0632397ac75eb2efae23c8476261ad56d69869e4549434672ff6dd7ba5a245de

Sharing

Copy URL Twitter E-mail

General

Target

0632397ac75eb2efae23c8476261ad56d69869e4549434672ff6dd7ba5a245de
Size

296KB
MD5

e67c082414d52eab776ea201c2b23f32
SHA1

6fd0797dd25a839e8d69bc46409a0b7ab7f9c34c
SHA256

0632397ac75eb2efae23c8476261ad56d69869e4549434672ff6dd7ba5a245de
SHA512

6b50f264db5fa53ed1b10259be3818b1adaeccfbe55680a8597cafca1a89fd12d884141b6841a382ce4364b2ef593081ad17b0b871fe7feb9b4c08e7fff2e597
SSDEEP

6144:ao10hHY3m72bo30shbgWCIZ+Hh5ihpOp1Uxei:akGHY2fhUQIH9O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0632397ac75eb2efae23c8476261ad56d69869e4549434672ff6dd7ba5a245de

Files

0632397ac75eb2efae23c8476261ad56d69869e4549434672ff6dd7ba5a245de
.dll regsvr32 windows:10 windows x86 arch:x86

164b3544a9e84efbb854d650748aa154

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msorcl32.pdb

Imports

msvcrt

fclose
ftell
strstr
isspace
_fdopen
_wsplitpath_s
_wmakepath_s
isdigit
atol
fseek
_open
fwrite
free
_tempnam
fread
_endthreadex
isxdigit
strchr
strcspn
strncmp
bsearch
_beginthreadex
_stricmp
strtoul
_ultoa_s
atoi
_HUGE
_gcvt
strtod
tolower
localeconv
atof
_XcptFilter
_amsg_exit
malloc
_initterm
_except_handler4_common
strrchr
floor
_ftol2_sse
isalnum
_strnicmp
isalpha
toupper
_vsnprintf
memcpy
memset

kernel32

ExpandEnvironmentStringsA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetLocalTime
GlobalUnlock
lstrcmpiA
GlobalLock
GlobalFree
GlobalAlloc
lstrcmpA
CreateEventA
FreeLibrary
GetProcAddress
ResetEvent
SetEvent
HeapDestroy
HeapAlloc
HeapCreate
GetTempPathA
LoadLibraryExW
DeleteCriticalSection
GetSystemInfo
DisableThreadLibraryCalls
CreateMutexA
InitializeCriticalSection
GetModuleFileNameW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
IsDBCSLeadByte
HeapReAlloc
CloseHandle
WaitForSingleObject
LoadLibraryExA
HeapFree
ReleaseMutex

user32

GetWindowRect
SetWindowPos
MapWindowPoints
MoveWindow
IsDlgButtonChecked
SetFocus
SendDlgItemMessageA
GetClientRect
GetDlgItem
CheckDlgButton
GetDesktopWindow
GetParent
EnableWindow
DispatchMessageA
CharUpperA
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
LoadStringW
MessageBoxA
LoadStringA
GetCursor
EndDialog
DialogBoxParamA
GetDlgItemTextA
SetWindowLongA
GetWindowLongA
SetWindowTextA
SetDlgItemTextA
SetCursor
MessageBoxW

ntdll

_vsnwprintf_s

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

ConfigDSN
DllMain
DllRegisterServer
DllUnregisterServer
LoadByOrdinal
SQLAllocConnect
SQLAllocEnv
SQLAllocStmt
SQLBindCol
SQLBindParameter
SQLBrowseConnect
SQLCancel
SQLColAttributes
SQLColumns
SQLConnect
SQLDescribeCol
SQLDescribeParam
SQLDisconnect
SQLDriverConnect
SQLError
SQLExecDirect
SQLExecute
SQLExtendedFetch
SQLFetch
SQLForeignKeys
SQLFreeConnect
SQLFreeEnv
SQLFreeStmt
SQLGetConnectOption
SQLGetCursorName
SQLGetData
SQLGetInfo
SQLGetStmtOption
SQLGetTypeInfo
SQLMoreResults
SQLNativeSql
SQLNumParams
SQLNumResultCols
SQLParamData
SQLPrepare
SQLPrimaryKeys
SQLProcedureColumns
SQLProcedures
SQLPutData
SQLRowCount
SQLSetConnectOption
SQLSetCursorName
SQLSetPos
SQLSetScrollOptions
SQLSetStmtOption
SQLSpecialColumns
SQLStatistics
SQLTables
SQLTransact

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

164b3544a9e84efbb854d650748aa154

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ntdll

advapi32

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 134KB

.data Size: 10KB - Virtual size: 14KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 134KB - Virtual size: 134KB

.data
Size: 10KB - Virtual size: 14KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB