c03c732fa1aa1ef3c3902a879fc1dfcf

Sharing

Copy URL Twitter E-mail

General

Target

c03c732fa1aa1ef3c3902a879fc1dfcf
Size

920KB
MD5

c03c732fa1aa1ef3c3902a879fc1dfcf
SHA1

6102a506751e3363259ac0e99a45112a58478e35
SHA256

be165e33d5ae449093bd0cd1139b0fe37741abc17b46ddd791c89f0d37b428fd
SHA512

f62434f53a3bffd867d3e60aa71fb8f206ff4fadc7a93249f452563dc17c991e012b2b9504e386f57cbd337c6764978c2a56452add8647d918bd8bb8cc359b1a
SSDEEP

24576:wzMsL69bP2IBFcqnHxr7pXMxEItSRJtzlsA9qZXgxCkcmXv/ofeUBIa1NJGE:Y69b/R/MxEItqzlwkCLUN5a1OE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c03c732fa1aa1ef3c3902a879fc1dfcf

Files

c03c732fa1aa1ef3c3902a879fc1dfcf
.dll regsvr32 windows:4 windows x86 arch:x86

96c862457ef42c85d5a3e7309bb18d17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_setjmp3
longjmp
strrchr
wcsstr
wcsncmp
sscanf
fgets
strtok
_stricmp
strtol
strtoul
_splitpath
fopen
fscanf
fclose
time
sprintf
_CxxThrowException
srand
_initterm
_adjust_fdiv
__dllonexit
_onexit
free
malloc
?terminate@@YAXXZ
fread
_strupr
_wcsicmp
atof
_wtoi
wcscmp
vsprintf
fwrite
memset
memcpy
strstr
_except_handler3
rand
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_CIpow
_ftol
__CxxFrameHandler
??1type_info@@UAE@XZ

kernel32

IsBadReadPtr
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetProcAddress
GetModuleHandleA
lstrcpyA
LoadLibraryA
FreeLibrary
LeaveCriticalSection
Sleep
SetEvent
EnterCriticalSection
WaitForSingleObject
SetThreadPriority
CreateThread
ResetEvent
CreateEventA
CloseHandle
TerminateThread
VirtualFree
VirtualAlloc
GetLastError
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameA
CreateFileA
LockResource
LoadResource
FindResourceA
InterlockedIncrement
TerminateProcess
VirtualQuery
InterlockedDecrement
MulDiv
SetProcessAffinityMask
WideCharToMultiByte
GetSystemInfo
GetCurrentThread
InterlockedExchange
CreateSemaphoreA
MultiByteToWideChar
GetACP
GetThreadPriority
WaitForMultipleObjects
GetTickCount
DisableThreadLibraryCalls
DuplicateHandle
GetCurrentProcess
ReleaseSemaphore
lstrlenA
SetErrorMode
lstrcmpiA
GetProcessAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
GetCurrentProcessId

winmm

timeKillEvent
timeSetEvent
timeGetTime

advapi32

RegDeleteKeyA
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptGenKey
RegSetValueA
RegEnumKeyExA
RegCreateKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
CryptDestroyKey
CryptGetKeyParam
CryptDecrypt
CryptEncrypt
CryptExportKey
CryptImportKey
CryptCreateHash

user32

PostQuitMessage
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
LoadStringW
DestroyWindow
GetAsyncKeyState
ShowWindow
GetDlgItem
SetDlgItemTextA
SetTimer
SendDlgItemMessageA
EnableWindow
wsprintfA
UnregisterClassA
GetClassInfoA
SetRect
GetSystemMetrics
EqualRect
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
LoadCursorA
RegisterClassExA
CreateWindowExA
PtInRect
SubtractRect
LoadStringA
MessageBoxA
CheckRadioButton
GetClientRect
CheckDlgButton
KillTimer
IsDlgButtonChecked
CopyRect
UnionRect
SetRectEmpty
IsRectEmpty
GetDesktopWindow
GetDC
ReleaseDC
OffsetRect

gdi32

CreatePalette
DeleteObject
GetSystemPaletteEntries
ExtEscape
GetClipBox
GetNearestPaletteIndex
GetDeviceCaps
GetDCOrgEx

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
StringFromGUID2
GetRunningObjectTable
CoTaskMemFree
CoCreateInstance
CreateItemMoniker

oleaut32

VariantInit
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

ddraw

DirectDrawCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 720KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MC3DNOW_
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MCSSE_TE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96c862457ef42c85d5a3e7309bb18d17

Headers

File Characteristics

Imports

msvcrt

kernel32

winmm

advapi32

user32

gdi32

ole32

oleaut32

setupapi

ddraw

Exports

Exports

Sections

.text Size: 720KB - Virtual size: 718KB

.text1 Size: 4KB - Virtual size: 1KB

MC3DNOW_ Size: 4KB - Virtual size: 3KB

MCSSE_TE Size: 4KB - Virtual size: 2KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 48KB - Virtual size: 52KB

.data1 Size: 4KB - Virtual size: 3KB

.sxdata Size: 4KB - Virtual size: 4B

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 720KB - Virtual size: 718KB

.text1
Size: 4KB - Virtual size: 1KB

MC3DNOW_
Size: 4KB - Virtual size: 3KB

MCSSE_TE
Size: 4KB - Virtual size: 2KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 48KB - Virtual size: 52KB

.data1
Size: 4KB - Virtual size: 3KB

.sxdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 26KB