2819d8905b375ad6037ebce3de76f1c71a2cd22286c8d6d0f95a5443d6bfd2d7

Sharing

Copy URL Twitter E-mail

General

Target

2819d8905b375ad6037ebce3de76f1c71a2cd22286c8d6d0f95a5443d6bfd2d7
Size

303KB
MD5

21bf79226f956af883dda284e597aecb
SHA1

ec6e323b188348fadfe838138538654d9ce339ed
SHA256

2819d8905b375ad6037ebce3de76f1c71a2cd22286c8d6d0f95a5443d6bfd2d7
SHA512

7a335b4b5a1475e592a3966895eacffacc5fe6497bd2cd931868df5f33e7c2d9edd4352a86685077d4f6cf9e5e03f94cb7292908e36031985132956efdc6c591
SSDEEP

6144:ltT5oVpGOZc6FR6GRf4yMGLZswFEJisabqp7/giPXmli9HW2c+:j5yln6qQyfLZJEnACYsXmle2W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2819d8905b375ad6037ebce3de76f1c71a2cd22286c8d6d0f95a5443d6bfd2d7

Files

2819d8905b375ad6037ebce3de76f1c71a2cd22286c8d6d0f95a5443d6bfd2d7
.dll regsvr32 windows:5 windows x86 arch:x86

523e3bd38fcf5e50761253359df883ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AcroRdIF.pdb

Imports

kernel32

WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
GetCurrentDirectoryA
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
WaitForSingleObject
SetEvent
CreateEventW
SwitchToThread
ResumeThread
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
GetVersion
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
GetVersionExW
GetSystemDefaultLCID
GetCurrentThread
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
SizeofResource
LoadResource
FindResourceW
LocalFree
IsProcessInJob
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetCurrentThreadId
OutputDebugStringW
FreeLibrary
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTickCount
GetVolumeInformationW
lstrlenW
CreateFileW
SetNamedPipeHandleState
WriteFile
ReadFile
Sleep
OpenMutexW
CloseHandle
TlsFree
GetLastError
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer

user32

CharNextW

advapi32

GetTokenInformation
EqualSid
CreateRestrictedToken
SetThreadToken
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
ImpersonateSelf
OpenThreadToken
IsTokenRestricted
RevertToSelf
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateWellKnownSid

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
SysAllocStringLen
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
SysFreeString

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
__clean_type_info_names_internal
_crt_debugger_hook
memset
??_V@YAXPAX@Z
??3@YAXPAX@Z
wcslen
wcsrchr
_snwprintf_s
malloc
realloc
free
_CxxThrowException
wcscat_s
wcscpy_s
wcscmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__CxxFrameHandler3
strcpy_s
_beginthreadex
memcmp
wcsncpy_s
_wcsicmp
wcsstr
memcpy
memmove
memcpy_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_recalloc
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e

rpcrt4

CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
IUnknown_QueryInterface_Proxy

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

523e3bd38fcf5e50761253359df883ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp100

msvcr100

rpcrt4

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.orpc Size: 512B - Virtual size: 45B

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 228KB - Virtual size: 228KB

.text
Size: 43KB - Virtual size: 42KB

.orpc
Size: 512B - Virtual size: 45B

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 228KB - Virtual size: 228KB