6c0e15103228cca40c53322f80fdf8385e9b57f4b62c80c1e9f6b7dce2fdc652

Sharing

Copy URL

Twitter E-mail

General

Target

6c0e15103228cca40c53322f80fdf8385e9b57f4b62c80c1e9f6b7dce2fdc652
Size

541KB
MD5

61a316dd7374c18526a27683551b58fe
SHA1

7142aacf1dce49077b53e10ecf71aaaa03237bec
SHA256

6c0e15103228cca40c53322f80fdf8385e9b57f4b62c80c1e9f6b7dce2fdc652
SHA512

caf59052671bc31b51349fd83c4f01988fe5bd3537c583c7fea1fb65da1314f17acc83f91a9ab9f412a1341927f74c3d24e3b2f925a2fc1e2ebf609d73546aeb
SSDEEP

12288:SoLpxPjIUCjm778i05MvjUFlHN3Ef3hnnEqQo/Gmftvmlu9:SowUCmOujUFlHN3EpEho/Gmdmlu9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c0e15103228cca40c53322f80fdf8385e9b57f4b62c80c1e9f6b7dce2fdc652

Files

6c0e15103228cca40c53322f80fdf8385e9b57f4b62c80c1e9f6b7dce2fdc652
.dll regsvr32 windows:6 windows x86 arch:x86

6b5a0595ee0388564a910d67c5799d89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adoberfp.pdb

Imports

user32

GetClipboardData
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
RegisterClassExW
GetClassInfoExW
PeekMessageW
IsClipboardFormatAvailable
CallWindowProcW
DefWindowProcW
RegisterWindowMessageW
CharLowerBuffW
SendMessageW
GetWindowThreadProcessId
FindWindowW
KillTimer
SetTimer
SetParent
EmptyClipboard
OpenClipboard
SetWindowPos
ShowWindow
UnregisterClassW
PostMessageW
CloseClipboard
SetWindowLongW
GetWindowLongW
OffsetRect
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW

ole32

CoTaskMemRealloc
CreateBindCtx
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
HWND_UserUnmarshal
OleInitialize
OleUninitialize
OleDraw
OleLockRunning
HWND_UserSize
HWND_UserMarshal
HWND_UserFree

oleaut32

VarBstrFromI4
VarI4FromStr
VariantChangeType
SafeArrayGetVartype
SafeArrayCopy
SafeArrayRedim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayDestroy
OleLoadPicture
UnRegisterTypeLi
RegisterTypeLi
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VarUI4FromStr
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
OleCreateFontIndirect
SysAllocStringLen
VarBstrCmp
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SafeArrayCreate
SysStringLen
SysAllocString
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysFreeString

kernel32

GetFileType
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
VirtualQuery
VirtualProtect
SystemTimeToTzSpecificLocalTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
PeekNamedPipe
FileTimeToSystemTime
IsValidCodePage
ExitProcess
GetModuleHandleExW
GetStdHandle
CompareStringW
LCMapStringW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
SetFilePointerEx
WriteFile
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetSystemInfo
GetModuleHandleW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LocalFree
GlobalReAlloc
InitializeCriticalSection
WideCharToMultiByte
CopyFileW
SetFileAttributesW
DeleteFileW
ReadFile
GetFileSize
CreateFileW
SetThreadLocale
InitializeCriticalSectionEx
GetTempPathW
DecodePointer
CloseHandle
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DeleteCriticalSection
TerminateProcess
OpenProcess
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
MultiByteToWideChar
FreeLibrary
WriteConsoleW
GetProcAddress
LoadLibraryExW
lstrcmpiW
EncodePointer
GetThreadLocale

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGetHashParam
CryptImportKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
RegOpenKeyExW

shell32

SHGetDesktopFolder

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
StretchBlt
SetStretchBltMode
GetObjectW
SetBrushOrgEx
CopyEnhMetaFileW
CreateDIBSection
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
SetEnhMetaFileBits
GetDIBits

urlmon

CreateURLMonikerEx
CoInternetSetFeatureEnabled

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_AddRef_Proxy
NdrCStdStubBuffer_Release
NdrClientCall2
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 245B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 273KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b5a0595ee0388564a910d67c5799d89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

ole32

oleaut32

kernel32

advapi32

shell32

gdi32

urlmon

rpcrt4

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 178KB

.orpc Size: 512B - Virtual size: 245B

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 273KB - Virtual size: 276KB

.text
Size: 179KB - Virtual size: 178KB

.orpc
Size: 512B - Virtual size: 245B

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 273KB - Virtual size: 276KB