48fc2a8d1307b18c03c55295dfe37edaefac1491ac3a27d983d8329fc73f1158

Sharing

Copy URL

Twitter E-mail

General

Target

48fc2a8d1307b18c03c55295dfe37edaefac1491ac3a27d983d8329fc73f1158
Size

844KB
MD5

ce2102d9c80fee541ea5b8107f7d7dad
SHA1

bc1c788cc0e0b320c210d00281d0c6ce673d0407
SHA256

48fc2a8d1307b18c03c55295dfe37edaefac1491ac3a27d983d8329fc73f1158
SHA512

c40b27dcbe4a508b576125d18c96974da4bb1760416329db965e77f39a642e892624a42b575cf6a8f216979ca791a6ec79e9f93c445efb637e541409dbe30f18
SSDEEP

12288:f9UXLwNVOMnIj8wCIEQjVxzSpF+YGTZYqH/UujArX0D9kPwm0Wpxe5a:f9iXVxzwaTOm/UNrXU9kPJ0Sxw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48fc2a8d1307b18c03c55295dfe37edaefac1491ac3a27d983d8329fc73f1158

Files

48fc2a8d1307b18c03c55295dfe37edaefac1491ac3a27d983d8329fc73f1158
.dll regsvr32 windows:4 windows x86 arch:x86

c9e6f99d23399e33043f7cf234d5b0ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDefaultLangID
GetUserDefaultLangID
FreeLibrary
GetVersion
DisableThreadLibraryCalls
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
HeapDestroy
lstrlenW
GetShortPathNameA
lstrcpyA
lstrcatA
WideCharToMultiByte
BackupWrite
GetPrivateProfileStringA
GlobalUnlock
GlobalLock
SetEndOfFile
GetExitCodeThread
WaitForMultipleObjects
ResetEvent
PulseEvent
SetEvent
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
SleepEx
WaitForSingleObject
BackupRead
BackupSeek
MultiByteToWideChar
MulDiv
GetExitCodeProcess
GetProcessTimes
FileTimeToSystemTime
CopyFileW
GetDiskFreeSpaceExW
GetFileTime
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
CreateProcessW
WriteFile
GetFileSize
GetComputerNameA
GetComputerNameW
FlushFileBuffers
GetFileAttributesW
CreateDirectoryW
CreateDirectoryA
GetFileAttributesExA
GetFileAttributesExW
GetVolumeInformationW
QueryDosDeviceA
DeviceIoControl
ReadFile
GetTickCount
Sleep
MoveFileA
CopyFileA
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
DeleteFileW
MoveFileExW
GetFileAttributesA
SetFileAttributesA
lstrcmpA
RemoveDirectoryA
DeleteFileA
MoveFileExA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LocalFree
OpenProcess
GetLastError
GetCurrentProcess
CreateThread
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleW
CreateFileA
GetFileInformationByHandle
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
LoadLibraryA
GetProcAddress
CreateFileW
CloseHandle
GetDriveTypeW
QueryDosDeviceW
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentDirectoryA
GetProfileStringA
LocalAlloc
DefineDosDeviceA
GetDiskFreeSpaceExA
SetVolumeLabelA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeA
AllocConsole
WriteConsoleA
FreeConsole
OutputDebugStringW
QueryPerformanceCounter
VirtualQueryEx
InterlockedExchangeAdd
InterlockedExchange
FormatMessageA
LoadResource
FindResourceExA
GetACP
FormatMessageW
GetVersionExA
FileTimeToLocalFileTime
LoadLibraryW
ExpandEnvironmentStringsA
SetLastError
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
MoveFileW
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
GetCommandLineA
ExitProcess
FatalAppExitA
GetCPInfo
GetOEMCP
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
TerminateProcess
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
UnhandledExceptionFilter
SetFilePointer
VirtualAlloc
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SuspendThread
ResumeThread
TerminateThread
SetPriorityClass
GetPriorityClass
SetThreadPriority
GetThreadPriority
ReadProcessMemory
CreateProcessA
InterlockedCompareExchange

user32

OpenDesktopA
GetUserObjectInformationA
GetProcessWindowStation
FindWindowExA
wsprintfA
GetSystemMetrics
GetUserObjectInformationW
GetThreadDesktop
SetThreadDesktop
CloseDesktop
OpenInputDesktop
CharNextA
CreateWindowExA
GetClientRect
SendMessageA
AttachThreadInput
ShowWindow
MsgWaitForMultipleObjects
SetForegroundWindow
GetWindowTextW
GetWindowTextA
GetDesktopWindow
EnumChildWindows
EnumWindows
GetParent
GetWindowLongA
IsWindowVisible
EnumDesktopWindows
SendMessageTimeoutA
MessageBoxW
MessageBoxA
OpenWindowStationA
SetWindowPos
SetProcessWindowStation
CloseWindowStation
GetForegroundWindow
GetClassNameW
GetWindowThreadProcessId

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
CreateFontIndirectW
GetDeviceCaps
GetObjectW
GetStockObject
BitBlt
GetBitmapBits
DeleteObject
CreateDCA
DeleteDC

advapi32

RegSetValueExW
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceStatus
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
LockServiceDatabase
CreateServiceA
CloseServiceHandle
UnlockServiceDatabase
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExA
RegDeleteValueA
GetAclInformation
GetLengthSid
InitializeAcl
AddAce
GetAce
AddAccessAllowedAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
GetFileSecurityW
SetFileSecurityW
GetFileSecurityA
AllocateAndInitializeSid
EqualSid
FreeSid
SetFileSecurityA
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupAccountSidW
RegSetKeySecurity
RegCreateKeyW
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegConnectRegistryA
RegCreateKeyExA
RegEnumKeyA
EnumServicesStatusA

shell32

DragQueryFileW
DragQueryFileA
SHGetSpecialFolderPathA

ole32

ReleaseStgMedium
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

DosDateTimeToVariantTime
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
SystemTimeToVariantTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetRightClickFilePath

Sections

.text
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9e6f99d23399e33043f7cf234d5b0ac

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 628KB - Virtual size: 626KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 88KB - Virtual size: 130KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 628KB - Virtual size: 626KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 88KB - Virtual size: 130KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 44KB - Virtual size: 43KB