3ca65512a28298f1d2ebf1c1e9910ae78dfa4f1e15d6c27b70c91392aeb52cb2

Sharing

Copy URL Twitter E-mail

General

Target

3ca65512a28298f1d2ebf1c1e9910ae78dfa4f1e15d6c27b70c91392aeb52cb2
Size

167KB
MD5

31dd08db598ab9dbb954b11ece55e676
SHA1

066cacc8c47c8f1e39c1f7b6358141d3d6163d78
SHA256

3ca65512a28298f1d2ebf1c1e9910ae78dfa4f1e15d6c27b70c91392aeb52cb2
SHA512

ee48237d7c5f6e9e942933bb3b16d67e606f0cd3ea5f00e13cec0112c22e2d8c115ae1e135a2d3ff973daba4eb66328a6c7f34e795368b5a1dc1a531fb521991
SSDEEP

1536:py7eou9lx6gD2P0buRpLeQ3OwL7I9HPxKsVtYZfUdq8q8eykJl71yHR:pyhw72P0CRpLeVw7Nn71yx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ca65512a28298f1d2ebf1c1e9910ae78dfa4f1e15d6c27b70c91392aeb52cb2

Files

3ca65512a28298f1d2ebf1c1e9910ae78dfa4f1e15d6c27b70c91392aeb52cb2
.dll .js regsvr32 windows:4 windows x86 arch:x86 polyglot

ec5b2fc0095782a35803058dc9152f58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
lstrcpynW
lstrcpyW
lstrcatW
GetLocalTime
Sleep
CreateFileA
GetTempPathA
FlushFileBuffers
WriteFile
DeleteFileA
DeviceIoControl
WideCharToMultiByte
GetCurrentProcessId
MultiByteToWideChar
GetModuleHandleA
GetCurrentProcess
DebugBreak
SetErrorMode
OpenEventA
ExitProcess
OutputDebugStringA
LoadLibraryA
GetWindowsDirectoryA
IsBadCodePtr
SetUnhandledExceptionFilter
RaiseException
LocalFree
lstrcmpiW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetShortPathNameW
lstrlenW
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
CreateThread
InitializeCriticalSection
DisableThreadLibraryCalls
CloseHandle
DeleteCriticalSection
HeapDestroy
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcAddress

user32

CharNextW
wsprintfA
SetWindowLongW
MessageBoxW
CharLowerW

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantClear
SysAllocStringLen
LoadRegTypeLi
SysStringLen
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr

msvcrt

_onexit
_stricmp
_adjust_fdiv
_initterm
_strlwr
__dllonexit
?terminate@@YAXXZ
_except_handler3
strrchr
abort
atoi
wcscpy
strncpy
strchr
strstr
_wcsicmp
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
__CxxFrameHandler
free
malloc
realloc
wcslen
wcsstr
_wcslwr
sprintf

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile
HttpQueryInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpxCompress_a
UpxDecompress_a

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j9ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j8ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j7ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j6ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j5ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j4ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j3ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j2ata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j1ata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec5b2fc0095782a35803058dc9152f58

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

wininet

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

j9ata Size: 512B - Virtual size: 512B

j8ata Size: 512B - Virtual size: 512B

j7ata Size: 512B - Virtual size: 512B

j6ata Size: 512B - Virtual size: 512B

j5ata Size: 512B - Virtual size: 512B

j4ata Size: 512B - Virtual size: 512B

j3ata Size: 512B - Virtual size: 512B

j2ata Size: 512B - Virtual size: 512B

j1ata Size: 13KB - Virtual size: 13KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 140KB - Virtual size: 139KB

j9ata
Size: 512B - Virtual size: 512B

j8ata
Size: 512B - Virtual size: 512B

j7ata
Size: 512B - Virtual size: 512B

j6ata
Size: 512B - Virtual size: 512B

j5ata
Size: 512B - Virtual size: 512B

j4ata
Size: 512B - Virtual size: 512B

j3ata
Size: 512B - Virtual size: 512B

j2ata
Size: 512B - Virtual size: 512B

j1ata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB