aef26f577f1a447cb87e5051699a07f75a36d06f10a8bf93e4dff72ea3bc2376

Sharing

Copy URL Twitter E-mail

General

Target

aef26f577f1a447cb87e5051699a07f75a36d06f10a8bf93e4dff72ea3bc2376
Size

418KB
MD5

54ac7c13dc2fb9418644f55ee654aa72
SHA1

622084d538c0d9cf98248107e39a3cda9ebee374
SHA256

aef26f577f1a447cb87e5051699a07f75a36d06f10a8bf93e4dff72ea3bc2376
SHA512

e1c7d72b6cd36c527d8d55877c64b15db15fa1d3c6c9d1822cff713ff86993877112342b1c856f3b93d37e9d962a725754fe6c76dfdb6bbf19e5c387868630cf
SSDEEP

12288:26vou5GfnAqPPpCBhmlqRfPfAkes0imdtOx:2BNPhCBNV0iY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aef26f577f1a447cb87e5051699a07f75a36d06f10a8bf93e4dff72ea3bc2376

Files

aef26f577f1a447cb87e5051699a07f75a36d06f10a8bf93e4dff72ea3bc2376
.dll regsvr32 windows:6 windows x86 arch:x86

c0db16e1b1170d33541adba97eae2c9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathCanonicalizeW
PathIsRelativeW
SHDeleteKeyW

kernel32

IsValidCodePage
FindFirstFileExW
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
HeapAlloc
HeapFree
TransactNamedPipe
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
LocaleNameToLCID
GetModuleFileNameW
GetCurrentProcess
DisableThreadLibraryCalls
GetFileAttributesW
VerifyVersionInfoW
GetNamedPipeServerProcessId
GetLocaleInfoW
WaitNamedPipeW
RtlUnwind
RaiseException
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetNamedPipeHandleState
DisconnectNamedPipe
GetLastError
CloseHandle
ReadFile
CreateFileW
VerSetConditionMask
MulDiv
FindNextFileW
FindFirstFileW
FindClose
HeapSize
WriteConsoleW
SetEndOfFile
GetModuleHandleExW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent

user32

ReleaseCapture
MessageBoxW
ToAscii
GetKeyboardState
CopyImage
GetMenuItemInfoW
GetMenuItemCount
LoadCursorW
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetSysColor
GetClientRect
EndPaint
BeginPaint
ShowWindow
SetWindowPos
GetMonitorInfoW
MonitorFromRect
OffsetRect
GetWindowRect
GetWindowDC
SetCapture
GetCapture
IsWindowVisible
MoveWindow
GetFocus
wsprintfW
LoadImageW
DestroyIcon
TrackPopupMenu
AppendMenuW
CreatePopupMenu
InvalidateRect
ReleaseDC
GetDC
DestroyMenu
KillTimer
SetTimer

gdi32

MoveToEx
LineTo
SetBkMode
GetTextExtentPointW
ExtTextOutW
SetTextColor
SetBkColor
SelectObject
Rectangle
GetTextExtentPoint32W
CreatePen
BitBlt
GetObjectW
GetStockObject
GetDeviceCaps
DeleteObject
CreateFontIndirectW

shell32

SHGetFolderPathW
ShellExecuteW
SHGetKnownFolderPath

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
StringFromCLSID
CLSIDFromString

oleaut32

SysAllocString
VariantInit

advapi32

RegUnLoadKeyW
RegSetKeyValueW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetUserNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0db16e1b1170d33541adba97eae2c9b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 318KB - Virtual size: 318KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 318KB - Virtual size: 318KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB