d40d4bd028bca6d323eda494c9de2684

Sharing

Copy URL Twitter E-mail

General

Target

d40d4bd028bca6d323eda494c9de2684
Size

124KB
MD5

d40d4bd028bca6d323eda494c9de2684
SHA1

654e8a0ec2f324839db9206f6cf72fde0e4d8779
SHA256

61b6969dbd6f57e7e8be219e044a09233d6ecf86e67a5934a0186baf5d9c74f3
SHA512

090e97644fca010e2be359bccd352297a364ab8f4ccf6893d969ed17ca4f3b7665dd7a325e755e0ac0078db422868253281359005bfe7fc070466b01332b222d
SSDEEP

3072:maYK3eDnpRpJ87b6l7cf/tuPznCzBuLV+gzTe9DUooP:3uDnqbscFonCzEsgz4go8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d40d4bd028bca6d323eda494c9de2684

Files

d40d4bd028bca6d323eda494c9de2684
.dll windows:4 windows x86 arch:x86

212ed75dbda03bd8e8b02c05ac59fdc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
InterlockedCompareExchange
LoadLibraryA
EnterCriticalSection
HeapAlloc
ExitProcess
CopyFileA
OpenEventA
GetProcessHeap
GetLastError
CreateEventA
CreateFileMappingA
ReleaseMutex
GetModuleHandleA
CreateDirectoryA
GetCommandLineA
WriteFile
lstrlenA
CloseHandle
InterlockedDecrement
GetComputerNameA
UnmapViewOfFile
CreateProcessA
WaitForSingleObject
GetTickCount
Sleep
SetLastError
InterlockedIncrement
GetCurrentProcessId
LeaveCriticalSection
CreateMutexA
lstrlenW
HeapFree
CreateFileA
GetModuleFileNameA
GetVolumeInformationA
MapViewOfFile
GetProcAddress

ole32

CoCreateGuid
CoInitialize
OleSetContainedObject
CreateBindCtx
OleCreate
CoTaskMemAlloc
CoUninitialize

user32

SetWindowLongA
GetMessageA
DestroyWindow
GetWindowLongA
DispatchMessageA
PostMessageA
TranslateMessage
SetTimer
DefWindowProcA
RegisterWindowMessageA
FindWindowA
PostQuitMessage
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExA
GetParent
KillTimer
SendMessageA
CreateWindowExA
GetClassNameA
GetSystemMetrics

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
GetUserNameA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

rasNetdsc

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

212ed75dbda03bd8e8b02c05ac59fdc9

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB