c6035f50731130efbb4d5e57b2b3c2b8

Sharing

Copy URL Twitter E-mail

General

Target

c6035f50731130efbb4d5e57b2b3c2b8
Size

288KB
MD5

c6035f50731130efbb4d5e57b2b3c2b8
SHA1

809dcc7463c1fc3407c07e51da7e6127ddcfbc48
SHA256

c25752a7a65c5d4ba1e30e3bde582d48a5286fcc730a2b1b6bad6d74498008e3
SHA512

c22ee5403ad1f0d79e7751a20aec60760d2d15991d916e071f64b2508646bf058f48542eed0df44b7ecd7c39ec4849d3e726b88c98d5cc6099cee9590a775d5a
SSDEEP

6144:2/FwUJxYBP4gTqPFTQpMKWKgptJKddtatCLt:WJxYoPFTKlgptkogLt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6035f50731130efbb4d5e57b2b3c2b8

Files

c6035f50731130efbb4d5e57b2b3c2b8
.dll regsvr32 windows:4 windows x86 arch:x86

7f863147dedde022d71b93b9d950c2c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject

user32

UnregisterClassA
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongA
GetWindowLongA
CreateWindowExA
DestroyWindow
SendMessageA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterClassExA
LoadCursorA
GetClassInfoExA
CharNextA
KillTimer
SetTimer
SetFocus
SetActiveWindow
SetForegroundWindow
wsprintfA
ShowWindow
GetSystemMetrics
GetFocus
CreateAcceleratorTableA
IsWindow
GetDesktopWindow
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
RegisterWindowMessageA
GetActiveWindow

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
HeapSize
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateThread
Sleep
CloseHandle
CreateProcessA
GetTempPathA
VirtualAlloc
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualProtect
VirtualFree
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
lstrcmpA
GlobalUnlock
GlobalLock
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
MulDiv
SetLastError
ReadFile
SetFilePointer
CreateFileA
LockResource
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
LocalFree
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
GetCommandLineA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemInfo
VirtualQuery
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
SetFileTime
InterlockedCompareExchange

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegDeleteValueA

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysFreeString

ole32

CoTaskMemRealloc
CoTaskMemFree
CoGetClassObject
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f863147dedde022d71b93b9d950c2c4

Headers

File Characteristics

Imports

gdi32

user32

kernel32

advapi32

oleaut32

ole32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 196KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 200KB - Virtual size: 196KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 19KB