b599692f14ed47e92817f5a523361142

Sharing

Copy URL Twitter E-mail

General

Target

b599692f14ed47e92817f5a523361142
Size

156KB
MD5

b599692f14ed47e92817f5a523361142
SHA1

3aa67f6dc7b7b5721bbf0292fbca8af541a23961
SHA256

dce3a95c0409ff765477e4e3f52d864a999901d96937a899cd24ccf2d5a3c7d3
SHA512

fe3a0799ba2f235dc5f81ba1faa50aa82ef6507bb3090fa906b44feff09f54d61481931f51209e25ebfa5be868050d1a637c7c751e860352b2036ad32dc9a198
SSDEEP

3072:v7DbNVndORMtiZwSF69sHEsZtZZ4tqJnsuKIh9JSN/B:vj5QM0ZnsLUBCviMZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b599692f14ed47e92817f5a523361142

Files

b599692f14ed47e92817f5a523361142
.dll .ps1 regsvr32 windows:4 windows x86 arch:x86 polyglot

ece9eb824c751a1491da25d80721dba3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
MoveFileA
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
SearchPathA
GetCurrentProcessId
GetTempPathA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResetEvent
WaitForSingleObject
SetEvent
CreateMutexA
ReleaseMutex
CreateEventA
DebugBreak
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
lstrlenW
CreateThread
SetFileTime
GetModuleHandleA
CreateDirectoryA
SetLastError
GetVersionExA
GetSystemDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetDriveTypeA
GetCurrentProcess
CallNamedPipeA
GetEnvironmentVariableA
CreateFileMappingA
DuplicateHandle
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
CompareStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
SetThreadPriority
GetCurrentThread
GetFileTime
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcpynA
GetModuleFileNameA
GetShortPathNameA
CreateProcessA
CloseHandle
GetTickCount
OpenFile
CopyFileA
SetFileAttributesA
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrcpyA
lstrcatA
lstrlenA
LocalFree
WideCharToMultiByte

user32

GetMenuItemInfoA
GetSubMenu
DrawMenuBar
SetMenu
GetDlgItem
GetSystemMetrics
SetActiveWindow
InflateRect
EnableMenuItem
GetSystemMenu
KillTimer
SetTimer
PtInRect
GetWindowRect
GetCursorPos
IsWindowVisible
GetForegroundWindow
GetWindow
SetRect
GetFocus
IntersectRect
MapWindowPoints
EqualRect
GetWindowThreadProcessId
ReleaseDC
GetDC
BringWindowToTop
IsRectEmpty
GetClassNameA
EnableWindow
InsertMenuA
ModifyMenuW
DispatchMessageA
TranslateMessage
GetMessageA
MsgWaitForMultipleObjects
PeekMessageA
GetMenu
CreateAcceleratorTableA
GetClientRect
SetRectEmpty
GetParent
ShowWindow
InvalidateRect
SetFocus
GetKeyState
CopyRect
ReleaseCapture
TrackPopupMenuEx
RemoveMenu
CreatePopupMenu
ModifyMenuA
AppendMenuA
GetMenuItemCount
DestroyMenu
EnumChildWindows
GetUpdateRect
BeginPaint
EndPaint
SetWindowPos
PostMessageA
GetMessageTime
GetMessagePos
AppendMenuW
DestroyAcceleratorTable
SendMessageA
IsWindow
DestroyWindow
UnregisterClassA
GetClassInfoA
LoadCursorA
RegisterClassA
CreateWindowExA
GetWindowLongA
SetWindowLongA
DefWindowProcA
SystemParametersInfoA
wsprintfA
GetKeyboardType

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDIBits
DeleteDC
DeleteObject
GetPixel

advapi32

RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegFlushKey
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CreateOleAdviseHolder
CoDisconnectObject
CoTaskMemAlloc
OleDestroyMenuDescriptor
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CoUninitialize
OleSetMenuDescriptor
CoInitialize

oleaut32

VariantCopy
DispInvoke
DispGetIDsOfNames
SysStringLen
SysAllocStringByteLen
DispGetParam
VariantInit
SysAllocString
VariantClear
SysFreeString
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SCI

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ece9eb824c751a1491da25d80721dba3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 5KB