ecf4456c0057c5fa4b918d2967f73d00eed2bef596ff0d3ab61f2c381caaf0b7

Sharing

Copy URL Twitter E-mail

General

Target

ecf4456c0057c5fa4b918d2967f73d00eed2bef596ff0d3ab61f2c381caaf0b7
Size

817KB
MD5

a700e07ba525b2b73fccab4ba68fe9ac
SHA1

52fdaa602437ade340b4dd44135caabfbe2145e6
SHA256

ecf4456c0057c5fa4b918d2967f73d00eed2bef596ff0d3ab61f2c381caaf0b7
SHA512

a1ef90c859f84af247ecc63ac982061a03ca19d5d32ca7d27ef941e47a47a8c6976e6b5c13e04773840feed0b723901c0c6a9b824029fd101ded01a857bda735
SSDEEP

6144:It8GW5TNTwGeW/2H3iGc0LYUhOCnirJGqzX:XGuQE0nQFX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecf4456c0057c5fa4b918d2967f73d00eed2bef596ff0d3ab61f2c381caaf0b7

Files

ecf4456c0057c5fa4b918d2967f73d00eed2bef596ff0d3ab61f2c381caaf0b7
.dll regsvr32 windows:4 windows x86 arch:x86

a249e3d5b612d7e45b2f8abfc7096fda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

ClearEventLogA
RegisterEventSourceA

kernel32

CloseHandle
CreateFileA
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DisconnectNamedPipe
EnterCriticalSection
GetCommModemStatus
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetFileType
GetLastError
GetProcAddress
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
OpenEventA
QueryPerformanceCounter
ReadConsoleW
ReadFile
SetCommMask
SetCurrentDirectoryA
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
lstrlenA

msvcrt

_amsg_exit
_initterm
_iob
_lock
_snprintf
_unlock
abort
calloc
free
fwrite
malloc
realloc
strlen
strncmp
vfprintf

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
InitHelperDll
StartW

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 944B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a249e3d5b612d7e45b2f8abfc7096fda

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 114KB

.data Size: 628KB - Virtual size: 628KB

.rdata Size: 53KB - Virtual size: 53KB

.bss Size: - Virtual size: 944B

.edata Size: 512B - Virtual size: 200B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 115KB - Virtual size: 114KB

.data
Size: 628KB - Virtual size: 628KB

.rdata
Size: 53KB - Virtual size: 53KB

.bss
Size: - Virtual size: 944B

.edata
Size: 512B - Virtual size: 200B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 15KB - Virtual size: 15KB