84fd236a407f362961387006def2f4e20d5b02c16cabaf12af0ce92806a4157a

Sharing

Copy URL

Twitter E-mail

General

Target

84fd236a407f362961387006def2f4e20d5b02c16cabaf12af0ce92806a4157a
Size

122KB
MD5

db39121019131b07e9da1ea28d889f28
SHA1

11bdbd5ffd13124c9da18686504eef14e7dec1ee
SHA256

84fd236a407f362961387006def2f4e20d5b02c16cabaf12af0ce92806a4157a
SHA512

5b1ad78d30348a2493eb78a1dbe68d841aed271a7670a83e168902769b7a63773b20b0c15e3cf2bc5bc4c0d7822c8d2c3de8d8a479ce828d1405cdc38705fd52
SSDEEP

3072:Q6PaJ/mY4KbCzzIhCpqvKV+Gj0d08F5mgsi:QgpKEEDvLK0W8F8i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84fd236a407f362961387006def2f4e20d5b02c16cabaf12af0ce92806a4157a

Files

84fd236a407f362961387006def2f4e20d5b02c16cabaf12af0ce92806a4157a
.dll regsvr32 windows:5 windows x86 arch:x86

59615d344b77a03f384636194bb7bed7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
VirtualAlloc
VirtualFree
FreeLibrary
HeapFree
GetModuleHandleExW
GetVersionExW
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrcpyW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
HeapDestroy
VirtualProtect
DisableThreadLibraryCalls
GlobalUnlock
GlobalLock
LoadLibraryExW
lstrcatW
lstrlenA
SizeofResource
lstrcmpW
CreateEventW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
GlobalFree
GetSystemDirectoryW
GlobalAlloc
WriteFile
IsBadStringPtrW
FindResourceW
LoadResource
LockResource
GetTempPathW
GetTempFileNameW
DeleteFileW
GetCurrentThread
LocalAlloc
CreateFileW
LocalFree
CloseHandle
InterlockedExchangeAdd
SetEvent
CreateThread
MulDiv
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
lstrlenW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
RaiseException
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
lstrcpynW
LoadLibraryA
Sleep

msvcrt

_wcsicmp
memmove
_wcsdup
malloc
free
wcsncpy
wcslen
wcscat
__CxxFrameHandler
wcscpy
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_purecall
wcsstr
wcsrchr
swprintf
fseek
fwprintf
_iob
realloc
bsearch
qsort
fclose
fread
_wfopen
ftell

msvcp60

?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

user32

SetWindowLongW
CreateWindowExW
CreateDialogIndirectParamW
DestroyWindow
GetDesktopWindow
PostMessageW
GetScrollInfo
ShowScrollBar
GetDlgCtrlID
GetFocus
CallWindowProcW
GetPropW
SetPropW
DefWindowProcW
PtInRect
DrawFocusRect
HideCaret
LoadImageW
SetDlgItemTextW
CharNextW
RegisterClassExW
GetClassInfoExW
GetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
RegisterWindowMessageW
CharPrevW
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SetFocus
IsChild
EndPaint
FillRect
BeginPaint
RedrawWindow
GetClassNameW
CreateAcceleratorTableW
wsprintfW
ScreenToClient
GetWindowRect
MoveWindow
SetWindowTextW
GetWindowLongW
EndDialog
SendMessageW
EnableWindow
IsWindowVisible
DrawTextW
GetSysColor
DialogBoxParamW
GetSystemMetrics
LoadStringW
GetParent
GetWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsWindow
MessageBoxW
GetDlgItem
SendDlgItemMessageW
KillTimer
SetTimer
GetDC
ShowWindow
UpdateWindow
LoadCursorW
ReleaseDC

gdi32

CreateSolidBrush
BitBlt
DeleteDC
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectPalette
RealizePalette
GetDeviceCaps
GetObjectType
DeleteObject
SelectObject
SetTextColor
GetTextMetricsW
CreateFontIndirectW
GetObjectW

advapi32

OpenProcessToken
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetTokenInformation
OpenThreadToken
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData

ole32

OleLockRunning
StringFromCLSID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
StringFromGUID2
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

shell32

SHCreateDirectoryExW
ShellExecuteW

oleaut32

VariantInit
VarUI4FromStr
SysFreeString
SysAllocString
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VariantCopy
RegisterTypeLi
VariantClear
OleLoadPicturePath
LoadTypeLi

rpcrt4

UuidFromStringW

shlwapi

PathIsRootW
PathRenameExtensionW
PathAppendW
PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59615d344b77a03f384636194bb7bed7

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

user32

gdi32

advapi32

ole32

shell32

oleaut32

rpcrt4

shlwapi

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 87KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 87KB - Virtual size: 87KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 7KB - Virtual size: 6KB