fe4dbacbbc088111aeb461aa6aac448d

Sharing

Copy URL

Twitter E-mail

General

Target

fe4dbacbbc088111aeb461aa6aac448d
Size

44KB
MD5

fe4dbacbbc088111aeb461aa6aac448d
SHA1

4ef388e8854605a712daee66159e19ad4ded3abf
SHA256

d4f4392fd6b56214b0d2f6cd2a5df8c95c713f103e9d5bd65b7a86659473addd
SHA512

9829901761e43c5252633ff2fcc904b28428fe6fc8fa7fc8f72dbe0e6b07e8747358985f819c0219ce36987dfbabe4c8c6eed73b4f4fdd33e3d3b226c13b1fae
SSDEEP

768:GdcpL9rxkQ5GS3zJuN3nNGZJqP1FfgJNLiL/Q:lp9iQ5GSMhnYZJ24PLiL/Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe4dbacbbc088111aeb461aa6aac448d

Files

fe4dbacbbc088111aeb461aa6aac448d
.dll windows:4 windows x86 arch:x86

03e450d22e278b83dcf6fff04424ec9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ceutil

CeSvcOpen

office

getkey
GetDocPassword
crypto

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ole32

OleDraw
OleCreateDefaultHandler
StringFromCLSID
WriteFmtUserTypeStg
StgCreateDocfile
CLSIDFromString

msvcrt

free
_adjust_fdiv
_initterm
malloc
strchr
strncmp
_except_handler3
_stricmp
strrchr

kernel32

GetProcAddress
GlobalFree
EnterCriticalSection
GlobalUnlock
WideCharToMultiByte
LocalLock
lstrcmpA
LocalFree
FreeLibrary
LoadLibraryA
lstrcmpiA
lstrlenA
GetModuleFileNameA
MultiByteToWideChar
lstrcatA
lstrcpyA
HeapValidate
GetProcessHeap
SetEvent
ResetEvent
CloseHandle
GlobalLock
LeaveCriticalSection
TerminateThread
WaitForSingleObject
GetExitCodeThread
CreateThread
GlobalAlloc
CreateEventA
LocalAlloc
GetCurrentThreadId
GetTickCount
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
LocalUnlock

advapi32

RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegEnumValueA

gdi32

CreateCompatibleDC
CloseMetaFile
GetObjectA
SelectObject
BitBlt
DeleteDC
DeleteObject
SetWindowExtEx
SetWindowOrgEx
SetMapMode
CreateMetaFileA
GetDeviceCaps
CreateDIBSection

user32

wsprintfA
PostThreadMessageA
IsWindowEnabled
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
IsWindow
GetDC
ReleaseDC
MsgWaitForMultipleObjects
PeekMessageA
DestroyWindow
SendMessageA
GetForegroundWindow
EnableWindow
UnhookWindowsHookEx
CharToOemA
GetParent
SetForegroundWindow
GetWindowThreadProcessId

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e450d22e278b83dcf6fff04424ec9b

Headers

File Characteristics

Imports

ceutil

office

version

ole32

msvcrt

kernel32

advapi32

gdi32

user32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB