c006ece04c480b9d7eb2afefc3095f24

Sharing

Copy URL Twitter E-mail

General

Target

c006ece04c480b9d7eb2afefc3095f24
Size

156KB
MD5

c006ece04c480b9d7eb2afefc3095f24
SHA1

1c142ab271049368c5de37a8e5717a97c9363491
SHA256

1c5478d67207da0560e869a265c72e928e5a97c598cc2a6c7597a879192c861a
SHA512

692d4ece587c4e1ef093e4f93913343d16870b205054c8372514ecaeb8b14e08513bd8b29a5791e9dc8765af2a595956373ddd8bbd95dd5f3449e761002e7a31
SSDEEP

1536:T+L3+VCEcTEolGIL4NW/3AExn5+SpTW53/T2Mr8z9XgFICS4AaPoVnFLaTM3sK:a7gVolhLN/ztX8pgQGMPoaTM3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c006ece04c480b9d7eb2afefc3095f24

Files

c006ece04c480b9d7eb2afefc3095f24
.dll regsvr32 windows:4 windows x86 arch:x86

b7616d03808eefcadac6bd3532bf4d55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetMessageA
TranslateMessage
ShowWindow
CreateWindowExA
SetWindowPos
SystemParametersInfoA
EnumWindows
EnumChildWindows
DispatchMessageA
wsprintfA
RegisterClassExA
KillTimer
SetTimer
DefWindowProcA
GetClassNameA
GetWindowThreadProcessId

kernel32

GetOEMCP
GetACP
ReadFile
SetEndOfFile
SetFilePointer
FlushFileBuffers
GetLocalTime
FreeLibrary
CloseHandle
CreateRemoteThread
GetProcAddress
VirtualAllocEx
OpenProcess
LoadLibraryA
GetCurrentProcessId
SleepEx
GetTickCount
GetModuleFileNameA
CreateFileA
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
LCMapStringA
LCMapStringW
WriteFile
GetFileAttributesA
WriteProcessMemory
SetStdHandle
IsBadCodePtr
IsBadReadPtr
ExitProcess
LeaveCriticalSection
GetCPInfo
EnterCriticalSection
GetFileType
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
LocalFree
HeapFree
HeapAlloc
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetLastError
MultiByteToWideChar
HeapReAlloc
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection

advapi32

CryptGenRandom
CryptReleaseContext
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
CryptAcquireContextA

shell32

StrStrIA

ole32

CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

VariantInit
SysAllocString
GetErrorInfo

shlwapi

SHGetValueA
SHSetValueA

netapi32

Netbios

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

rpcrt4

UuidToStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7616d03808eefcadac6bd3532bf4d55

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

psapi

wininet

rpcrt4

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 24KB - Virtual size: 30KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 24KB - Virtual size: 30KB

.reloc
Size: 8KB - Virtual size: 6KB