ce1ebbe63f0a2a182354ac1e7cd69ea9

Sharing

Copy URL Twitter E-mail

General

Target

ce1ebbe63f0a2a182354ac1e7cd69ea9
Size

164KB
MD5

ce1ebbe63f0a2a182354ac1e7cd69ea9
SHA1

51b6b1f6071a007c557e07c36e8ad281c9fd88f7
SHA256

5467fbc32fa5265224d2896cbaf722437bf17cc9988d7b8388836679905b8a94
SHA512

c2945bd40c08b967ed6647c1481b3217a8035365f00aa1ce19300d40d3e53d7ad3afad9d8e7513aeb062aff3c285915a9760e5f193dc8db5fca23bd172a607f1
SSDEEP

3072:+KhqyStiNMX9M7PsbEPiHh+08qsZJY+00EO/CdgKVjG:zhqyWSMcPsbsioLFU+VadRa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce1ebbe63f0a2a182354ac1e7cd69ea9

Files

ce1ebbe63f0a2a182354ac1e7cd69ea9
.dll regsvr32 windows:4 windows x86 arch:x86

1ef5dc851779868c94451b5ed8e12866

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DefWindowProcA
SetTimer
KillTimer
RegisterClassExA
CreateWindowExA
wsprintfA
EnumWindows
EnumChildWindows
ShowWindow
GetMessageA
TranslateMessage
OpenClipboard
CloseClipboard
SetWindowPos
SystemParametersInfoA
DispatchMessageA
GetWindowThreadProcessId
GetClassNameA

winmm

timeGetTime

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

oleaut32

SysAllocString
SysFreeString
VariantClear
GetErrorInfo

rpcrt4

UuidToStringA

ole32

CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize

advapi32

CryptGenRandom
CryptReleaseContext
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA

netapi32

Netbios

wininet

HttpQueryInfoA
InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

msvcrt

strncpy
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
islower
isupper
isgraph
strerror
wctomb
__mb_cur_max
isalpha
isalnum
isxdigit
ispunct
isspace
printf
malloc
wcscmp
wcslen
?what@exception@@UBEPBDXZ
free
tolower
fclose
fwrite
fopen
tmpnam
atoi
strtol
srand
toupper
strtok
strstr
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

kernel32

VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcessId
OpenProcess
DeleteFileA
CreateProcessA
WaitForSingleObject
CloseHandle
MoveFileExA
GetLocalTime
lstrcmpA
lstrcmpiA
lstrcpynA
Sleep
GetCurrentThread
GetThreadTimes
CreateFileA
GetProcessTimes
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
HeapFree
SleepEx
GetTickCount
QueryPerformanceCounter
lstrcpyA
GetVersionExA
GetSystemInfo
GetCurrentDirectoryA
GetSystemDirectoryA
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA
lstrlenA
GetVersion
HeapSize
HeapAlloc
GetCurrentProcess
SetLastError
QueryPerformanceFrequency
GetLastError
GetEnvironmentStrings
FreeEnvironmentStringsA
FormatMessageA
LocalFree
GetFullPathNameA
GetProcessHeap

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ef5dc851779868c94451b5ed8e12866

Headers

File Characteristics

Imports

user32

winmm

psapi

shlwapi

version

oleaut32

rpcrt4

ole32

advapi32

netapi32

wininet

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 24KB - Virtual size: 23KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 24KB - Virtual size: 23KB

.reloc
Size: 12KB - Virtual size: 8KB