9d68a544627e4fe4a0271012436f97439b7df125456b114a99401389e670cfd3

Sharing

Copy URL Twitter E-mail

General

Target

9d68a544627e4fe4a0271012436f97439b7df125456b114a99401389e670cfd3
Size

716KB
MD5

77b5a309d042dbf8501f711d73a36059
SHA1

89d3d6d91e68b8dfff3ee7f6b2bea413a1a2d0c4
SHA256

9d68a544627e4fe4a0271012436f97439b7df125456b114a99401389e670cfd3
SHA512

68f3aa365f084168640968ac11308a75bf2edcbfc83f970d9355189fe5421f21bff9aac5656f1ce1d25aa7f79a10c5ef9435231621a5c0c048c7003c2c259be8
SSDEEP

12288:zKJDm3Z9gD3nW0gyYKtlbjaZqp+MS9wD0est6P:z4UZ9s3nW0pDTHD0MP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d68a544627e4fe4a0271012436f97439b7df125456b114a99401389e670cfd3

Files

9d68a544627e4fe4a0271012436f97439b7df125456b114a99401389e670cfd3
.dll regsvr32 windows:4 windows x86 arch:x86

9e16ddb82c3d26926e31cfbcf04474b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
GetProcessVersion
DuplicateHandle
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetCPInfo
GetOEMCP
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
ExitProcess
TerminateProcess
ExitThread
RaiseException
HeapSize
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FatalAppExitA
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetPrivateProfileIntA
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
TerminateThread
GlobalFlags
MulDiv
SetLastError
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
LocalAlloc
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
GlobalAlloc
GlobalDeleteAtom
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
QueryDosDeviceW
GetLogicalDrives
GetDriveTypeW
WaitForMultipleObjects
ResetEvent
PulseEvent
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
InterlockedExchange
SleepEx
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
MoveFileExW
CopyFileW
CreateDirectoryW
CreateDirectoryA
MoveFileW
GetFileAttributesW
GetEnvironmentVariableW
GetTempPathW
GetTempPathA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetModuleHandleW
AllocConsole
WriteConsoleA
FreeConsole
FormatMessageW
FindResourceExA
OutputDebugStringW
GetCurrentThread
FormatMessageA
lstrcpynW
QueryDosDeviceA
GlobalLock
GlobalUnlock
lstrcatA
lstrcpyA
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetShortPathNameA
lstrlenW
GetExitCodeThread
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
lstrlenA
GetProfileStringA
OpenMutexA
OpenMutexW
OpenEventW
SetEvent
CreateProcessA
SetFilePointer
GetFileAttributesExW
ReadFile
MoveFileExA
GetTickCount
MoveFileA
CopyFileA
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
DeleteFileW
GetFileAttributesA
SetFileAttributesA
lstrcmpA
RemoveDirectoryA
DeleteFileA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetFileInformationByHandle
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
OpenEventA
Sleep
CreateFileW
LoadLibraryA
OutputDebugStringA
CreateFileA
GetLastError
DeviceIoControl
CloseHandle
GetDriveTypeA
FreeLibrary
LoadLibraryW
GetProcAddress
GetLocaleInfoW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
GetEnvironmentStringsW
GetSystemDirectoryA

user32

BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetClientRect
ShowWindow
SetWindowPos
MoveWindow
SetActiveWindow
GetWindowTextLengthA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GrayStringA
DrawTextA
TabbedTextOutA
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
GetMenuItemCount
wsprintfA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
DeferWindowPos
EqualRect
AdjustWindowRectEx
SetFocus
IsWindow
UnregisterClassA
UnhookWindowsHookEx
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
MessageBoxA
MessageBoxW
EnumDesktopWindows
GetSysColor
MapWindowPoints
UpdateWindow
DestroyMenu
CharUpperA
GetSysColorBrush
LoadCursorA
SetWindowLongA
LoadIconA
GetWindowThreadProcessId
GetWindowLongA
GetParent
IsWindowVisible
LoadStringA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
CheckMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostMessageA
PostQuitMessage
OemToCharA
CharToOemA
InsertMenuA
InsertMenuW
SetMenuItemBitmaps
EnableMenuItem
CreatePopupMenu
InsertMenuItemW
CharNextA
LoadBitmapA
GetWindowTextW
GetWindowTextA
MsgWaitForMultipleObjects
GetDesktopWindow
EnumChildWindows
EnumWindows
EndPaint

gdi32

PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
PolyDraw
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
SetColorAdjustment
GetDCOrgEx
GetObjectA
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
Escape
PolylineTo
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
CreatePen
DeleteObject
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

LookupAccountSidW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegCreateKeyExW
RegCreateKeyW
RegOpenKeyW
RegEnumKeyA
RegSetValueExW
RegQueryValueExW
RegConnectRegistryA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

shell32

DragAcceptFiles
DragQueryFileA
DragQueryFileW
SHGetFileInfoA

comctl32

ord17

ole32

CoTaskMemRealloc
CoCreateInstance
ReleaseStgMedium
CoDisconnectObject
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
SysReAllocStringLen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e16ddb82c3d26926e31cfbcf04474b5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 499KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 88KB - Virtual size: 120KB

.rsrc Size: 40KB - Virtual size: 37KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 500KB - Virtual size: 499KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 88KB - Virtual size: 120KB

.rsrc
Size: 40KB - Virtual size: 37KB

.reloc
Size: 36KB - Virtual size: 35KB