DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Start
Static task
static1
1 signatures
General
-
Target
16779549421.zip
-
Size
76KB
-
MD5
53ce2406872a26d79db12054fe83fecb
-
SHA1
ecf64cbf17c885fd3d9fef992cd6b9b47d1e32aa
-
SHA256
ee04023f700d12db0524a0071f172c721bc49c6a407d3312f634cd4c1897493f
-
SHA512
5ac84279f1ea35abcc1a57623435218b379e8659f639e8e7abeb84b7c9920e324a47a40d8c08e06f98e8a9f7c0d0a5c6dddcd7f9115614cf0044fd2e2f4ca314
-
SSDEEP
1536:hMuLmAOgHjr9BL5wHq8BFn3mzsBaiAxz564EkQ7MJBfi9/7pkFWc0TD7hjfGWC0G:hM0l9FQK8D2xtxt64nf2SOT/hjfGL0Hm
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/b6ac7f6e3b03acd364123a07b2122d943c4111ac4786bb188d94eae0e5b22c02
Files
-
16779549421.zip.zip
Password: infected
-
b6ac7f6e3b03acd364123a07b2122d943c4111ac4786bb188d94eae0e5b22c02.dll regsvr32 windows:6 windows x64 arch:x64
778d292d4f335da5816a99cc31302333
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetCommandLineW
LoadLibraryW
Sleep
CloseHandle
CreateThread
SetLastError
GetLastError
ReadFile
GetVolumeInformationW
SetHandleInformation
WriteFile
ExpandEnvironmentStringsW
TerminateProcess
GetModuleFileNameW
CreatePipe
SetFilePointer
PeekNamedPipe
GetModuleHandleW
WaitForSingleObject
CreateFileW
GetComputerNameExW
MultiByteToWideChar
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetComputerNameW
GlobalMemoryStatusEx
CreateProcessW
CopyFileW
WideCharToMultiByte
GetTickCount
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetProcAddress
GetSystemInfo
FindClose
GetTempPathW
FindNextFileW
CreateMutexW
RaiseException
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetStdHandle
HeapSize
FindFirstFileW
advapi32
SystemFunction036
GetUserNameW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
shell32
CommandLineToArgvW
SHGetFolderPathW
ws2_32
gethostname
gethostbyname
WSACleanup
inet_ntoa
WSAStartup
Exports
Exports
Sections
.text Size: 84KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ