e1849ddb685e8677e616128a50db0bba

Sharing

Copy URL Twitter E-mail

General

Target

e1849ddb685e8677e616128a50db0bba
Size

156KB
MD5

e1849ddb685e8677e616128a50db0bba
SHA1

ff09d8e1078c7afdbb9124a825bcae9beb5b3703
SHA256

daf035726250d0f24500585b5f9f1cb96015df8698a00cb23ea74f52f0a4518c
SHA512

07da554714b1ce8eb4dbe928fc5ffaf73f4981107417fcafbe57a9d4a3266c004dbfae3fb03470ebe3f762a982f81d073913920dc549a84c351a0eb3e5b0b2d7
SSDEEP

3072:qNv4nug5+uqeVfSOMlex635GvJHZWUoQnu/nlo8ona1EG6VKTZlJ39eIyabt:qNAnug5+LexLMlexDJHZWU2/lo8ona1P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1849ddb685e8677e616128a50db0bba

Files

e1849ddb685e8677e616128a50db0bba
.dll regsvr32 windows:4 windows x86 arch:x86

531625e7df7f00f5c96c8ace2ab5876d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

user32

TranslateMessage
GetMessageA
ShowWindow
CreateWindowExA
RegisterClassExA
DispatchMessageA
wsprintfA
CloseClipboard
OpenClipboard
SetWindowPos
SystemParametersInfoA
KillTimer
SetTimer
DefWindowProcA
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
GetClassNameA

winmm

timeGetTime

msvcrt

atoi
strtol
srand
isspace
isxdigit
ispunct
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
tmpnam
fopen
fwrite
fclose
strstr
isalpha
isupper
wcscmp
?what@exception@@UBEPBDXZ
wcslen
free
tolower
strerror
islower
strncpy
strchr
isalnum
strtok
toupper
??1exception@@UAE@XZ
??3@YAXPAX@Z
??0exception@@QAE@XZ
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler
__mb_cur_max
malloc
wctomb
printf
??0exception@@QAE@ABV0@@Z
isgraph

shlwapi

SHSetValueA
StrStrIA
SHGetValueA

ole32

CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoInitialize
CoTaskMemFree

advapi32

SetSecurityInfo
GetSecurityInfo
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegOpenKeyExA
SetEntriesInAclA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

netapi32

Netbios

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA

oleaut32

SysFreeString
SysAllocString
VariantClear
GetErrorInfo

kernel32

lstrcpynA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetVersionExA
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateProcessA
WaitForSingleObject
MoveFileExA
GetFullPathNameA
lstrcpyA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
HeapSize
HeapAlloc
GetProcessHeap
CloseHandle
CreateFileA
SleepEx
MultiByteToWideChar
GetSystemDirectoryA
HeapFree
SetLastError
lstrlenA
FreeEnvironmentStringsA
GetModuleFileNameA
GetVersion
GetWindowsDirectoryA
GetThreadTimes
Sleep
GetCurrentThread
LocalFree
GetSystemInfo
FormatMessageA
GetEnvironmentStrings
GetLastError
lstrcmpiA
lstrcmpA
QueryPerformanceFrequency
GetProcessTimes
GetCurrentProcess
GetCurrentDirectoryA
OpenProcess
GetCurrentProcessId
GetLocalTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

531625e7df7f00f5c96c8ace2ab5876d

Headers

File Characteristics

Imports

rpcrt4

psapi

user32

winmm

msvcrt

shlwapi

ole32

advapi32

version

netapi32

wininet

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 20KB - Virtual size: 20KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 20KB - Virtual size: 20KB

.reloc
Size: 8KB - Virtual size: 7KB