bb0654ba0e12d4c17e81f504f79c1631

Sharing

Copy URL Twitter E-mail

General

Target

bb0654ba0e12d4c17e81f504f79c1631
Size

570KB
MD5

bb0654ba0e12d4c17e81f504f79c1631
SHA1

1c2ea8f3cb816d4baaca78800c6cc7ab5102c260
SHA256

9d03b4b86227ec7949fe0856f675606b775ba75a2c954e96d4bc9fe3468213b5
SHA512

ab7de896669cfced74826c6023d573d622e40ddf844cd9ddd7227e06e3342294699f711c5c71b7ee403276a2fcd9639d9abfb3a0040df13e095470aa2f7f9810
SSDEEP

6144:w5jEqsDJnigpa6W9xkYZOhR/rIbQXfpriEj5qqqqqqq5Q0dd4x:6jE/ig8nxkiOhR/rIbQXfpriU+E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb0654ba0e12d4c17e81f504f79c1631

Files

bb0654ba0e12d4c17e81f504f79c1631
.dll regsvr32 windows:5 windows x86 arch:x86

09b8fcfe0d6c56fab8203e197d8843d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LoadLibraryA
GlobalFree
GlobalHandle
LockResource
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GlobalUnlock
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
HeapDestroy
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
InterlockedDecrement
lstrlenW
InterlockedIncrement
GetCurrentThreadId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetConsoleMode
HeapCreate
CreateThread
ExitThread
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
LoadLibraryW
WideCharToMultiByte

user32

SetFocus
UnregisterClassA
SetWindowLongW
GetWindowLongW
UnregisterClassW
CharNextW
DefWindowProcW
DestroyWindow
GetSysColor
MoveWindow
SetWindowPos
MapWindowPoints
MapDialogRect
SetWindowContextHelpId
IsWindowVisible
GetWindowRect
GetTopWindow
CreateDialogIndirectParamW
ShowWindow
PeekMessageW
TranslateMessage
DispatchMessageW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetClientRect
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
CreateAcceleratorTableW
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetStockObject

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize

oleaut32

DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09b8fcfe0d6c56fab8203e197d8843d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 466KB - Virtual size: 466KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 27KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 57KB - Virtual size: 56KB

.text
Size: 466KB - Virtual size: 466KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 27KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 57KB - Virtual size: 56KB