cbb768bce02032fa1e1e59bcf9b7621eb1365ff9c2db232ce9db08b853d7b965

Sharing

Copy URL Twitter E-mail

General

Target

cbb768bce02032fa1e1e59bcf9b7621eb1365ff9c2db232ce9db08b853d7b965
Size

496KB
MD5

37f156cc779231db4fbf04d46c20d780
SHA1

5e1ef9b871653bcf92381854218370b787646e5e
SHA256

cbb768bce02032fa1e1e59bcf9b7621eb1365ff9c2db232ce9db08b853d7b965
SHA512

374677895adc3a248c01196be4636ff113cf873b982ec78e3000b83c17b5db5b2e0bc491a3aa54b36ea457312a4419450fd6a9c4563302ec1ebdbd82bc754043
SSDEEP

6144:2IP3hq3sRIAKwZidDT8hMiA8hQqErTXYi+l48ZIWVBw:2Is3sVKDdDTIA8mPXP+l48ZIWVB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbb768bce02032fa1e1e59bcf9b7621eb1365ff9c2db232ce9db08b853d7b965

Files

cbb768bce02032fa1e1e59bcf9b7621eb1365ff9c2db232ce9db08b853d7b965
.dll regsvr32 windows:4 windows x64 arch:x64

577a8cf840d618585954036d3b725a4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyA
RegOpenKeyW
RegQueryValueExA
RegQueryValueExW

comctl32

CreateStatusWindowW
ImageList_Destroy
ImageList_LoadImageW

gdi32

GetDeviceCaps

kernel32

ActivateActCtx
CloseHandle
CreateActCtxW
CreateFileW
CreateProcessW
DeactivateActCtx
DisableThreadLibraryCalls
EnumResourceNamesW
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
GetEnvironmentVariableW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetSystemDirectoryW
GetTickCount
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LoadLibraryW
LoadResource
MulDiv
MultiByteToWideChar
ReleaseActCtx
SizeofResource
WideCharToMultiByte
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteFile
lstrcmpW
lstrcmpiW

ntdll

_vsnprintf

ole32

CoCreateInstance
CoInitialize
CoMarshalInterface
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoUnmarshalInterface
CreateOleAdviseHolder
CreateStreamOnHGlobal
OleRegGetUserType
PropVariantClear
StgCreateStorageEx

oleaut32

LoadRegTypeLib
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantInit

shell32

SHGetFolderPathW
ShellAboutW
ShellExecuteExW

shlwapi

PathAppendW
PathCreateFromUrlW
PathFindExtensionW
PathIsURLW
SHRegCloseUSKey
SHRegEnumUSValueW
SHRegOpenUSKeyW
SHRegQueryUSValueW
ord167
UrlApplySchemeW

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
_assert
_strdup
_stricmp
_wcsnicmp
free
fwrite
getenv
memcmp
memcpy
memmove
strchr
strcmp
strcpy
strcspn
strlen
strrchr
toupper
wcschr
wcstol

urlmon

CoInternetParseUrl
CreateAsyncBindCtx
CreateURLMoniker
CreateURLMonikerEx2
ReleaseBindInfo

user32

CreatePopupMenu
CreateWindowExW
DdeCmpStringHandles
DdeCreateStringHandleW
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DdeNameService
DdeUninitialize
DefWindowProcW
DestroyIcon
DestroyWindow
DialogBoxParamW
DispatchMessageW
EnableWindow
EndDialog
GetClientRect
GetDC
GetDlgItem
GetMenuItemCount
GetMenuItemInfoW
GetMessageW
GetPropW
GetSubMenu
GetSystemMetrics
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
InsertMenuItemW
IsWindowVisible
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
PostMessageW
PostQuitMessage
RegisterClassExW
ReleaseDC
SendMessageW
SetFocus
SetMenu
SetPropW
SetWindowLongPtrW
SetWindowPos
ShowWindow
TranslateMessage
UnregisterClassW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IEGetWriteableHKCU
OpenURL
SetQueryNetSessionCount

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 464B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

577a8cf840d618585954036d3b725a4c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ntdll

ole32

oleaut32

shell32

shlwapi

ucrtbase

urlmon

user32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 167KB

.data Size: 4KB - Virtual size: 704B

.rodata Size: 4KB - Virtual size: 48B

.rdata Size: 92KB - Virtual size: 89KB

.pdata Size: 12KB - Virtual size: 10KB

.xdata Size: 12KB - Virtual size: 9KB

.bss Size: - Virtual size: 464B

.edata Size: 52KB - Virtual size: 50KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 136KB - Virtual size: 133KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 168KB - Virtual size: 167KB

.data
Size: 4KB - Virtual size: 704B

.rodata
Size: 4KB - Virtual size: 48B

.rdata
Size: 92KB - Virtual size: 89KB

.pdata
Size: 12KB - Virtual size: 10KB

.xdata
Size: 12KB - Virtual size: 9KB

.bss
Size: - Virtual size: 464B

.edata
Size: 52KB - Virtual size: 50KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 136KB - Virtual size: 133KB

.reloc
Size: 4KB - Virtual size: 3KB