378e0fe85a1db442a8287e8a1f4fa464108026844a18a03e94ce4bd2b1033ecf

Sharing

Copy URL Twitter E-mail

General

Target

378e0fe85a1db442a8287e8a1f4fa464108026844a18a03e94ce4bd2b1033ecf
Size

1.7MB
MD5

143544c6933adb4f26c603616c480a7d
SHA1

fcfb6e14a203de6a6ce199a1d675c73885f92c32
SHA256

378e0fe85a1db442a8287e8a1f4fa464108026844a18a03e94ce4bd2b1033ecf
SHA512

e303f31e45a30c19b5b988edffe12f90d920c902bc85e36f5c30e1a69cc251866db1a55a727bbbe94e37132dd5c1c3ad8b95b7b5671f7db485506302842e549b
SSDEEP

24576:CmiX5RYgJdW3SdjZNnnbZx9BwmRAIbUiV84/snB0xwy:XQRYgJdW0n0mRfUS84/mswy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
378e0fe85a1db442a8287e8a1f4fa464108026844a18a03e94ce4bd2b1033ecf

Files

378e0fe85a1db442a8287e8a1f4fa464108026844a18a03e94ce4bd2b1033ecf
.dll regsvr32 windows:4 windows x86 arch:x86

3da5497f4df1e6da27391991881c314b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetMalloc
DragAcceptFiles
SHGetSpecialFolderPathA
ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify
SHGetFileInfoA
CommandLineToArgvW
DragQueryFileA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamOpen
acmDriverAddA
acmDriverDetailsA
acmDriverID
acmStreamClose
acmStreamConvert

kernel32

SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventA
VirtualProtect
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileTime
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
HeapAlloc
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
IsBadReadPtr
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
GetFileType
ExitThread
CreateThread
SetStdHandle
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetStartupInfoA
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
MoveFileA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
MulDiv
GlobalSize
FormatMessageA
lstrcpynA
LocalFree
FreeResource
SetFilePointer
SetEndOfFile
GetCommandLineA
GetLogicalDrives
GetDriveTypeA
CreateSemaphoreA
CreateFileA
GetDateFormatA
GetTimeFormatA
GetNumberFormatA
GetTempPathA
CreateDirectoryA
lstrcpyA
SetFileAttributesA
RemoveDirectoryA
Sleep
SetCurrentDirectoryA
InterlockedDecrement
GetCurrentProcess
SetProcessAffinityMask
GetTickCount
ReleaseSemaphore
GetCurrentThreadId
OpenSemaphoreA
WaitForSingleObject
FlushViewOfFile
UnmapViewOfFile
CloseHandle
OpenFileMappingA
MapViewOfFile
GetModuleFileNameA
ExpandEnvironmentStringsA
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesA
FindFirstFileA
CompareFileTime
FindNextFileA
FindClose
CopyFileA
DeleteFileA
LoadLibraryA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeLibrary
CompareStringW
CompareStringA
OutputDebugStringA
GetModuleFileNameW
SetLastError
LoadLibraryW
lstrlenA
lstrlenW
lstrcmpiA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetFileInformationByHandle
PeekNamedPipe
FindResourceExA

user32

PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
SetCursor
PostQuitMessage
MapDialogRect
GetAsyncKeyState
IsClipboardFormatAvailable
GetMessageA
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
GetMenuCheckMarkDimensions
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsChild
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
CallWindowProcA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
PtInRect
wsprintfA
GetWindowTextLengthA
GetWindowTextA
GetMenuState
GetMenuItemID
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
GetDlgItem
CharUpperA
UnregisterClassA
EnableWindow
AppendMenuA
SendMessageA
InsertMenuItemA
CreatePopupMenu
GetMenuStringA
GetMenuItemInfoA
GetMenuItemCount
DestroyMenu
GetSubMenu
IsWindowEnabled
GetNextDlgTabItem
EndDialog
IsWindowVisible
DestroyIcon
GetParent
OffsetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindow
FlashWindow
RemoveMenu
MapWindowPoints
InflateRect
GetClassInfoA
SetFocus
GetWindowLongA
SetWindowLongA
ShowWindow
LoadBitmapA
SetCapture
ReleaseCapture
CreateMenu
CreateWindowExA
RegisterClassA
GetCursorPos
GetKeyState
TrackPopupMenu
InsertMenuA
MoveWindow
GetCapture
DestroyWindow
ScreenToClient
GetSysColor
GetIconInfo
GetSysColorBrush
GetMenu
LoadMenuA
UpdateWindow
InvalidateRect
CopyRect
GetWindowRect
FindWindowA
IsWindow
PostMessageA
RegisterClipboardFormatA
IsIconic
GetLastActivePopup
SetForegroundWindow
DispatchMessageA
TranslateMessage
PeekMessageA
LoadCursorA
LoadIconA
DefWindowProcA
MessageBoxA
GetClassNameA
EnumChildWindows
EnumWindows
CheckMenuItem
ClientToScreen
GetClientRect
DrawEdge
GetDC
ReleaseDC

gdi32

GetBkColor
GetTextColor
GetRgnBox
GetMapMode
EnumFontFamiliesExA
SetBkMode
RestoreDC
SaveDC
ExtTextOutA
GetStockObject
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CopyMetaFileA
GetDeviceCaps
CreatePen
DeleteObject
GetPixel
GetObjectA
CreateSolidBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
SetMapMode

comdlg32

GetOpenFileNameA
ChooseColorA
GetFileTitleA
GetSaveFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey

comctl32

ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_Create

shlwapi

PathRemoveExtensionA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

CoTaskMemFree
CreateILockBytesOnHGlobal
RevokeDragDrop
CoCreateInstance
OleRun
IIDFromString
OleInitialize
CoInitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
OleGetClipboard
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
DoDragDrop
OleUninitialize
CoGetClassObject
RegisterDragDrop

oleaut32

SysAllocStringLen
VariantCopy
VariantInit
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
GetErrorInfo
VariantChangeType
SysStringLen
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString

wininet

InternetCanonicalizeUrlA

ws2_32

ntohl
ntohs

Exports

Exports

?DoSendTo@@YAXPAD0@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
winampGetMediaLibraryPlugin

Sections

.text
Size: 823KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3da5497f4df1e6da27391991881c314b

Headers

File Characteristics

Imports

shell32

version

msacm32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

ws2_32

Exports

Exports

Sections

.text Size: 823KB - Virtual size: 823KB

.rdata Size: 216KB - Virtual size: 216KB

.data Size: 100KB - Virtual size: 2.1MB

.rsrc Size: 467KB - Virtual size: 466KB

.reloc Size: 107KB - Virtual size: 106KB

.text
Size: 823KB - Virtual size: 823KB

.rdata
Size: 216KB - Virtual size: 216KB

.data
Size: 100KB - Virtual size: 2.1MB

.rsrc
Size: 467KB - Virtual size: 466KB

.reloc
Size: 107KB - Virtual size: 106KB