b114131db4663ea2abe11846a6d1b4c3

Sharing

Copy URL Twitter E-mail

General

Target

b114131db4663ea2abe11846a6d1b4c3
Size

122KB
MD5

b114131db4663ea2abe11846a6d1b4c3
SHA1

c78b5f9506964fc7b175fd0df262a463b55a77ec
SHA256

559886b084bf0b802d54ce31e9c541934db5d30d1cbe78ac172b05e1c6317711
SHA512

87051e5a6e4256edf2d92a9e5802cde51561cf3d30b6e2a423c03046ccca8a56a0f3e2fb7c483e92571c306232f40cab6aed65c1f763730077990707d473e35e
SSDEEP

1536:sfQ7X3mxVxHdGvc9cTXZALdgV5vsWUqkqx9dCpzGctv0orSnUopuVsO5mm3hx:H7X309GvbTXZAEFF5xrCpxkUopuJ5my

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b114131db4663ea2abe11846a6d1b4c3

Files

b114131db4663ea2abe11846a6d1b4c3
.dll regsvr32 windows:5 windows x86 arch:x86

d243311d18f9d1b790b84e30a16784ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrcpyW
HeapFree
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
HeapDestroy
lstrcpynW
DisableThreadLibraryCalls
GlobalUnlock
GlobalLock
LoadLibraryExW
GetVersionExW
FreeLibrary
lstrlenA
SizeofResource
lstrcmpW
CreateEventW
GetModuleHandleExW
IsBadReadPtr
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
InterlockedExchangeAdd
SetEvent
CreateThread
MulDiv
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
RaiseException
GlobalFree
GetSystemDirectoryW
InterlockedIncrement
GlobalAlloc
OutputDebugStringA
GetModuleFileNameW
InterlockedDecrement
lstrlenW
WriteFile
IsBadStringPtrW
FindResourceW
LoadResource
LockResource
SetLastError
GetLastError
GetTempPathW
GetTempFileNameW
DeleteFileW
GetCurrentThread
LocalAlloc
CreateFileW
LocalFree
CloseHandle
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
lstrcatW
LoadLibraryA
Sleep

msvcrt

_wcsicmp
__CxxFrameHandler
_except_handler3
memmove
_wcsdup
malloc
free
wcsncpy
wcslen
??2@YAPAXI@Z
wcscpy
wcscat
??3@YAXPAX@Z
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
qsort
bsearch
_iob
realloc
_purecall
wcsstr
fclose
fread
_wfopen
ftell
fseek
swprintf
wcsrchr
fwprintf

msvcp60

?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

user32

UpdateWindow
ShowWindow
IsWindowVisible
SetTimer
KillTimer
SendDlgItemMessageW
SystemParametersInfoW
GetWindow
DialogBoxParamW
GetSystemMetrics
GetSysColor
DrawTextW
EnableWindow
IsWindowEnabled
CharNextW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
GetWindowTextW
GetWindowTextLengthW
LoadCursorW
RegisterWindowMessageW
CharPrevW
PtInRect
ReleaseDC
HideCaret
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SetFocus
IsChild
EndPaint
FillRect
BeginPaint
RedrawWindow
GetClassNameW
CreateAcceleratorTableW
wsprintfW
LoadImageW
DestroyWindow
CreateDialogIndirectParamW
CreateWindowExW
GetWindowLongW
SetWindowLongW
SetWindowPos
LoadStringW
GetDC
SetWindowTextW
ScreenToClient
EndDialog
SetPropW
SetDlgItemTextW
GetPropW
CallWindowProcW
MessageBoxW
GetFocus
GetDlgCtrlID
ShowScrollBar
GetScrollInfo
GetParent
GetWindowRect
MoveWindow
GetDlgItem
GetClientRect
MapWindowPoints
GetDesktopWindow
PostMessageW
IsWindow
DrawFocusRect
SendMessageW

gdi32

SelectPalette
RealizePalette
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
GetDeviceCaps
SelectObject
SetTextColor
GetTextMetricsW
GetObjectType
GetObjectW
DeleteObject
CreateFontIndirectW

advapi32

OpenProcessToken
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetTokenInformation
OpenThreadToken
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW

ole32

StringFromGUID2
CLSIDFromProgID
OleLockRunning
StringFromCLSID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

shell32

SHCreateDirectoryExW
ShellExecuteW

oleaut32

VariantInit
OleLoadPicturePath
SysFreeString
SysAllocString
SysAllocStringLen
LoadRegTypeLi
SysStringLen
VariantCopy
VarUI4FromStr
VariantClear
LoadTypeLi
RegisterTypeLi

rpcrt4

UuidFromStringW

shlwapi

PathIsRootW
PathRenameExtensionW
PathAppendW
PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d243311d18f9d1b790b84e30a16784ab

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

user32

gdi32

advapi32

ole32

shell32

oleaut32

rpcrt4

shlwapi

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 87KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 87KB - Virtual size: 87KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 7KB - Virtual size: 6KB