112d93822f12a729c77609872f99058459b79c3302c5d5d1b0f89b452163caf6

Sharing

Copy URL Twitter E-mail

General

Target

112d93822f12a729c77609872f99058459b79c3302c5d5d1b0f89b452163caf6
Size

524KB
MD5

ba801fcf404e48ec4dfe1746f563b8b7
SHA1

261b197beb37af47d6e0a80069d819550f8175ef
SHA256

112d93822f12a729c77609872f99058459b79c3302c5d5d1b0f89b452163caf6
SHA512

6567e371a1764d6658a80788a18746b58a28770e8ab7b360f58671df407555dd80279e2abe24663e057e7353570928afdd0d24a7e9ea1902b57ffd62c8c9e490
SSDEEP

6144:bI99E2U76MxRykfTSseN8SOHxGW417ToNRtdnWPXyV/hgHc5h:899y76MxRykk+FHxGYtFWPXyl5h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
112d93822f12a729c77609872f99058459b79c3302c5d5d1b0f89b452163caf6

Files

112d93822f12a729c77609872f99058459b79c3302c5d5d1b0f89b452163caf6
.dll regsvr32 windows:4 windows x86 arch:x86

a815cdc71c369f517a43e0dd9964b5af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeResource
GlobalHandle
lstrlenW
SetThreadPriority
CreateThread
Sleep
WaitForSingleObject
lstrcmpA
FlushInstructionCache
GetCurrentProcess
DisableThreadLibraryCalls
GetShortPathNameA
GetModuleHandleA
WideCharToMultiByte
lstrcmpiA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
FlushFileBuffers
GetLocaleInfoW
ReadFile
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetCurrentThreadId
IsValidCodePage
IsValidLocale
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
GetOEMCP
GetACP
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
HeapReAlloc
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
FindResourceA
LoadResource
SizeofResource
LockResource
GetModuleFileNameA
lstrcatA
lstrcpyA
lstrlenA
GetLocaleInfoA
GetVersion
GetCommandLineA
RaiseException
RtlUnwind
LocalFree
GetLastError
InterlockedExchange

user32

OpenClipboard
SetClipboardData
CloseClipboard
LoadStringA
GetClipboardData
IsClipboardFormatAvailable
GetActiveWindow
DialogBoxIndirectParamA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetDlgItemTextA
EnableWindow
SetDlgItemTextA
ShowWindow
SendDlgItemMessageA
EndDialog
CharNextA
CreateWindowExA
wsprintfA
GetClassNameA
GetDlgItem
SendMessageA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
GetDC
GetDesktopWindow
ReleaseDC
RedrawWindow
IsWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
CallWindowProcA
GetFocus
IsChild
SetFocus
GetSysColor
MessageBoxA
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SetWindowLongA
GetWindow

gdi32

GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemFree
ProgIDFromCLSID
CoTaskMemAlloc
StringFromIID
IIDFromString
CreateStreamOnHGlobal
OleInitialize
OleLockRunning
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
OleUninitialize

oleaut32

GetErrorInfo
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
GetActiveObject
SysAllocStringLen
SysFreeString
SetErrorInfo
CreateErrorInfo
VariantClear
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantChangeType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a815cdc71c369f517a43e0dd9964b5af

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 202KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 24KB - Virtual size: 28KB

.rsrc Size: 216KB - Virtual size: 213KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 204KB - Virtual size: 202KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 216KB - Virtual size: 213KB

.reloc
Size: 24KB - Virtual size: 21KB