31c87d9a84c7996a56024c93787de9332099faf707cd8d0166e5af9d491977b8

Sharing

Copy URL

Twitter E-mail

General

Target

31c87d9a84c7996a56024c93787de9332099faf707cd8d0166e5af9d491977b8
Size

212KB
MD5

da1c9006b493d7e95db4d354c5f0e99f
SHA1

5dd7c2c95801cec3478f0df7536372b598bcb84e
SHA256

31c87d9a84c7996a56024c93787de9332099faf707cd8d0166e5af9d491977b8
SHA512

35a95be6dddb6ded5c492f7191bb13d9448d905a7a67a7e19bb6e8bf42815580f27b52d3e8c8f2c5b0f9d2d4a3bcf6479bfcae5547a6453007c6149d3444a906
SSDEEP

6144:QH6CFvxU2GijyAC83wHblWvYifx9+5p/78YbMRnvDYXd:EDxUsY0n+5iDRvcN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31c87d9a84c7996a56024c93787de9332099faf707cd8d0166e5af9d491977b8

Files

31c87d9a84c7996a56024c93787de9332099faf707cd8d0166e5af9d491977b8
.dll regsvr32 windows:5 windows x86 arch:x86

dbfb79fad455aa61910650e16555e72a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
VirtualProtect
GetLocaleInfoA
SetLastError
GetLocalTime
GetLastError
HeapFree
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
HeapAlloc
IsProcessorFeaturePresent
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleFileNameW
HeapSize
CloseHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetFilePointer
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
ReadFile
LCMapStringW
GetStringTypeW
WriteConsoleW
CreateFileW

advapi32

CryptGenRandom

Exports

Exports

DllRegisterServer
DllUnregisterServer
StartSystemMonitor

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbfb79fad455aa61910650e16555e72a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 152KB - Virtual size: 159KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 152KB - Virtual size: 159KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB