2b75f7d6e3682d5eac4f3eee7885bcabcdaf37956de77b452fb8f5ff5f03f681

Sharing

Copy URL Twitter E-mail

General

Target

2b75f7d6e3682d5eac4f3eee7885bcabcdaf37956de77b452fb8f5ff5f03f681
Size

589KB
MD5

543b99fada69ba4c54846b2f080b3582
SHA1

ec8c0c5dc635ccd551c30cc760d51e6fccd0eb1e
SHA256

2b75f7d6e3682d5eac4f3eee7885bcabcdaf37956de77b452fb8f5ff5f03f681
SHA512

e80b7f50b8878f8eab89c59c72f56aca7fa507312ff32b7956100e3155125760bb43b094b15fcbfb7f0a478c82df3bc4c7f876a6c4f7036f910767d83667c31a
SSDEEP

12288:s+ML9z/1tF4cnuq3eys1k+m6D/baJFylzumppp2mMXHe2pz:Z8DB+mke/mymxof9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b75f7d6e3682d5eac4f3eee7885bcabcdaf37956de77b452fb8f5ff5f03f681

Files

2b75f7d6e3682d5eac4f3eee7885bcabcdaf37956de77b452fb8f5ff5f03f681
.dll regsvr32 windows:6 windows x86 arch:x86

ac4278a337dba190de1ce3ef16d39c4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\Target\x86\ship\clview\x-none\mshelp\msitss55.pdb

Imports

kernel32

GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
FreeLibrary
InterlockedExchange
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent
InterlockedDecrement
GetLastError
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
CreateEventW
WaitForSingleObject
RaiseException
InitializeCriticalSection
GetVersion
LoadLibraryExA
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
lstrlenW
FindResourceW
GetLocaleInfoA
GetUserDefaultLCID
GetFileAttributesA
GetFileAttributesW
GetFullPathNameA
GetFullPathNameW
DeleteFileA
GetTempPathA
GetTempFileNameA
MoveFileA
FlushFileBuffers
GetFileSize
GetFileTime
LockFile
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
UnlockFile
CloseHandle
CreateFileA
DeleteFileW
GetDriveTypeA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileW
GetVolumeInformationA
GetCurrentDirectoryA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GlobalMemoryStatus
LocalAlloc
LoadLibraryA
TlsAlloc
EncodePointer
GetCommandLineA
DecodePointer
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
GetModuleFileNameA
ResetEvent
SetEvent
GetVersionExW
GetFileAttributesExW
GetFileAttributesExA
CreateFileW
GetProcessHeap
HeapValidate

advapi32

RegDeleteKeyA
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
RegCreateKeyExA
RegCloseKey

ole32

CLSIDFromString
CreateBindCtx
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoGetMalloc
StringFromGUID2
CoGetClassObject
StringFromCLSID

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
WMCreateStreamForURL

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 292KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac4278a337dba190de1ce3ef16d39c4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 272KB

.data Size: 11KB - Virtual size: 15KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 292KB - Virtual size: 296KB

.text
Size: 272KB - Virtual size: 272KB

.data
Size: 11KB - Virtual size: 15KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 292KB - Virtual size: 296KB