c1f072e4bdb737347cb173e65ea8a671675d6873158e913e45405d36870455cb

Sharing

Copy URL Twitter E-mail

General

Target

c1f072e4bdb737347cb173e65ea8a671675d6873158e913e45405d36870455cb
Size

228KB
MD5

bb2ccd3ddb85da4e71e15df961b0b74f
SHA1

e038f6d59ba8e4e79a43b7b2fc246ae3e325569b
SHA256

c1f072e4bdb737347cb173e65ea8a671675d6873158e913e45405d36870455cb
SHA512

63f7ba98bd1563dbbd1d6d44200085268c4ac51fd760981f8b3e6b9e4b09517dd625a81c56451272d8043a48fb34e6ae070c2fceba6c84010407effd49e280f4
SSDEEP

3072:IAn9BvOUZNCqGT8fI7lvCzIMjAScPAKWT+XmLcI+0Jp8WKXWw:IeB5ZNxARvUIMktAKWCAckJpV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1f072e4bdb737347cb173e65ea8a671675d6873158e913e45405d36870455cb

Files

c1f072e4bdb737347cb173e65ea8a671675d6873158e913e45405d36870455cb
.dll regsvr32 windows:4 windows x86 arch:x86

713a954ca99f377df94893b6b3116e94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_CIexp
_purecall
_iob
fprintf
exit
_CIpow
ceil
_splitpath
_ftol
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
__dllonexit
_onexit
??3@YAXPAX@Z

winmm

waveOutOpen
waveOutGetDevCapsA

kernel32

InterlockedIncrement
ReadFile
IsBadReadPtr
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateFileA
VirtualAlloc
VirtualFree
IsBadWritePtr
GetProcAddress
LoadLibraryA
GetFileAttributesA
GetModuleFileNameA
FreeLibrary
GetVersionExA
WaitForSingleObject
CreateThread
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetLastError

advapi32

RegSetValueA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA

user32

DestroyWindow
ShowWindow
InvalidateRect
DefWindowProcA
LoadStringW
LoadStringA
MoveWindow
GetWindowRect
GetDesktopWindow
wsprintfA
CreateDialogParamA
SetWindowLongA
GetWindowLongA
EnableWindow
CheckDlgButton
SetWindowTextA
IsDlgButtonChecked
GetDlgItem
SendMessageA

comctl32

ord17

ole32

StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoTaskMemFree
CoInitialize
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CPUCAP_T
Size: 4KB - Virtual size: 335B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

713a954ca99f377df94893b6b3116e94

Headers

File Characteristics

Imports

msvcrt

winmm

kernel32

advapi32

user32

comctl32

ole32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

CPUCAP_T Size: 4KB - Virtual size: 335B

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 92KB - Virtual size: 234KB

.CRT Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

CPUCAP_T
Size: 4KB - Virtual size: 335B

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 92KB - Virtual size: 234KB

.CRT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB