b8999808f7487af2baf43185c17b258c

Sharing

Copy URL Twitter E-mail

General

Target

b8999808f7487af2baf43185c17b258c
Size

262KB
MD5

b8999808f7487af2baf43185c17b258c
SHA1

7f2cdef4826777a57f77b6d2c16de1c1f1e280a2
SHA256

20ff3c28b1e979fa0cdc81343c3cf519b78fdd1813e1c92d0dbaa8c9ddf4d2f6
SHA512

ca43fb39f75446db50a2d51c6a9e5717962dc879bebf0cb0c4c0cc1bca08bf1e00e86e6d9b0211a1bcad3bc024488aec71e09c1b6502287691c2efb02f525e39
SSDEEP

6144:ZttmI1g10Ovlf+1Zrzlu/j185Uwkfhmr2Th5JYnw18F:Zrzq0OtfgZvoR85U1fLThqF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8999808f7487af2baf43185c17b258c

Files

b8999808f7487af2baf43185c17b258c
.dll regsvr32 windows:5 windows x86 arch:x86

d6bb491cc34cffbd8e64d324f363e317

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

inked.pdb

Imports

msvcrt

wcslen
free
??3@YAXPAX@Z
realloc
??2@YAPAXI@Z
__CxxFrameHandler
_purecall
_ftol
wcscmp
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_except_handler3
malloc

kernel32

lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
GetShortPathNameW
FlushInstructionCache
GetCurrentProcess
DisableThreadLibraryCalls
IsBadWritePtr
IsBadCodePtr
IsBadReadPtr
GlobalLock
WideCharToMultiByte
SetLastError
GetSystemDirectoryW
GetTickCount
GlobalUnlock
GlobalFree
GlobalAlloc
GetUserDefaultLangID
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
VirtualFree
VirtualAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrcatW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
GetCurrentThreadId

user32

GetMessageExtraInfo
SetTimer
KillTimer
SetCapture
ReleaseCapture
GetCapture
IsWindowEnabled
ShowCursor
GetCursorInfo
PostMessageW
GetCursorPos
ScreenToClient
GetClassInfoW
RegisterClassW
GetDoubleClickTime
UnregisterClassW
GetSystemMetrics
TranslateMessage
DispatchMessageW
MessageBeep
WindowFromDC
GetClientRect
ValidateRect
SetRect
GetSysColor
FillRect
InflateRect
SetFocus
CreateWindowExW
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
SetParent
GetParent
IsWindowVisible
UpdateWindow
SendMessageW
ShowWindow
InvalidateRect
CallWindowProcW
GetWindowLongW
SetWindowLongW
GetFocus
IsChild
DefWindowProcW
DestroyAcceleratorTable
GetKeyState
IsWindow
DestroyWindow
UnionRect
PtInRect
GetDC
ReleaseDC
CharNextW
EnableWindow

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
GetHGlobalFromStream
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

LoadRegTypeLi
DispCallFunc
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreateVector
OleCreatePropertyFrame
VariantClear
SysAllocStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysReAllocStringLen
VariantInit
OleCreateFontIndirect
OleLoadPicture
OleTranslateColor
OleCreatePictureIndirect
SafeArrayCopy
SafeArrayPutElement
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetVartype
SysStringLen

gdi32

CreateSolidBrush
DeleteObject
CreateEnhMetaFileW
SetWindowExtEx
CloseEnhMetaFile
CreateRectRgnIndirect
StretchBlt
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetViewportExtEx
GetMapMode
GetClipBox
GetObjectType
CreateDCW
RestoreDC

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6bb491cc34cffbd8e64d324f363e317

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.data Size: 62KB - Virtual size: 61KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 92KB

.data
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 5KB - Virtual size: 4KB