a6073d6fdd122ce61628ec37b3f1a5433f7f061f4c5053a986b52428f335a1ce

Sharing

Copy URL

Twitter E-mail

General

Target

a6073d6fdd122ce61628ec37b3f1a5433f7f061f4c5053a986b52428f335a1ce
Size

284KB
MD5

441b7cb89c5e60eb3f594b34ec5e6093
SHA1

2d3b64577d7f732ab1b98fa8da9645f42a2efa51
SHA256

a6073d6fdd122ce61628ec37b3f1a5433f7f061f4c5053a986b52428f335a1ce
SHA512

c5c54556c2ef257573243ed95539831e2442cf323a7e3024c2ced2f51267d1026ef666e71d60123e66c75863be8de6fe81cd9c078c01f91991132185de3f064f
SSDEEP

6144:8m9XN3bkVazeqGk/djEzB+gcCjny4ia3JELscdlaU8sf/d:3kVqx5G/ura3JELtl3J3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6073d6fdd122ce61628ec37b3f1a5433f7f061f4c5053a986b52428f335a1ce

Files

a6073d6fdd122ce61628ec37b3f1a5433f7f061f4c5053a986b52428f335a1ce
.dll regsvr32 windows:4 windows x86 arch:x86

73a06c6d944138616ded53c86881673c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptImportPublicKeyInfoEx
CertCreateCertificateContext
CertFreeCertificateContext

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
lstrlenA
CompareFileTime
RtlUnwind
GetSystemTimeAsFileTime
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetShortPathNameA
FormatMessageA
LocalFree
GetPrivateProfileIntA
TerminateThread
SetEvent
OpenEventA
CreateEventA
WaitForSingleObject
Sleep
GetProcessHeap
HeapAlloc
HeapFree
GetLocalTime
WritePrivateProfileStringA
WideCharToMultiByte
InterlockedDecrement
DeviceIoControl
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
GetCurrentThreadId
CreateThread
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
WriteFile
GetModuleFileNameA
CreateFileA
GetFileSize
CloseHandle
ReadFile
SystemTimeToFileTime
GetLastError
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSection
GetLocaleInfoA
HeapReAlloc
VirtualAlloc
GetCommandLineA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapSize
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetVersionExA
SetStdHandle

user32

DestroyWindow
MessageBoxA
DefWindowProcA
DispatchMessageA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
TranslateMessage
GetMessageA

advapi32

CryptSignHashA
CryptReleaseContext
CryptDestroyKey
CryptGenKey
CryptGetUserKey
CryptAcquireContextA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
CryptGetProvParam
CryptGetKeyParam
CryptDestroyHash
CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptSetProvParam
CryptImportKey
CryptExportKey
CryptSetHashParam
CryptSetKeyParam
CryptDecrypt
CryptEncrypt
CryptGenRandom

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayGetElement
VariantClear
SafeArrayDestroy
SysFreeString
SysAllocString

cryptofun

?VerifyCert@@YGHPAX0@Z
?VerifyCert@@YGHPAX@Z
RSAref_Public_ref2eay
PKCS1_PADDING_1
SymPadding
CF_DER2PEM
CF_GetErrInfo
VerifySign
RSAref_Public_eay2ref
ExtPubKey
GetCertInfo
PKCS1_UN_PADDING

tcutility

SetLogFile
??0CMyMutex@@QAE@XZ
??1CMyMutex@@UAE@XZ
?Lock@CMyMutex@@QAE_NXZ
?UnLock@CMyMutex@@QAE_NXZ
EncodeBase64
DecodeBase64
WriteLog
Base64EncodeBufferSize

wsteay97

EVP_md5
EVP_DigestInit
EVP_DigestUpdate
EVP_DigestFinal
OPENSSL_add_all_algorithms_noconf
X509_STORE_new
X509_STORE_CTX_new
sk_new
X509_STORE_CTX_init
X509_verify_cert
X509_STORE_CTX_cleanup
X509_STORE_CTX_free
X509_STORE_free
EVP_DecodeFinal
sk_pop_free
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_get_subject_name
X509_NAME_oneline
X509_STORE_CTX_set_error
sk_push
BIO_ctrl
BIO_s_mem
BIO_new
BIO_write
d2i_X509
BIO_free
EVP_DecodeUpdate
EVP_DecodeInit
RSA_generate_key
EVP_MD_CTX_cleanup
i2d_X509
EVP_sha1
EVP_CIPHER_CTX_cleanup
RSA_free
RSA_public_decrypt
RSA_public_encrypt
RSA_new
RSA_padding_add_PKCS1_type_2
EVP_EncryptInit
EVP_aes_256_ofb
EVP_aes_256_ecb
EVP_aes_256_cfb
EVP_aes_256_cbc
EVP_DecryptInit
X509_free
PEM_read_bio_X509

getpasswd

GetPassword

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73a06c6d944138616ded53c86881673c

Headers

File Characteristics

Imports

crypt32

kernel32

user32

advapi32

ole32

oleaut32

cryptofun

tcutility

wsteay97

getpasswd

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 900B

.reloc Size: 12KB - Virtual size: 10KB

.rmnet Size: 88KB - Virtual size: 88KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 900B

.reloc
Size: 12KB - Virtual size: 10KB

.rmnet
Size: 88KB - Virtual size: 88KB