2b6c6f31f08e83249a2502bb6085db8498ad73334ffdb7385d435f212614e6ae

Sharing

Copy URL Twitter E-mail

General

Target

2b6c6f31f08e83249a2502bb6085db8498ad73334ffdb7385d435f212614e6ae
Size

196KB
MD5

9589390e818e59ece5343712ab82e81b
SHA1

625f8b309a82a0742253f46423d47a9cbc4bebd0
SHA256

2b6c6f31f08e83249a2502bb6085db8498ad73334ffdb7385d435f212614e6ae
SHA512

b9ef510922a926cdcc699b5b060eb87fd0f13a2aa563979ae9af07ba548e007a7f5b00ffef30562f29eb2fd58350996b4094efce7d8772e08e35447e16b97e54
SSDEEP

1536:OWLYMZQbKkZTXtr9PIsxUOziB+RsGdebQN9S4A33ppn3yvr86ymqwlahfsNNNNN/:OWLYMZgJ3UOe6ebt93n3yvr81jvNv8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b6c6f31f08e83249a2502bb6085db8498ad73334ffdb7385d435f212614e6ae

Files

2b6c6f31f08e83249a2502bb6085db8498ad73334ffdb7385d435f212614e6ae
.dll regsvr32 windows:4 windows x86 arch:x86

f07d705e9c3eb4e9c0cac6c954a27e3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathParseIconLocationW
PathIsDirectoryW

mfc42u

ord3084
ord2859
ord2371
ord6354
ord1088
ord2114
ord6451
ord5261
ord4370
ord4847
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord3792
ord5871
ord4270
ord809
ord567
ord556
ord795
ord3716
ord1768
ord6051
ord3397
ord5286
ord1128
ord2717
ord3948
ord561
ord3733
ord4418
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord815
ord4269
ord429
ord1640
ord3211
ord5506
ord1165
ord6466
ord2634
ord1085
ord1115
ord1173
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord3297
ord3991
ord3993
ord6898
ord6003
ord6896
ord542
ord802
ord1197
ord823
ord4704
ord6195
ord3087
ord6211
ord4229
ord2294
ord825
ord324
ord641
ord3592
ord4419
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord4621
ord4075
ord3820
ord3074

msvcrt

wcscat
_purecall
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
memset
malloc
strlen
free
memcpy
wcscpy
wcscmp
__CxxFrameHandler
_CxxThrowException
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_wsplitpath
wcstok
wcsstr
?set_new_handler@@YAP6AXXZP6AXXZ@Z
_errno
memcmp
wcsrchr
_wcsdup
_wcsupr
_wcsnicmp
_except_handler3
wcslen
_wcslwr
_wtoi
_wcsicmp
??9type_info@@QBEHABV0@@Z

kernel32

OutputDebugStringW
GetVersionExW
FindClose
FindFirstFileW
LocalAlloc
LocalFree
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
WideCharToMultiByte
lstrcpynA
lstrcpynW
GlobalLock
GlobalUnlock
LoadLibraryA
GetPrivateProfileStringW
OutputDebugStringA
GetDriveTypeW
GetWindowsDirectoryW
GetVersion
GetFileAttributesW
GetSystemDirectoryW
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
SetLastError
GetModuleFileNameW

user32

wvsprintfW
GetWindow
SendMessageW
GetClientRect
PtInRect
SetCapture
ReleaseCapture
LoadCursorW
CopyIcon
SetCursor
DestroyCursor
InsertMenuItemW
LoadMenuW
GetSubMenu
SetMenuDefaultItem
ModifyMenuW
GetWindowRect
TrackPopupMenu
wsprintfW
EnableWindow
DestroyMenu
MessageBoxW
DestroyIcon
SetWindowLongW
GetDlgItem
ShowWindow
GetSysColor
SetDlgItemTextW
GetParent
GetDlgItemTextW
SendDlgItemMessageW
SetWindowTextW

gdi32

GetStockObject
DeleteObject
SelectObject
CreateFontIndirectW
GetObjectW

advapi32

RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHGetFileInfoW
ExtractIconW
DragQueryFileW
ExtractIconExW
DragFinish

ole32

CoUninitialize
ReleaseStgMedium
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SysFreeString
LoadRegTypeLi

atl

ord23
ord16
ord21
ord15
ord18
ord57
ord32
ord58
ord30

msvcp60

??0bad_alloc@std@@QAE@PBD@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1bad_alloc@std@@UAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f07d705e9c3eb4e9c0cac6c954a27e3a

Headers

File Characteristics

Imports

shlwapi

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl

msvcp60

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 44KB - Virtual size: 41KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 44KB - Virtual size: 41KB