b9b046ad92ab8542e7dc8dc1d83c657d

Sharing

Copy URL Twitter E-mail

General

Target

b9b046ad92ab8542e7dc8dc1d83c657d
Size

176KB
MD5

b9b046ad92ab8542e7dc8dc1d83c657d
SHA1

65741a79a58f511c0115aaa8396789a651c650ee
SHA256

ffc78cb09bcb08e30f454bd6b2faa66e5e5dc77f3012b4767e9e6971065059b4
SHA512

7cc630be419ac0a880b4cb8cc40c26fbb43155063022a21701f8d78ccd8af9e12e8ed315a81b9e467efb682d6233e21f0df8d004051812260f6cceda9f31f3fe
SSDEEP

3072:4ZT19buLdpI5T553zPPHqQKWZ8/DiPF6Xp6QuJq8Wq+euW:W7buBp6T5537PeW6/Did656QZ8u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9b046ad92ab8542e7dc8dc1d83c657d

Files

b9b046ad92ab8542e7dc8dc1d83c657d
.dll regsvr32 windows:4 windows x86 arch:x86

eb3d7a09153cfbfa0d7cc4ebaa193ab2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHSetValueA
StrStrIA
SHGetValueA

msvcrt

ispunct
??3@YAXPAX@Z
??2@YAPAXI@Z
isxdigit
strstr
isgraph
??0exception@@QAE@ABV0@@Z
_CxxThrowException
free
malloc
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strerror
strncpy
strtok
toupper
islower
wctomb
isalpha
strchr
isupper
wcscmp
?what@exception@@UBEPBDXZ
printf
??0exception@@QAE@XZ
isspace
__CxxFrameHandler
isalnum
wcslen
strtol
atoi
tmpnam
fopen
fwrite
fclose
tolower
??1exception@@UAE@XZ

oleaut32

VariantClear
SysFreeString
SysAllocString
GetErrorInfo

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA

advapi32

SetEntriesInAclA
RegOpenKeyExA
SetSecurityInfo
GetSecurityInfo
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegCloseKey

rpcrt4

UuidToStringA

user32

GetClassNameA
DispatchMessageA
TranslateMessage
GetMessageA
ShowWindow
CreateWindowExA
RegisterClassExA
SetWindowPos
SystemParametersInfoA
EnumWindows
EnumChildWindows
KillTimer
SetTimer
DefWindowProcA
wsprintfA
OpenClipboard
CloseClipboard
GetWindowThreadProcessId

winmm

timeGetTime

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoCreateGuid

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

netapi32

Netbios

kernel32

GetLastError
GetCurrentDirectoryA
Sleep
GetProcessHeap
GetVersion
HeapFree
GetLocalTime
GetSystemDirectoryA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
HeapSize
HeapAlloc
SleepEx
CloseHandle
OpenProcess
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
FormatMessageA
lstrcpyA
FreeEnvironmentStringsA
GetEnvironmentStrings
MultiByteToWideChar
lstrcmpiA
lstrcmpA
GetSystemInfo
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetVersionExA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
lstrcpynA
CreateFileA
lstrlenA
GetFullPathNameA
GetThreadTimes
GetCurrentThread
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleA
GetProcessTimes
LocalFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb3d7a09153cfbfa0d7cc4ebaa193ab2

Headers

File Characteristics

Imports

shlwapi

msvcrt

oleaut32

wininet

advapi32

rpcrt4

user32

winmm

psapi

ole32

version

netapi32

kernel32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 24KB - Virtual size: 26KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 24KB - Virtual size: 26KB

.reloc
Size: 12KB - Virtual size: 8KB