b226a21422d7cb916df7fd8792a681391a9b8354c75d500d14a5021bf78e2c0e

Sharing

Copy URL Twitter E-mail

General

Target

b226a21422d7cb916df7fd8792a681391a9b8354c75d500d14a5021bf78e2c0e
Size

199KB
MD5

043bfb7b023e19f31a33ac75d4cedde8
SHA1

9f42a14c90a1de4587309a5cb7e64840e7123642
SHA256

b226a21422d7cb916df7fd8792a681391a9b8354c75d500d14a5021bf78e2c0e
SHA512

8bcd7708b7ce58648c4d0441e7e67f2a278f87baec5098280820fc2cfb91b5b5d0f2db801f0c4c71c284b253ac00f27e609977081e73a7b9de2dcb5a090ba6df
SSDEEP

3072:y/hC0zADczBHbEGpdPyojU+7addKlB9RLRbScCXvVLuYCmoSkihprDMqI0XBJb7H:yA0zUoB7EGnDDN9rgpKihpr5byOMJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b226a21422d7cb916df7fd8792a681391a9b8354c75d500d14a5021bf78e2c0e

Files

b226a21422d7cb916df7fd8792a681391a9b8354c75d500d14a5021bf78e2c0e
.dll windows:10 windows x86 arch:x86

5543dcf5bfb0f370eda8dff1259e38fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olesvr32.pdb

Imports

msvcrt

_resetstkoflw
_vsnwprintf
??3@YAXPAX@Z
_purecall
_errno
wcsncmp
memcpy
memcmp
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
lstrcmpA
GetCurrentThreadId
VirtualQuery
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
IsDebuggerPresent
IsWow64Process
DebugBreak
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceComplete
GetCurrentThread
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
lstrcmpiA
GlobalSize
GlobalGetAtomNameA
GlobalUnlock
GlobalFindAtomA
GlobalLock
GlobalFree
GlobalAlloc
GlobalAddAtomA
Sleep
GetLastError
FormatMessageW
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GlobalDeleteAtom
LocalUnlock
LocalFree
LocalAlloc
LocalLock
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError

advapi32

SetThreadToken
RegOpenKeyExA
EventUnregister
OpenThreadToken
OpenProcessToken
RegOpenUserClassesRoot
EventSetInformation
EventRegister
RegQueryValueExA
EventWriteTransfer
RegCloseKey

user32

GetParent
GetWindowLongA
SetTimer
PostMessageA
UnpackDDElParam
PackDDElParam
SendMessageA
CreateWindowExA
DefWindowProcA
EnumPropsA
SetWindowLongA
IsWindow
RegisterClassA
RegisterClipboardFormatA
GetWindowThreadProcessId
SetPropA
GetClassNameA
KillTimer
GetDesktopWindow
RemovePropA
GetPropA
SetWindowWord
EnumChildWindows
FreeDDElParam
DestroyWindow
GetWindow

gdi32

CopyMetaFileA
CreateBitmap
GetBitmapBits
DeleteEnhMetaFile
DeleteObject
DeleteMetaFile
GetObjectA
SetBitmapBits
CopyEnhMetaFileA

ntdll

EtwEventWriteTransfer
EtwTraceMessage

Exports

Exports

DeleteClientInfo
DocWndProc
EnumForTerminate
FindItemWnd
ItemCallBack
ItemWndProc
OleBlockServer
OleQueryServerVersion
OleRegisterServer
OleRegisterServerDoc
OleRenameServerDoc
OleRevertServerDoc
OleRevokeObject
OleRevokeServer
OleRevokeServerDoc
OleSavedServerDoc
OleUnblockServer
SendDataMsg
SendRenameMsg
SrvrWndProc
TerminateClients
TerminateDocClients
WEP

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5543dcf5bfb0f370eda8dff1259e38fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 49KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 143KB - Virtual size: 142KB

.text
Size: 49KB - Virtual size: 49KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 143KB - Virtual size: 142KB