27ef2b400a046151c34c80e8e8151addaf23e69e80678bd5e7bd36bf6fd1c7c9

Sharing

Copy URL Twitter E-mail

General

Target

27ef2b400a046151c34c80e8e8151addaf23e69e80678bd5e7bd36bf6fd1c7c9
Size

1.0MB
MD5

506425c40bc72e8c8b8e976d8a70abdf
SHA1

67c543d85ee028f2c1aecb2f93bec4a66446bb55
SHA256

27ef2b400a046151c34c80e8e8151addaf23e69e80678bd5e7bd36bf6fd1c7c9
SHA512

6cd721025b197ba44a5d8e33bc9488c575d112f7c798aa94611163e3c110953c94e727fc2bdd8949f7d9f3a9086be2a0340915e45a09f5e346f32fb2f9c06fed
SSDEEP

12288:0D7aOhwrTPdcWgtLJM8RsUMTe+nhFFFkwv8Ci:shsAW8uUghFFFRVi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27ef2b400a046151c34c80e8e8151addaf23e69e80678bd5e7bd36bf6fd1c7c9

Files

27ef2b400a046151c34c80e8e8151addaf23e69e80678bd5e7bd36bf6fd1c7c9
.dll regsvr32 windows:4 windows x86 arch:x86

b4381924bb9bc23ae9c1e961865d3356

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime
timeSetEvent

kernel32

SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
FreeLibrary
LoadLibraryA
lstrlenA
CreateThread
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetACP
GetCurrentThreadId
GetThreadPriority
GetCurrentThread
GetTickCount
SetErrorMode
lstrcmpiA
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
InterlockedDecrement
GetCurrentProcessId
GetVersionExA
OpenMutexA
CloseHandle
GetCurrentProcess
DuplicateHandle
ResetEvent
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleFileNameA
GetLastError
GetEnvironmentVariableA
lstrcpyA
SetThreadPriority
MultiByteToWideChar
InterlockedExchange
GetPrivateProfileSectionA
lstrlenW
lstrcatW
GetProcessHeap
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetDriveTypeA
FindNextFileA
FindClose
RemoveDirectoryA
GetFileAttributesA
CreateDirectoryExA
CreateDirectoryA
GetWindowsDirectoryA
WritePrivateProfileSectionA
GetExitCodeProcess
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
FindFirstFileA
MoveFileA
DeleteFileA
GetLocalTime
SetEnvironmentVariableA
lstrcatA
GetTempPathA
CopyFileA
GetProcessAffinityMask
SetProcessAffinityMask
lstrcmpA
GetVolumeInformationA
CreateFileA
GetFileTime
GetSystemDirectoryA
GetTimeZoneInformation
Sleep
FormatMessageA
LocalFree
OutputDebugStringA

advapi32

RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA

user32

wsprintfA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA
GetDesktopWindow
GetWindowRect
LoadStringW
LoadStringA
DefWindowProcA
DestroyWindow
ShowWindow
InvalidateRect
MoveWindow
CreateDialogParamA
SetWindowLongA
IsDlgButtonChecked
CheckRadioButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
CheckDlgButton
SendMessageA
GetDlgItem
EnableWindow
GetSystemMetrics
SetRect
GetWindowLongA

ole32

CoFreeUnusedLibraries
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize
CreateItemMoniker
GetRunningObjectTable
StgCreateDocfile
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

msvcrt

wcsstr
_mbsstr
sscanf
_strnicmp
_snprintf
_mbscmp
_except_handler3
vsprintf
_mbsnbcpy
_i64toa
_atoi64
srand
rand
_mbsrchr
_mbsnbcat
atof
atoi
_splitpath
_mbslwr
_strlwr
strpbrk
_strcmpi
_CIasin
wcslen
isdigit
wcsncmp
iswdigit
_wtoi
__dllonexit
_onexit
_initterm
_adjust_fdiv
?terminate@@YAXXZ
strstr
_wcsicmp
strncmp
abort
memmove
_CIpow
_vsnprintf
strncpy
calloc
modf
ldexp
printf
time
sprintf
atol
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
_assert
_ftol
floor
realloc
_errno
free
malloc
exit
_stat

gdi32

DeleteDC
CreateRectRgn
DeleteObject
CombineRgn
ExtCreateRegion
BitBlt
SelectObject
CreateDIBSection
GetObjectA
CreateCompatibleDC

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 624KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4381924bb9bc23ae9c1e961865d3356

Headers

File Characteristics

Imports

winmm

kernel32

advapi32

user32

ole32

oleaut32

msvcrt

gdi32

Exports

Exports

Sections

.text Size: 336KB - Virtual size: 335KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 624KB - Virtual size: 2.4MB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 32KB - Virtual size: 30KB

.text
Size: 336KB - Virtual size: 335KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 624KB - Virtual size: 2.4MB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 32KB - Virtual size: 30KB