c74f94dbb9ccb122349021bdf24c3a93637b52ab0b1af89a2d6c06d90117bdc4

Sharing

Copy URL Twitter E-mail

General

Target

c74f94dbb9ccb122349021bdf24c3a93637b52ab0b1af89a2d6c06d90117bdc4
Size

552KB
MD5

cc3541e6da0b7b0cbeb42a8e94f8a54c
SHA1

b3234366555300bbc9e4bb94a360f83a70a7242e
SHA256

c74f94dbb9ccb122349021bdf24c3a93637b52ab0b1af89a2d6c06d90117bdc4
SHA512

223a9f4d0f446ad4eb137f1120392a66340c8ea681f9f83793b6d71ea60a9aaed2318a5aa068b979f6843c453d5d0c5673a3d4658f940daf7725bc50fdeb340e
SSDEEP

12288:+pzIK6IkD5lQbM+vJwg1HlLAHymgXx70WrLfQtv14DakNvLriHMcI+sex0mqyP3Z:cV6oQ+vJwg1HlLAHymgXx70WrLfQtv1/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c74f94dbb9ccb122349021bdf24c3a93637b52ab0b1af89a2d6c06d90117bdc4

Files

c74f94dbb9ccb122349021bdf24c3a93637b52ab0b1af89a2d6c06d90117bdc4
.dll windows:5 windows x86 arch:x86

3114e479df122e5b3890cc24685d6075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

weblink.pdb

Imports

kernel32

LoadResource
FindResourceA
GetTickCount
GetLastError
Sleep
CreateProcessA
WinExec
GlobalAddAtomA
GlobalAddAtomW
GetProcAddress
GetModuleHandleA
SizeofResource
FindAtomW
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
FreeResource
LockResource
GetModuleFileNameA
lstrcatA
lstrlenA
lstrcpyA
lstrcpynA
SleepEx
GetVersionExA

user32

DdeDisconnect
LoadIconA
SetPropW
FindWindowA
wsprintfA
DestroyIcon
GetPropW
MoveWindow
SetFocus
GetFocus
PostMessageA
DdeInitializeW
DdeCreateDataHandle
DdeConnect
DdeQueryStringA
GetWindowThreadProcessId
EnumThreadWindows
SetForegroundWindow
DdeCmpStringHandles
DdeInitializeA
DdeNameService
DdeUninitialize
DdeCreateStringHandleA
DdeClientTransaction
DdeFreeStringHandle
DdeGetLastError
DdeGetData
DdeFreeDataHandle
GetWindowTextA
DestroyCursor
LoadCursorA
GetWindowRect

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

ShellExecuteW
ShellExecuteA

ole32

CoCreateInstance

shlwapi

PathIsURLW
AssocQueryStringW
StrStrIA

ws2_32

WSAStartup
WSACleanup
gethostbyname

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z

msvcr100

_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_vsnprintf_s
_onexit
_lock
__dllonexit
_unlock
sprintf
memchr
_purecall
_mbscmp
_snprintf_s
_difftime64
_fcvt
_mbsstr
?terminate@@YAXXZ
_vsnprintf
strncat
strncmp
wcsncpy
_stricmp
strchr
_strlwr
isupper
toupper
_time64
wcslen
atof
atol
tolower
strncpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
strstr
memset
__CxxFrameHandler3
_CxxThrowException
memcmp
strlen
memcpy
memmove
??3@YAXPAX@Z
strpbrk
strrchr
??_V@YAXPAX@Z
vsprintf_s
_set_invalid_parameter_handler
atoi
strcmp
isdigit
isalpha
isxdigit
_strnicmp
isalnum
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z

Exports

Exports

PlugInMain

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 278KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3114e479df122e5b3890cc24685d6075

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 278KB - Virtual size: 280KB

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 278KB - Virtual size: 280KB