ebaf1a5846934f08231640c5e90a4edfd97b5fe718c4a33bfbd6ef7819dc8b9c

Sharing

Copy URL Twitter E-mail

General

Target

ebaf1a5846934f08231640c5e90a4edfd97b5fe718c4a33bfbd6ef7819dc8b9c
Size

81KB
MD5

bfd7c35cd070fd8cd2912234762d97d6
SHA1

cb438174adc144d6f5c56ecfda995a8be121b95d
SHA256

ebaf1a5846934f08231640c5e90a4edfd97b5fe718c4a33bfbd6ef7819dc8b9c
SHA512

8c2ab9712a83ef2c27518766e3fb4991a47f7cd1717ddffd0e6ff81984b22bb110d042424c1e54a15e417136e25602c91e30e072aa3e23e44530167db8b248bb
SSDEEP

1536:g3yqLKmzPYxsbQwTudET0ysKg6/3/CxrnjERvSJKeEOMhowYkrgHgc:0yqLKmzPYxt9aDg6/3KxrYCKbDhDgHz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebaf1a5846934f08231640c5e90a4edfd97b5fe718c4a33bfbd6ef7819dc8b9c

Files

ebaf1a5846934f08231640c5e90a4edfd97b5fe718c4a33bfbd6ef7819dc8b9c
.exe windows:6 windows x86 arch:x86

6aebafa495c986f0f702021f6507726f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dxdllreg.pdb

Imports

advapi32

RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
SetServiceStatus
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

kernel32

GetLastError
CreateDirectoryA
OutputDebugStringA
GetWindowsDirectoryA
LocalFree
FormatMessageA
CompareStringA
GetVersionExA
GetPrivateProfileSectionA
FindClose
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryExA
GetPrivateProfileStringA
GetSystemDirectoryA
lstrlenA
CloseHandle
CreateMutexA
WaitForSingleObject
CreateProcessA
CopyFileA
GetModuleFileNameA
Sleep
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetLocalTime
HeapFree
HeapReAlloc
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvi

setupapi

SetupCloseInfFile
SetupFindNextLine
SetupGetLineTextA
SetupFindFirstLineA
SetupOpenInfFileA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ropf
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6aebafa495c986f0f702021f6507726f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

setupapi

version

ole32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

.ropf Size: 3KB - Virtual size: 3KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB

.ropf
Size: 3KB - Virtual size: 3KB