4cf04dcc02f2f2cab2065e220401cfe55b451913fafaaa18593e18849a17a0ca

Sharing

Copy URL Twitter E-mail

General

Target

4cf04dcc02f2f2cab2065e220401cfe55b451913fafaaa18593e18849a17a0ca
Size

155KB
MD5

6526ea15e055c3eb765cef5034928c96
SHA1

2d03ef8fa1036b0dcbac9c79308e23129537b594
SHA256

4cf04dcc02f2f2cab2065e220401cfe55b451913fafaaa18593e18849a17a0ca
SHA512

73291951af0523d76c99af65b09508ae15d15cc8841964660dbf34a512dc97361d9e413597bb6fae8f3a17c67ed114b50cedd0ae58bccbc730433b099b25d2fa
SSDEEP

3072:uZQWAD63Q84trRUJMmeORBZ8i2qMUympuF89TBfTzLcVz01KIVt6:Px+3Q84VRyFR0i20juC9TBfFg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cf04dcc02f2f2cab2065e220401cfe55b451913fafaaa18593e18849a17a0ca

Files

4cf04dcc02f2f2cab2065e220401cfe55b451913fafaaa18593e18849a17a0ca
.dll regsvr32 windows:6 windows x86 arch:x86

dc0dcc27f0c9dea5168f80202ed92b5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
WideCharToMultiByte
CreateProcessA
GetModuleFileNameA
SetFilePointer
CreateMutexA
GetModuleHandleA
GetLastError
CreateFileA
SetEvent
DeleteFileA
CreateThread
ResetEvent
GetFileSize
CreateEventA
GetLogicalDrives
GetDriveTypeA
SetErrorMode
GetDiskFreeSpaceA
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
WritePrivateProfileStructA
GetLocalTime
GetPrivateProfileStructA
GetCurrentProcess
CloseHandle
GetVersionExA
IsWow64Process
CreateFileW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
MultiByteToWideChar
WaitForSingleObject
PeekNamedPipe
ExpandEnvironmentStringsA
CreatePipe
TerminateProcess
WriteFile
lstrlenW
ReadFile
GetProcAddress
ExitProcess
GetSystemInfo
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WriteConsoleW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetSystemDefaultLangID
Sleep
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType

user32

SetCursorPos
MapVirtualKeyA
mouse_event
ReleaseDC
GetSystemMetrics
GetDC
keybd_event

gdi32

DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits

advapi32

OpenProcessToken
CreateProcessAsUserA
DuplicateTokenEx
GetUserNameA
GetTokenInformation

ws2_32

gethostbyname
socket
connect
inet_addr
gethostname
recv
htons
setsockopt
WSAStartup
closesocket
WSAIoctl
WSACleanup
send
inet_ntoa

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

iphlpapi

GetAdaptersAddresses

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationA
WTSEnumerateSessionsA

Exports

Exports

DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer
Install

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc0dcc27f0c9dea5168f80202ed92b5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

netapi32

iphlpapi

wtsapi32

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 5KB - Virtual size: 5KB