77120cd819c7408d38d0fa99dcae0dca82bf6b506ec0e435857f160707672de4

Sharing

Copy URL Twitter E-mail

General

Target

77120cd819c7408d38d0fa99dcae0dca82bf6b506ec0e435857f160707672de4
Size

233KB
MD5

2a238ee5d92d0572c4d65284b3bfd643
SHA1

3f1a55cca656cf52344a8785ed7034bc419734a4
SHA256

77120cd819c7408d38d0fa99dcae0dca82bf6b506ec0e435857f160707672de4
SHA512

d681d1fe00bd02bc37c54eca40a62103ed34494f4e0acf03b0b871388a673a6cc60811859486396c8fd2dc528e50548c2fcdf6633c3782782e83cc02185cdb7e
SSDEEP

6144:xAhw85cgrrdSV1U773PfeUVS8hbQzX4DT3OKNz:x+nVhSV1U33P2UVbBAWz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77120cd819c7408d38d0fa99dcae0dca82bf6b506ec0e435857f160707672de4

Files

77120cd819c7408d38d0fa99dcae0dca82bf6b506ec0e435857f160707672de4
.dll regsvr32 windows:5 windows x86 arch:x86

483d40359f0235b62e35a1791e343595

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\code\git\pluginstall\pdb\IEPlugin.pdb

Imports

kernel32

CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
InitializeCriticalSection
DeleteCriticalSection
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetLastError
ResumeThread
CreateProcessW
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
SuspendThread
GetCurrentThread
SetLastError
GetModuleHandleW
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetTickCount
IsBadReadPtr
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
DeviceIoControl
Sleep
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
WaitForSingleObject
MoveFileExW
SetThreadPriority
CreateThread
SetThreadLocale
GetThreadLocale
ResetEvent
CreateEventW
GetModuleFileNameA
OutputDebugStringA
FormatMessageA
lstrlenA
WideCharToMultiByte
GetTempPathW
CompareStringW
FlushFileBuffers
WriteConsoleW
GetProcAddress
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
FreeLibrary
SizeofResource
SetStdHandle
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
GetTimeZoneInformation
HeapCreate
GetStdHandle
GetStringTypeW
ExitProcess
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

wsprintfW
CharNextW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

LoadTypeLi
VariantChangeType
VariantClear
SysFreeString
VarUI4FromStr
SysStringLen
LoadRegTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VariantInit

shlwapi

PathAppendW
PathMatchSpecW
PathRemoveFileSpecW
PathFileExistsW
StrStrIW

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetCreateUrlW
InternetCrackUrlW

ws2_32

ntohs
WSAStartup
WSAGetLastError
getpeername

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpenRequest

imagehlp

CheckSumMappedFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

483d40359f0235b62e35a1791e343595

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

ws2_32

winhttp

imagehlp

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 15KB - Virtual size: 14KB