f97f26f9cb210c0fcf2b50b7b9c8c93192b420cdbd946226ec2848fd19a9af2c

Sharing

Copy URL

Twitter E-mail

General

Target

f97f26f9cb210c0fcf2b50b7b9c8c93192b420cdbd946226ec2848fd19a9af2c
Size

168KB
MD5

384a9215bfa2fc9454f55b0169cf8e1f
SHA1

8cc5cd371ae7aee0657cab451aa17895a04f3c8f
SHA256

f97f26f9cb210c0fcf2b50b7b9c8c93192b420cdbd946226ec2848fd19a9af2c
SHA512

092df790dddfbbd48baf4bc1207bbb3095a72a5fbaba356cd3d260516e3c69a5ada0079d62947d6219439c24f78f12312ecb8801e577872dcc61643f8a5c93ca
SSDEEP

3072:0o4LzK7LUdPy42tKMguO7WOnJFLUs4hIOfV2YyguEC9B2pqeOVXmb+V:IeIa0BuO7WOnJxU1InYrqeOV2W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f97f26f9cb210c0fcf2b50b7b9c8c93192b420cdbd946226ec2848fd19a9af2c

Files

f97f26f9cb210c0fcf2b50b7b9c8c93192b420cdbd946226ec2848fd19a9af2c
.dll windows:4 windows x86 arch:x86

dbfce946853d90f29a1a324bc8a07ecf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DOCUME~1\roberto\LOCALS~1\Temp\luarocks-source-luacom-1.4-1-4943\luacom-1.4\bin\luacom.pdb

Imports

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
lstrlenW
lstrcpyW
DebugBreak
FatalAppExitA
IsBadWritePtr
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FormatMessageA
LocalFree
IsBadStringPtrA
GetCurrentDirectoryA
TerminateProcess
GetModuleFileNameA

user32

GetClientRect
GetWindowLongA
CallWindowProcA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetActiveWindow
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
WinHelpA
wsprintfA
CreateWindowExA
RegisterClassA
DefWindowProcA
MapWindowPoints
GetWindowRect
IsWindowVisible
SetFocus
ShowWindow

gdi32

DeleteObject
CreateRectRgnIndirect
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetMapMode
SetWindowExtEx

advapi32

RegEnumKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegCloseKey

ole32

OleInitialize
OleUninitialize
CreateOleAdviseHolder
OleRegGetUserType
CoLockObjectExternal
StringFromIID
CoTaskMemAlloc
CoRegisterClassObject
CoTaskMemFree
CoRevokeClassObject
CreateBindCtx
MkParseDisplayName
CoCreateInstance
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
StringFromCLSID

oleaut32

VariantCopyInd
SafeArrayGetElement
SafeArrayGetDim
VariantTimeToSystemTime
SysAllocStringLen
LoadRegTypeLi
SysFreeString
GetActiveObject
SafeArrayCreate
VariantCopy
SafeArrayPutElement
SystemTimeToVariantTime
VariantChangeType
SafeArrayDestroy
SafeArrayCreateVector
LoadTypeLibEx
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantInit
VariantClear
LHashValOfNameSys
UnRegisterTypeLi
DispGetIDsOfNames

shlwapi

SHDeleteKeyA

lua5.1

lua_getmetatable
lua_pushlightuserdata
lua_pushboolean
lua_checkstack
lua_equal
lua_tointeger
lua_rawseti
lua_setfield
luaL_newstate
luaL_loadfile
luaL_openlibs
lua_newuserdata
lua_setmetatable
lua_error
luaL_register
lua_close
lua_isuserdata
lua_rawgeti
lua_topointer
lua_objlen
lua_insert
lua_call
lua_pushlstring
luaL_checktype
luaL_loadbuffer
lua_pcall
lua_rawget
lua_remove
lua_touserdata
lua_rawset
lua_getfield
luaL_checknumber
luaL_optlstring
luaL_ref
luaL_unref
lua_pushnumber
luaL_argerror
lua_pushvalue
lua_gettable
lua_createtable
lua_pushstring
lua_settable
lua_pushcclosure
lua_pushnil
lua_typename
lua_settop
lua_gettop
lua_type
lua_tonumber
lua_tolstring
lua_toboolean
luaL_checklstring
lua_next

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
strncat
??3@YAXPAX@Z
sprintf
free
__CxxFrameHandler3
_CxxThrowException
_stricmp
wcstombs
mbstowcs
malloc
strncmp
??2@YAPAXI@Z
strncpy
memcpy
memset
_purecall
fclose
fflush
vfprintf
fprintf
_spawnlp
fopen
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
sscanf
wprintf
__RTDynamicCast
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
printf

Exports

Exports

DllGetClassObject
luacom_IDispatch2LuaCOM
luacom_close
luacom_detectAutomation
luacom_open
luacom_openlib
luaopen_luacom

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbfce946853d90f29a1a324bc8a07ecf

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

lua5.1

msvcr80

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 428B

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 428B