c9a55a9620c9544bd34d1bb38bf482c6

Sharing

Copy URL Twitter E-mail

General

Target

c9a55a9620c9544bd34d1bb38bf482c6
Size

2.4MB
MD5

c9a55a9620c9544bd34d1bb38bf482c6
SHA1

17c23a8ce4538614816e20565c29a67f0ef1c488
SHA256

3ccd60dd1bbd66f6eef408de68c54f343a4770f9d1976287efb2a94d1da0f96d
SHA512

83d3854a4dbfc3a96cf5802f93ab7ade6284aa07e28ee3eacd80736731eaf74b6009a0f194857145f8036bae56e12dab5cebee72241be984742fa22de259db81
SSDEEP

49152:dUBW0HFAhAiUawhVG8lclxb5GKYkqTxJEUfBT91dgFo:uHFAWX68wxEEUf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9a55a9620c9544bd34d1bb38bf482c6

Files

c9a55a9620c9544bd34d1bb38bf482c6
.dll regsvr32 windows:5 windows x86 arch:x86

cc97b0f4fae9e4678f785dabc9136181

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetProcAddress
LoadLibraryA
CompareStringW
CreateFileA
GetProcessHeap
SetEndOfFile
SetStdHandle
WriteConsoleW
CreateMutexW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetLastError
HeapFree
RaiseException
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
GetCPInfo
GetTimeFormatW
GetDateFormatW
LCMapStringW
HeapAlloc
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteFile
GetModuleFileNameW
GetLocaleInfoW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
CreateFileW
GetCurrentDirectoryW
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString
VarBstrCmp
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc97b0f4fae9e4678f785dabc9136181

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 23KB - Virtual size: 38KB

.reloc Size: 230KB - Virtual size: 229KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 23KB - Virtual size: 38KB

.reloc
Size: 230KB - Virtual size: 229KB