d4b6f4cdc1afadb7652e77af2e6018be

Sharing

Copy URL Twitter E-mail

General

Target

d4b6f4cdc1afadb7652e77af2e6018be
Size

69KB
MD5

d4b6f4cdc1afadb7652e77af2e6018be
SHA1

3b80fa97a604be38af456316ccdfa6e8d8188f99
SHA256

cb33d3cead9e99da7435fd0e516b81bbc2e0dbdc84266ea76a9b25c8a71b16ec
SHA512

444faeb485c83100b8fa6da327cfdecd3c923926c99fbf22922d174b52ba222eca73964c0fe43a890df50d06ed2b62895e1acf1274b8f6e882746dbd0b28c785
SSDEEP

1536:L1m8jOKNy/T6KMeJG2ZT/c2z0Bal3blJh:L1jjOp/OkY0blJh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4b6f4cdc1afadb7652e77af2e6018be

Files

d4b6f4cdc1afadb7652e77af2e6018be
.dll regsvr32 windows:4 windows x86 arch:x86

95b983fe20c68e6ea482f3ff21724be5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

kernel32

WideCharToMultiByte
CreateProcessA
CloseHandle
MultiByteToWideChar
GetSystemTime
GetModuleFileNameA
ReleaseSemaphore
CreateSemaphoreA
Sleep
WaitForSingleObject
SetEnvironmentVariableA
GetSystemDirectoryA
GetStdHandle
CompareStringW
CompareStringA
FlushFileBuffers
HeapSize
ReadFile
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualProtect
GetSystemInfo
VirtualQuery
InitializeCriticalSection
RtlUnwind
InterlockedExchange
LoadLibraryA
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

advapi32

RegCloseKey
RegOpenKeyA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA

ole32

CoCreateInstance
CoLockObjectExternal
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen

Exports

Exports

DllCanUnloadNow
DllCheckOK
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95b983fe20c68e6ea482f3ff21724be5

Headers

File Characteristics

Imports

urlmon

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 4KB