232a59d87247513ce3abf5a45b77ebf5f4f7988e33c3636a3413948c5388b972

Sharing

Copy URL Twitter E-mail

General

Target

232a59d87247513ce3abf5a45b77ebf5f4f7988e33c3636a3413948c5388b972
Size

418KB
MD5

15eb358c9df5f2784e3201ea878a426b
SHA1

ccfda7d2116afaaa1779a15c11732118a7eebc91
SHA256

232a59d87247513ce3abf5a45b77ebf5f4f7988e33c3636a3413948c5388b972
SHA512

f2178a376d5fea0d45686ee9294f4bc54c4cffdedae7081e54661ce822aca7663aeac024751c04fd1533db0b60c201df28f32bcd66c0d349a2e3bb6ae8a2c8c9
SSDEEP

6144:2HvsQp1/iw8U4qIoIjoK5QPnaGJoHfHMs/zPav+h9sjUBNY4O:2kS1//8U4pVoj5Jo0UzPaMsjU7YJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
232a59d87247513ce3abf5a45b77ebf5f4f7988e33c3636a3413948c5388b972

Files

232a59d87247513ce3abf5a45b77ebf5f4f7988e33c3636a3413948c5388b972
.dll regsvr32 windows:6 windows x64 arch:x64

4cf1d261f361f561f2cc103c6671d6fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MoveFileW
SwitchToThread
GetTickCount
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
CloseHandle
WriteFile
UnmapViewOfFile
GetLocalTime
SystemTimeToFileTime
WideCharToMultiByte
VirtualProtect
LoadLibraryW
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
CreateEventW
SetEvent
InitializeCriticalSectionEx
GetLastError
RaiseException
DeleteCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
GetStdHandle
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetModuleFileNameW
GetModuleHandleExW
IsDebuggerPresent
OutputDebugStringW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
SetFileAttributesW
ExitProcess

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitialize

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetEncoderParameterListSize
GdipCloneImage
GdipDrawImageRectRect
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdiplusStartup
GdipGetEncoderParameterList

ws2_32

shutdown

Exports

Exports

?RdvServiceMain@@YAXPEAX0K0K@Z
DllRegisterServer
DllUnregisterServer
VssServiceMain

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cf1d261f361f561f2cc103c6671d6fe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

gdiplus

ws2_32

Exports

Exports

Sections

.text Size: 321KB - Virtual size: 321KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 3KB - Virtual size: 4.1MB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 321KB - Virtual size: 321KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 4.1MB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB