418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd

Resubmissions

31/05/2024, 11:24

240531-nhs91sgc32 10

30/05/2024, 18:03

240530-wm2e7agh32 10

30/05/2024, 17:29

240530-v2swxseh6y 10

Sharing

Copy URL

Twitter E-mail

General

Target

418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd
Size

96KB
MD5

14b6593b7fccd7eb33e3abc23c1f362c
SHA1

750e811324238a582b4b76f929af593101a6d1de
SHA256

418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd
SHA512

b02fe19367e3b1bea50ddddc01739d5bde4c16503c6ee041d64c3dfb7e5378f2f9a20e463c03c49808746bcbc0704eced39fc064de3f6e1c8c06f7a6eb45cd9f
SSDEEP

1536:FFCLtN2pRudECjdZZ/goqj48n7yEYhUrD3QhpA7HdqZLSwPMUU+v8TJGim:rmtNcu6CBPoM87bMUD3sGu8+v8TJG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd

Files

418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd
.dll regsvr32 windows:4 windows x86 arch:x86

9171358e5e43ca91f32679eb655d2a3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

OpenEventLogA
ReadEventLogA
RegCloseKey
RegDeleteKeyA
RegGetValueA
RegisterEventSourceA

kernel32

CloseHandle
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EscapeCommFunction
FlushConsoleInputBuffer
GetCommModemStatus
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetFileType
GetHandleInformation
GetLargestConsoleWindowSize
GetLastError
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
OpenEventA
PurgeComm
QueryPerformanceCounter
ReadConsoleW
SetCommBreak
SetCommMask
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
lstrlenA

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
malloc
realloc
strlen
strncmp
vfprintf

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
InitHelperDll
StartW

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 944B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

9171358e5e43ca91f32679eb655d2a3a

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 944B

.edata Size: 512B - Virtual size: 200B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 65KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 944B

.edata
Size: 512B - Virtual size: 200B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 9KB - Virtual size: 8KB