2d6b6eed04d95b213c158a5edd4fdca0d63a994428ac2a3cada219b110a54736

Sharing

Copy URL Twitter E-mail

General

Target

2d6b6eed04d95b213c158a5edd4fdca0d63a994428ac2a3cada219b110a54736
Size

144KB
MD5

1bbbab4c0e88e3c3a0f4d1207c5e5685
SHA1

936b177467bd120ac987250a0e8392c5401c6cc9
SHA256

2d6b6eed04d95b213c158a5edd4fdca0d63a994428ac2a3cada219b110a54736
SHA512

b37290c58bcaa389c8d8601631af5eb9c655bc9ae7a6ed0a876803b6e207bafec6cf134db6254a9b7ad05400ebd743d17f1ada9ff8a14f09cb57ce9979a05d61
SSDEEP

3072:fJ803GesSnkmKRWbvh4wlThx2T9jOSllHFcnF9/XV01vWM:fJ7Ges2kmXbWUhx29Zcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d6b6eed04d95b213c158a5edd4fdca0d63a994428ac2a3cada219b110a54736

Files

2d6b6eed04d95b213c158a5edd4fdca0d63a994428ac2a3cada219b110a54736
.dll regsvr32 windows:4 windows x86 arch:x86

33ddc9cea6cffd1730a8b31d4aaf8948

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetFileAttributesA
GetWindowsDirectoryA
GetVersion
GetModuleFileNameA
CreateDirectoryA
MultiByteToWideChar
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
CloseHandle
FreeLibrary
InterlockedIncrement
GetShortPathNameA
CreateProcessA
lstrcpyA
OpenFile
CopyFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
OutputDebugStringA
DebugBreak
lstrlenA
WideCharToMultiByte
InterlockedDecrement
lstrlenW
OpenProcess
GetLastError
LocalFree
RtlUnwind
GetCommandLineA
RaiseException
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapAlloc
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
ExitProcess
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA

user32

wsprintfA
CharNextA
wvsprintfA
LoadStringA

advapi32

OpenProcessToken
ImpersonateLoggedOnUser
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RevertToSelf

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
StringFromCLSID
CoCreateInstance
OleRun

oleaut32

GetErrorInfo
SysStringLen
LoadRegTypeLi
SysAllocStringLen
VariantInit
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
SysFreeString

shlwapi

StrStrIA

atl

ord23
ord21
ord16
ord15
ord18
ord58
ord57
ord30
ord32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33ddc9cea6cffd1730a8b31d4aaf8948

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

atl

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 7KB