5f384877a3f17ea6dd77c15bb4efc8d758152fa7771ae4991fa763cde27476aa

Sharing

Copy URL Twitter E-mail

General

Target

5f384877a3f17ea6dd77c15bb4efc8d758152fa7771ae4991fa763cde27476aa
Size

311KB
MD5

d98bf86addc9bef265062224f4516211
SHA1

7b45c7ab3dc544c1d8d19989cfe882bf178304bf
SHA256

5f384877a3f17ea6dd77c15bb4efc8d758152fa7771ae4991fa763cde27476aa
SHA512

8c3c25c102e613d0ec0c14fc08d192d8378f5b48f56cc1117fe6b6d982c6ac1a2fa3f3d3683e9957e1e08b2b2def59528d44104368bb609dce8731a65f004162
SSDEEP

3072:hUS7lb2tWpOtQn8WeQaZjS+RokPZFk6mG35N8teJW8rWONRKWwyCjkNHQvwXID1:dMt0nL/aZbjFk6mG35NsZ8ncx9rU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f384877a3f17ea6dd77c15bb4efc8d758152fa7771ae4991fa763cde27476aa

Files

5f384877a3f17ea6dd77c15bb4efc8d758152fa7771ae4991fa763cde27476aa
.dll regsvr32 windows:5 windows x86 arch:x86

9c815cdc2b98b2ad5f4b129f6f747a5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

wcscmp
_purecall
__CxxFrameHandler
_strnicmp
toupper
iswdigit
_EH_prolog
realloc
malloc
free
??3@YAXPAX@Z
??2@YAPAXI@Z
_wmakepath
_wsplitpath
vswprintf
wcslen
iswctype
_wtoi
_wcsicmp
_CxxThrowException
_beginthreadex
__RTDynamicCast
wcstoul
wcsncpy
wcsspn
wcscspn
_wcsupr
_snwprintf
__dllonexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
_except_handler3

atl

ord15
ord32
ord21
ord16
ord24
ord18
ord22
ord23

kernel32

SetLastError
FlushInstructionCache
InitializeCriticalSection
FormatMessageW
LocalFree
GetSystemWindowsDirectoryW
lstrcpyW
CloseHandle
lstrcmpW
DeleteCriticalSection
GetLastError
CreateMutexW
ReleaseMutex
GetModuleHandleW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
GetUserDefaultLangID
GetCurrentProcess
ResetEvent
LeaveCriticalSection
lstrlenW
lstrlenA
WideCharToMultiByte
SetEvent
WaitForSingleObject
GetModuleFileNameW
DisableThreadLibraryCalls
CreateEventW
LocalAlloc

user32

GetParent
CallWindowProcW
GetWindowTextW
GetWindowTextLengthW
DefWindowProcW
GetWindowLongW
SetWindowLongW
wsprintfW
EndDialog
GetWindowRect
SystemParametersInfoW
GetClientRect
SetWindowPos
SendMessageW
GetDlgItem
GetWindow
LoadStringW
RegisterWindowMessageW
SetWindowTextW
MessageBoxW
GetActiveWindow
SetCursor
ReleaseDC
GetPropW
RemovePropW
GetCursor
SetPropW
DialogBoxParamW
EnableWindow
LoadIconW
GetClassNameW
GetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
SetFocus
SetDlgItemTextW
InsertMenuW
GetCursorPos
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
WinHelpW
GetDlgCtrlID
EnumChildWindows
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DestroyWindow
MoveWindow
ShowWindow
SetActiveWindow
LoadCursorW
GetDC

gdi32

SelectObject
GetTextExtentPointW
GetTextMetricsW
CreateFontIndirectW
DPtoLP
GetDeviceCaps
DeleteObject

comctl32

PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage
InitCommonControlsEx

ole32

CLSIDFromString
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

resutils

ResUtilFindMultiSzProperty
ResUtilFindDwordProperty
ResUtilVerifyPropertyTable
ResUtilFindSzProperty

clusapi

ClusterRegOpenKey
GetClusterInformation
SetClusterResourceName
GetClusterResourceNetworkName
CloseClusterGroup
CloseClusterResource
OpenClusterGroup
ClusterResourceControl
ClusterResourceTypeControl
ClusterNodeControl
ClusterGroupControl
ClusterNetworkControl
ClusterCloseEnum
ClusterEnum
ClusterOpenEnum
CloseClusterNetwork
CloseClusterNode
OpenClusterResource
SetClusterGroupName
CreateClusterGroup
DeleteClusterGroup
DeleteClusterResource
ClusterResourceCloseEnum
ClusterResourceEnum
ClusterResourceOpenEnum
ClusterGroupCloseEnum
ClusterGroupEnum
ClusterGroupOpenEnum
OpenClusterNetwork
OpenClusterNode
SetClusterGroupNodeList
CreateClusterResource
RemoveClusterResourceDependency
AddClusterResourceDependency
RemoveClusterResourceNode
AddClusterResourceNode
ClusterRegCloseKey
ClusterRegQueryValue
GetClusterKey

ntdll

RtlFreeAnsiString
RtlUnicodeStringToOemString
RtlUnicodeStringToAnsiString
RtlFreeOemString
RtlNtStatusToDosError
RtlInitUnicodeString

netapi32

NetpNetBiosReset
NetpNetBiosStatusToApiStatus
NetpwNameValidate
Netbios

ws2_32

inet_addr
ntohl

dnsapi

DnsValidateName_W

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c815cdc2b98b2ad5f4b129f6f747a5f

Headers

File Characteristics

Imports

msvcrt

atl

kernel32

user32

gdi32

comctl32

ole32

oleaut32

resutils

clusapi

ntdll

netapi32

ws2_32

dnsapi

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.data Size: 21KB - Virtual size: 26KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 184KB - Virtual size: 183KB

.data
Size: 21KB - Virtual size: 26KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 19KB - Virtual size: 19KB