c9793da05bc3a3d10c61a6c6a8c3438b6fb02ba68e40b83653d262430dd77909

Sharing

Copy URL Twitter E-mail

General

Target

c9793da05bc3a3d10c61a6c6a8c3438b6fb02ba68e40b83653d262430dd77909
Size

118KB
MD5

713ff04db06177bf689185c01fcdb411
SHA1

22dd5f95516266dc0454208b88a0a4e5f42cef3c
SHA256

c9793da05bc3a3d10c61a6c6a8c3438b6fb02ba68e40b83653d262430dd77909
SHA512

b03f390590060cdba2b698e133a921157221a60ec88dfc7532878e8497c01eef4ad8051749011e68971ab6c594d10c6403fb3328f0c434611f78ed065bad2949
SSDEEP

3072:9L5g3ncAVl/SCLxYXefjeaYgaCVezsNCxyO1Po9Y:3cncSfTaJTxyO1PB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9793da05bc3a3d10c61a6c6a8c3438b6fb02ba68e40b83653d262430dd77909

Files

c9793da05bc3a3d10c61a6c6a8c3438b6fb02ba68e40b83653d262430dd77909
.dll regsvr32 windows:5 windows x86 arch:x86

3c3bd0b6260dea05869cdce8e29bcf29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

ws2_32

ntohs
inet_addr
htons
WSAIoctl
setsockopt
closesocket
WSAEventSelect
bind
WSAStartup
gethostname
gethostbyname
WSAConnect
WSACleanup
listen
ntohl
htonl
getsockname
WSASendTo
WSARecvFrom
WSAEnumProtocolsW
WSAGetLastError
WSAGetOverlappedResult
WSASend
WSARecv
inet_ntoa
WSASocketW
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents

ksres

KSRES_LoadGuidPtr
KSRES_InitGuidModule

kernel32

TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WaitForSingleObject
SetEvent
GetLastError
SetThreadPriority
ResetEvent
WaitForMultipleObjectsEx
CreateEventW
GetCurrentThreadId
CreateThread
InterlockedExchange
CreateWaitableTimerW
GetSystemTimeAsFileTime
SetWaitableTimer
GetTickCount
RaiseException
lstrlenW
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
WaitForMultipleObjects
Sleep
DeleteTimerQueueTimer
QueueUserWorkItem
CreateTimerQueueTimer
BindIoCompletionCallback
InterlockedExchangeAdd
InterlockedCompareExchange
lstrlenA
GlobalFree
GlobalAlloc
GetVersionExW
LoadLibraryA
DisableThreadLibraryCalls
GetModuleFileNameA
GetCurrentProcess
CancelWaitableTimer

user32

PostMessageW
PeekMessageW
PostThreadMessageW
CharNextW
wsprintfW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegSetValueW
RegEnumKeyExW

ole32

CoFreeUnusedLibraries
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr90

memmove_s
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
sprintf
memset
free
memcpy_s
wcsncpy_s
_recalloc
memcmp
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_strnicmp
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
strncpy
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
strstr
__CxxFrameHandler3
??2@YAPAXI@Z
??_V@YAXPAX@Z
_purecall
??3@YAXPAX@Z
memcpy
wcsstr
_lock
malloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c3bd0b6260dea05869cdce8e29bcf29

Headers

File Characteristics

Imports

iphlpapi

ws2_32

ksres

kernel32

user32

advapi32

ole32

oleaut32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB