostQuitMessage
SendDlgItemMessageA
PostMessageW
SetCursor
SetWindowsHookExW
EnumDisplayDevicesA
GetMonitorInfoW
CallNextHookEx
GetWindowRect
GetKeyState
GetWindowLongW
SendMessageW
SetWindowLongW
ShowWindow
RegisterClassW
KillTimer
LoadCursorW
SetTimer
DestroyWindow
AttachThreadInput
SetParent
GetWindowThreadProcessId
MsgWaitForMultipleObjects
ReleaseDC
SetWindowTextW
DispatchMessageW
IntersectRect
GetWindowPlacement
PeekMessageW
ScreenToClient
GetDC
IsWindowVisible
GetClientRect
CreateWindowExW
GetWindowTextW
DefWindowProcW
GetDlgItem
EnableWindow
ValidateRect
InflateRect
UnhookWindowsHookEx

advapi32

RegSetValueW
CryptReleaseContext
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
CryptGenRandom
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
CryptAcquireContextW

ole32

StringFromGUID2
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoFreeUnusedLibraries

oleaut32

SysFreeString
VariantChangeType
SafeArrayAccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
VariantClear
VariantInit
SafeArrayUnaccessData
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b833fa66e2a4b6643fa5630623250fbd

Headers

File Characteristics

Imports

winmm

d3d9

gdi32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 174KB - Virtual size: 174KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 71KB - Virtual size: 78KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 71KB - Virtual size: 78KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB