c23f64720c68f9756cef23cbe0d38e3d

Sharing

Copy URL Twitter E-mail

General

Target

c23f64720c68f9756cef23cbe0d38e3d
Size

180KB
MD5

c23f64720c68f9756cef23cbe0d38e3d
SHA1

681533abb4d7a6f5f750d6e83bf491123a3caffa
SHA256

e9d4e70b559ea40749367927044bc930adcf3e81090ec47c27ac411a73953715
SHA512

fadffa9bd7fd33bd79569de97f66a8047b5526c3b379b3961af737d18e8b5fcbba3544ab29a3c79b0b300abf89465e50c0687b5facc04d07887f02cb55395c19
SSDEEP

3072:nO/dJsneIIuGAU7iONKmlUiR3I4nWRLqkBCQ5rU+rFhJmUX:MAONK95rVV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c23f64720c68f9756cef23cbe0d38e3d

Files

c23f64720c68f9756cef23cbe0d38e3d
.dll regsvr32 windows:4 windows x86 arch:x86

44b57c89f3cfef6e80b96bfce3a8b288

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc71

ord1167
ord1092
ord1084
ord1209
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord1049
ord2248
ord3830
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord1191
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord762
ord265
ord1917
ord304
ord784
ord3934
ord865
ord3997
ord876
ord2469
ord2902
ord4109
ord4081
ord310
ord2272
ord578
ord911
ord764
ord266
ord1482
ord314
ord1187
ord581

msvcr71

memmove
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
memset
wcscpy
wcsncpy
realloc
_purecall
__CxxFrameHandler
_except_handler3
_resetstkoflw
free
malloc
_mbslwr
_mbscmp
_mbsrchr
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter

kernel32

LocalAlloc
LocalFree
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrcmpiW
lstrcatA
lstrcpyA
GetCurrentThreadId
HeapAlloc
FlushInstructionCache
GetModuleHandleA
LoadLibraryExA
ExitProcess
LoadResource
SizeofResource
GetModuleFileNameA
FreeLibrary
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
IsDBCSLeadByte
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
CreateEventA
GetVersion
Sleep
ResetEvent
DeleteFileA
WaitForSingleObject
WaitForMultipleObjects
lstrcpynA
Process32First
lstrcmpiA
lstrlenA
GetProcessHeap
HeapFree
CreateThread
SetEvent
GetLastError
Process32Next
CreateToolhelp32Snapshot
CloseHandle
LoadLibraryA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FindResourceA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetCurrentProcess

user32

CallWindowProcA
GetKeyState
EndPaint
GetWindowLongA
InvalidateRect
IsWindow
DispatchMessageA
BeginPaint
GetClientRect
TranslateMessage
CharUpperA
CharLowerW
CharLowerA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateWindowExA
wsprintfA
GetParent
SetFocus
ShowWindow
GetFocus
IsChild
PeekMessageA
CharNextA
UnregisterClassA
DefWindowProcA
DestroyWindow
PtInRect
UnionRect
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
CharUpperW
SetWindowLongA

gdi32

RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
CloseMetaFile
DeleteDC
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
DeleteMetaFile
CreateRectRgnIndirect
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
GetDeviceCaps
TextOutA

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shlwapi

PathFileExistsA
PathFindExtensionA

ole32

StringFromGUID2
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarUI4FromStr
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44b57c89f3cfef6e80b96bfce3a8b288

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 7KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 7KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 7KB