b7735cba0d027a99677333d8f9ef82cc0df2824965bbd74b9e2ff3e3eed92648

Sharing

Copy URL Twitter E-mail

General

Target

b7735cba0d027a99677333d8f9ef82cc0df2824965bbd74b9e2ff3e3eed92648
Size

122KB
MD5

d477148125ff6604f3336eeb46abfaa1
SHA1

edf21b99854e1d055655c225444286c3eaaeabd9
SHA256

b7735cba0d027a99677333d8f9ef82cc0df2824965bbd74b9e2ff3e3eed92648
SHA512

b2f963262528f31b81a9d1511400a22f4657b1f52f037176b5f3a0d5e3f0d41ff57a8dddc1ea0a458c5f66286bdcffdb83ef8685abbf6a2ddeb358aa1920e505
SSDEEP

3072:uj8u/9B2e9Z+ZD9iqduCXhooN/1LETXzd5mAPs+12jWh:W19Q4qxnTE7zdXPs8Zh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7735cba0d027a99677333d8f9ef82cc0df2824965bbd74b9e2ff3e3eed92648

Files

b7735cba0d027a99677333d8f9ef82cc0df2824965bbd74b9e2ff3e3eed92648
.dll regsvr32 windows:5 windows x86 arch:x86

dd48358b256cc5155d4d6571839b26b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryExW
lstrcatW
lstrlenA
SizeofResource
LoadResource
FindResourceW
lstrcmpW
GlobalFree
DeleteFileW
CreateEventW
CloseHandle
GetModuleHandleExW
lstrcpynW
CreateFileW
LocalAlloc
GetCurrentThread
GetTempFileNameW
GetTempPathW
LockResource
IsBadStringPtrW
WriteFile
GetSystemDirectoryW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
HeapDestroy
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
MultiByteToWideChar
VirtualQuery
GetSystemInfo
GetVersionExW
InterlockedExchangeAdd
SetEvent
CreateThread
MulDiv
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
RaiseException
GetCurrentProcess
FlushInstructionCache
LoadLibraryA
OutputDebugStringA
HeapAlloc
GetModuleFileNameW
GetLastError
LoadLibraryW
lstrlenW
GetProcessHeap
HeapFree
FreeLibrary
VirtualFree
VirtualAlloc
GetVersion
GetFileAttributesW
GetProcAddress
IsBadReadPtr
GetModuleHandleW
GetModuleHandleA
VirtualProtect
LocalFree
SetLastError
Sleep

msvcrt

_except_handler3
wcsncpy
wcslen
free
malloc
qsort
bsearch
realloc
_iob
fwprintf
??3@YAXPAX@Z
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
memmove
_wcsdup
wcsrchr
swprintf
fseek
??2@YAPAXI@Z
wcscpy
__CxxFrameHandler
_purecall
wcscat
wcsstr
_wcsicmp
fclose
fread
_wfopen
ftell

msvcp60

?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

user32

SetWindowLongW
CharNextW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
GetWindowTextW
GetWindowTextLengthW
LoadCursorW
RegisterWindowMessageW
CharPrevW
CallWindowProcW
GetDlgCtrlID
PtInRect
DrawFocusRect
HideCaret
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetDesktopWindow
SetFocus
IsChild
GetFocus
EndPaint
IsWindowEnabled
BeginPaint
RedrawWindow
GetClassNameW
DestroyWindow
CreateAcceleratorTableW
wsprintfW
CreateWindowExW
LoadImageW
SetDlgItemTextW
CreateDialogIndirectParamW
PostMessageW
GetScrollInfo
ShowScrollBar
GetPropW
SetPropW
ScreenToClient
GetWindowRect
MoveWindow
SetWindowTextW
GetWindowLongW
EndDialog
SendMessageW
EnableWindow
IsWindowVisible
DrawTextW
GetSysColor
DialogBoxParamW
GetSystemMetrics
LoadStringW
GetParent
GetWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsWindow
MessageBoxW
GetDlgItem
SendDlgItemMessageW
KillTimer
SetTimer
GetDC
ShowWindow
UpdateWindow
FillRect
ReleaseDC

gdi32

GetObjectType
SelectPalette
RealizePalette
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
GetDeviceCaps
DeleteObject
SelectObject
SetTextColor
GetTextMetricsW
CreateFontIndirectW
GetObjectW

advapi32

RegSetValueExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptDecrypt
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CryptReleaseContext
CryptDestroyKey

ole32

StringFromGUID2
CLSIDFromString
CLSIDFromProgID
OleLockRunning
StringFromCLSID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

shell32

SHCreateDirectoryExW
ShellExecuteW

oleaut32

VariantClear
OleLoadPicturePath
SysFreeString
VariantCopy
VariantInit
SysAllocString
LoadRegTypeLi
SysStringLen
SysAllocStringLen
LoadTypeLi
RegisterTypeLi
VarUI4FromStr

rpcrt4

UuidFromStringW

shlwapi

PathIsRootW
PathRenameExtensionW
PathAppendW
PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd48358b256cc5155d4d6571839b26b6

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

user32

gdi32

advapi32

ole32

shell32

oleaut32

rpcrt4

shlwapi

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 87KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 87KB - Virtual size: 87KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 7KB - Virtual size: 6KB