cb2ec8f4c1eef96d5f22ed5679e16673

Sharing

Copy URL Twitter E-mail

General

Target

cb2ec8f4c1eef96d5f22ed5679e16673
Size

84KB
MD5

cb2ec8f4c1eef96d5f22ed5679e16673
SHA1

2bb50488a6098d130c24befd633449074afeaee1
SHA256

e2882b72099d69636b3ceb3d4c492618d829b8404c255467153c7e95c546ea42
SHA512

e7766adb3b653e9901f51567e2ab62730d3747761531be3e47214fffce55930cc6a84b462ce23d575e76fe79b93f3be5b057355e184b4f58d28ea7efe0ddcf69
SSDEEP

1536:FMVqgrQmbJFqC4cVrNUKxn2WU+k3laTtn6FYWJOrcHZKZYz6Y163xxyCMxjScdpd:wGO2W1EFYWJOryMZYD6di

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb2ec8f4c1eef96d5f22ed5679e16673

Files

cb2ec8f4c1eef96d5f22ed5679e16673
.dll regsvr32 windows:4 windows x86 arch:x86

f4d81232c501ec910535e74df6f827d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA
SHDeleteKeyA
PathFileExistsW

crypt32

CryptUnprotectData

kernel32

GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
WritePrivateProfileStringW
FlushFileBuffers
CreateFileW
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileIntA
DeleteFileW
GetSystemDirectoryW
GetWindowsDirectoryA
GetFileSize
MoveFileA
GetLocaleInfoA
GetSystemDefaultLCID
GetVersionExA
GetTickCount
CreateThread
LoadLibraryA
WriteFile
GetModuleHandleA
GetLastError
CreateMutexA
GetModuleFileNameW
DisableThreadLibraryCalls
Sleep
FileTimeToLocalFileTime
LocalFree
lstrcpyA
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
ReadFile
ExpandEnvironmentStringsW
GetDriveTypeA
GetLogicalDriveStringsA
GlobalFree
lstrcmpiW
GlobalAlloc
GetProcAddress
GetModuleFileNameA
GetCurrentThreadId
CreateProcessA
CloseHandle
WideCharToMultiByte
GetSystemDirectoryA
MultiByteToWideChar
FileTimeToSystemTime

user32

EnumWindows
DispatchMessageA
TranslateMessage
GetMessageA
IsCharAlphaNumericA
PostThreadMessageA
ShowWindow
FindWindowExA
GetWindowTextA
GetDC
GetSystemMetrics

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
IsTextUnicode
RegOpenKeyA
RegEnumValueA

ole32

CreateStreamOnHGlobal
OleInitialize
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayCreateVector
SysFreeString
SysAllocString
SafeArrayDestroy
VariantClear
VariantCopy
VariantChangeType
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SafeArrayAccessData

wininet

FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
HttpSendRequestA
FindFirstUrlCacheEntryA

msvcrt

wcstok
tmpnam
time
_wtoi
_unlink
wcsstr
_wcslwr
wcsncpy
_strrev
wcschr
fwrite
_wcsnicmp
_strnicmp
_strcmpi
wcscpy
srand
rand
wcscat
sscanf
free
strtok
rewind
fread
fopen
_wcsicmp
fclose
fprintf
fflush
wcslen
strstr
_strupr
isupper
tolower
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
div

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4d81232c501ec910535e74df6f827d4

Headers

File Characteristics

Imports

shlwapi

crypt32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 7KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 7KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 4KB