98c613cd3d67402a04c850f4460af7f1e1fbd9ef5e1fa2b3e28104b87aabcea8

Sharing

Copy URL Twitter E-mail

General

Target

98c613cd3d67402a04c850f4460af7f1e1fbd9ef5e1fa2b3e28104b87aabcea8
Size

5.8MB
MD5

76830711c49cbbb6f008c5f159a038d9
SHA1

7d46b19cbf22a9087ff6c7e41e9ec00bd59b3f40
SHA256

98c613cd3d67402a04c850f4460af7f1e1fbd9ef5e1fa2b3e28104b87aabcea8
SHA512

04211e989d6078f5b2693908355b2bbdbc6dc2d6cada804f8a45c8c25fb537b6854fd3aaa70a45cc5d8a759739d643bae95cd05166a04296d8db5448dbaa1d1f
SSDEEP

98304:cYuxaP4Hn8SWF52HCYMCW25ZtpkVIE7xJLptHtb00SGOx:721DMoHqITBYFUGA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98c613cd3d67402a04c850f4460af7f1e1fbd9ef5e1fa2b3e28104b87aabcea8

Files

98c613cd3d67402a04c850f4460af7f1e1fbd9ef5e1fa2b3e28104b87aabcea8
.dll regsvr32 windows:6 windows x64 arch:x64

81757c801661b3ad88231fe406c38cf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetAsyncKeyState
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptAcquireContextA

ole32

CoCreateInstance

oleaut32

SystemTimeToVariantTime

shlwapi

SHCreateStreamOnFileEx

setupapi

CM_Get_Device_IDA

winmm

mciSendStringW

wtsapi32

WTSSendMessageW

Exports

Exports

DllInstall
DllRegisterServer

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: - Virtual size: 12B

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.goog0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.goog1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 411B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81757c801661b3ad88231fe406c38cf2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

setupapi

winmm

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 139KB

.data Size: - Virtual size: 16KB

.pdata Size: - Virtual size: 22KB

.00cfg Size: - Virtual size: 56B

.retplne Size: - Virtual size: 12B

.tls Size: - Virtual size: 9B

_RDATA Size: - Virtual size: 348B

.goog0 Size: - Virtual size: 3.3MB

.goog1 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 512B - Virtual size: 208B

.rsrc Size: 512B - Virtual size: 411B

.text
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 139KB

.data
Size: - Virtual size: 16KB

.pdata
Size: - Virtual size: 22KB

.00cfg
Size: - Virtual size: 56B

.retplne
Size: - Virtual size: 12B

.tls
Size: - Virtual size: 9B

_RDATA
Size: - Virtual size: 348B

.goog0
Size: - Virtual size: 3.3MB

.goog1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 512B - Virtual size: 208B

.rsrc
Size: 512B - Virtual size: 411B