c846d8a95b7fff626e4822150422ad67655b9b7235285bced630fa387d15284f

Sharing

Copy URL Twitter E-mail

General

Target

c846d8a95b7fff626e4822150422ad67655b9b7235285bced630fa387d15284f
Size

394KB
MD5

482f8bc77825a6b210962d395e975758
SHA1

a30de81c8e366a10070bea3ffdd0ebab0ba9ef3d
SHA256

c846d8a95b7fff626e4822150422ad67655b9b7235285bced630fa387d15284f
SHA512

2bf044fa310538a989ac1bd4a04001b335d86d292f099551ddd161fa5efe4add88f99e66185f686687008d1a16bde0ccf70ee24fd50aae845b2ebe03b9209a44
SSDEEP

3072:eTFNI1v4gqp6Y6mseu6axwesHmLXkrZTQLIPBYcEfElQxbnN/3GWSnS:sFNo4gqoYDgqGOZTNPacZUbN/3GWSnS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c846d8a95b7fff626e4822150422ad67655b9b7235285bced630fa387d15284f

Files

c846d8a95b7fff626e4822150422ad67655b9b7235285bced630fa387d15284f
.dll regsvr32 windows:4 windows x64 arch:x64

f38a6b900380667ae80565ff057f0285

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
StartServiceW

kernel32

DisableThreadLibraryCalls
EnumResourceNamesW
FindResourceW
GetComputerNameW
GetEnvironmentVariableW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetTickCount
GetTickCount64
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LoadLibraryW
LoadResource
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RtlUnwind
SizeofResource
Sleep
lstrcmpW

ntdll

_vsnprintf

ole32

CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VariantClear

rpcrt4

NdrClientInitializeNew
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrConvert
NdrFreeBuffer
NdrGetBuffer
NdrPointerBufferSize
NdrPointerMarshall
NdrPointerUnmarshall
NdrSendReceive
NdrSimpleStructMarshall
NdrSimpleStructUnmarshall
RpcBindingFromStringBindingW
RpcRaiseException
RpcStringBindingComposeW
RpcStringFreeW

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
_strdup
_wcsdup
_wcsicmp
calloc
free
fwrite
getenv
malloc
memcmp
memcpy
memmove
strchr
strcmp
strcspn
strlen
wcsrchr
wcstol

xmllite

CreateXmlReader

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f38a6b900380667ae80565ff057f0285

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

ole32

oleaut32

rpcrt4

ucrtbase

xmllite

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.data Size: 4KB - Virtual size: 704B

.rodata Size: 4KB - Virtual size: 56B

.rdata Size: 36KB - Virtual size: 33KB

/4 Size: 4KB - Virtual size: 48B

.pdata Size: 8KB - Virtual size: 4KB

.xdata Size: 8KB - Virtual size: 5KB

.edata Size: 4KB - Virtual size: 200B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 104KB - Virtual size: 101KB

.data
Size: 4KB - Virtual size: 704B

.rodata
Size: 4KB - Virtual size: 56B

.rdata
Size: 36KB - Virtual size: 33KB

/4
Size: 4KB - Virtual size: 48B

.pdata
Size: 8KB - Virtual size: 4KB

.xdata
Size: 8KB - Virtual size: 5KB

.edata
Size: 4KB - Virtual size: 200B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 1KB