ca5d69312ca37c4c0751e7256fdc2300

Sharing

Copy URL Twitter E-mail

General

Target

ca5d69312ca37c4c0751e7256fdc2300
Size

553KB
MD5

ca5d69312ca37c4c0751e7256fdc2300
SHA1

9213cd6529aefefaee8b712217c9beb52bfc276f
SHA256

d0d90b2030bb819b52f908a6bc59a25bc5ebfc272860e8b5a2dcb09a616f3d63
SHA512

30647c809038a5ff23649f8d279149b567b793edf81637e42eb87ff859c6c6f7e1c05ea3665a06bec37a2b13e43a2cd38d7124748efc30ec57bd3659e2e21eb8
SSDEEP

12288:h9FFMm69eXxNzh1GjG7134t7LG8XcrwRy8WjUbLPVkB/j3At:7FB69eBNV0jdt7y8XcrwR53Pt0/b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca5d69312ca37c4c0751e7256fdc2300

Files

ca5d69312ca37c4c0751e7256fdc2300
.dll windows:4 windows x86 arch:x86

f432e787e71705bace37d321c6a4379b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
GetSystemInfo
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadResource
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlUnwind
SetLastError
Sleep
TerminateProcess
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile
lstrlenA
GetStartupInfoA
DisableThreadLibraryCalls
GetProcessPriorityBoost
GetProcAddress
GetModuleHandleA
GetLastError
GetCurrentProcessId
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushInstructionCache
FindResourceA
ExitProcess
EnterCriticalSection
IsProcessorFeaturePresent

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

gdi32

GetClipBox
GetDeviceCaps
FrameRgn
CreateRectRgnIndirect
Rectangle
SetTextAlign
SetWindowOrgEx
StretchBlt
TextOutA
GdiComment

ole32

OleSaveToStream
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream
CreateOleAdviseHolder
CreateDataAdviseHolder
CoImpersonateClient
CoCreateInstanceEx
CoCreateInstance

oleaut32

SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
VarUI4FromStr
UnRegisterTypeLi
SysStringLen
SysStringByteLen
SysFreeString
SysAllocStringByteLen
LoadRegTypeLi
LoadTypeLi
OleCreatePropertyFrame
RegisterTypeLi
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayUnaccessData
SysAllocString

user32

GetClassInfoExA
GetClientRect
GetKeyState
InvalidateRect
IsWindow
RegisterClassExA
SetWindowLongA
ShowWindow
EndPaint
BeginPaint

Exports

Exports

NewClassMethod
SystemExit
mem_level
read_update_info
set_packswap

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f432e787e71705bace37d321c6a4379b

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 119KB - Virtual size: 119KB

.rsrc Size: 209KB - Virtual size: 209KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 119KB - Virtual size: 119KB

.rsrc
Size: 209KB - Virtual size: 209KB

.reloc
Size: 10KB - Virtual size: 10KB