fc059489f2961851b27e7b604984b5d5b785a4edb41d6f45887d24d084ff70e9

Sharing

Copy URL Twitter E-mail

General

Target

fc059489f2961851b27e7b604984b5d5b785a4edb41d6f45887d24d084ff70e9
Size

3.2MB
MD5

3601a93a22f4ff8b5a91e243f3a79d04
SHA1

83521798b26339c3346a8afebcbbc0a4348631ef
SHA256

fc059489f2961851b27e7b604984b5d5b785a4edb41d6f45887d24d084ff70e9
SHA512

8743a431f4157bb625a36d05dbce4f516c0a2e5a2e74d3f020f10dfb8285c0866b3ba08279a9fdd12060a24b4a8f89ca9e5974ab2adb54d99f51398d551b9c29
SSDEEP

98304:Zy3em3FG3jd5AqMuqJIriuLwyFb4mLZfqopuYaxme6:Yem3FOjdsuq2l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc059489f2961851b27e7b604984b5d5b785a4edb41d6f45887d24d084ff70e9

Files

fc059489f2961851b27e7b604984b5d5b785a4edb41d6f45887d24d084ff70e9
.dll regsvr32 windows:4 windows x86 arch:x86

d0573a861e24d73a813388af205f496d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringW
CreateFileW
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
EnumResourceNamesW
EnumSystemLocalesA
FindResourceA
FindResourceW
FormatMessageW
GetEnvironmentVariableW
GetFileAttributesA
GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LeaveCriticalSection
LoadLibraryW
LoadResource
LockResource
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
SizeofResource
WideCharToMultiByte
WriteFile
lstrcmpA
lstrcmpW
lstrcmpiW

ntdll

_vsnprintf

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

SysAllocString
SysReAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantChangeType
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLib
SystemTimeToVariantTime

rtworkq

RtwqAllocateWorkQueue
RtwqCreateAsyncResult
RtwqPutWorkItem
RtwqShutdown
RtwqStartup

shlwapi

PathIsURLW
PathSearchAndQualifyW
UrlApplySchemeW
UrlCreateFromPathW
UrlUnescapeW

ucrtbase

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_assert
_close
_dclass
_errno
_getcwd
_mkdir
_open
_read
_stat32
_strdup
_time32
_wcsicmp
_wfopen
_write
_wstat32
bsearch
calloc
exit
fclose
ferror
fflush
fmod
fopen
fputc
fread
free
fwrite
getenv
isalpha
isspace
iswspace
log10
malloc
memchr
memcmp
memcpy
memmove
memset
pow
qsort
rand
realloc
srand
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncpy
toupper
wcschr
wcscmp
wcsncmp
wcsstr
wcstol

urlmon

CoInternetCombineUrlEx
CoInternetCombineIUri
CreateAsyncBindCtx
CreateIUriBuilder
CreateUri
CreateURLMoniker
CreateURLMonikerEx
CreateURLMonikerEx2
RegisterBindStatusCallback

user32

CharUpperBuffW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0573a861e24d73a813388af205f496d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ole32

oleaut32

rtworkq

shlwapi

ucrtbase

urlmon

user32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 8KB - Virtual size: 6KB

.rodata Size: 4KB - Virtual size: 64B

.rdata Size: 332KB - Virtual size: 331KB

/4 Size: 232KB - Virtual size: 230KB

.edata Size: 128KB - Virtual size: 127KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 124KB - Virtual size: 122KB

.reloc Size: 76KB - Virtual size: 72KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 8KB - Virtual size: 6KB

.rodata
Size: 4KB - Virtual size: 64B

.rdata
Size: 332KB - Virtual size: 331KB

/4
Size: 232KB - Virtual size: 230KB

.edata
Size: 128KB - Virtual size: 127KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 124KB - Virtual size: 122KB

.reloc
Size: 76KB - Virtual size: 72KB