9234c2ec7eee749f65753aafdb567356e4d950c5852ebd3aa5ee3df5e6d03cb7

Sharing

Copy URL Twitter E-mail

General

Target

9234c2ec7eee749f65753aafdb567356e4d950c5852ebd3aa5ee3df5e6d03cb7
Size

204KB
MD5

216e5ed139d82435b378cd1c89b8241e
SHA1

7cba22f0647e00ef47befbaf52673709e4d1081f
SHA256

9234c2ec7eee749f65753aafdb567356e4d950c5852ebd3aa5ee3df5e6d03cb7
SHA512

5dd9fa92c30393f3b7e91b3e3ccdcb8f77508c514ee360fe0a6d644b7cd6e58160f52258f5ff016967d6603a7cf965c8a08c7cd2a79489ecae3f7d499eb3b3d6
SSDEEP

6144:VrdU0/PPe77Pr/laOt9x0AOaT4w2JEYw:FdU0XPe77Pr/l/kw2JEJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9234c2ec7eee749f65753aafdb567356e4d950c5852ebd3aa5ee3df5e6d03cb7

Files

9234c2ec7eee749f65753aafdb567356e4d950c5852ebd3aa5ee3df5e6d03cb7
.dll regsvr32 windows:6 windows x86 arch:x86

044b542af451f9fb05e1ee745613453d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\11.11\TAG_AGENT_11.11.0.138\AGENT\Binaries\Release\Win32\fcagmt.pdb

Imports

kernel32

OpenEventW
WaitForMultipleObjects
CreateThread
FindResourceExW
FreeLibrary
WaitForSingleObject
LockResource
SizeofResource
FindResourceW
LoadLibraryW
lstrcmpiW
ResetEvent
SetEvent
InitializeCriticalSection
CloseHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetVersion
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateEventW
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
LoadResource
EncodePointer
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
LCMapStringW
GetCurrentProcess
GetWindowsDirectoryW
GetVersionExW
CreateFileW
FindClose
FindNextFileW
WideCharToMultiByte
MultiByteToWideChar
GetACP
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType

user32

CharNextW

advapi32

RegOpenCurrentUser
RegQueryValueExW
TraceMessage
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHChangeNotify
SHGetFileInfoW

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
StringFromGUID2

oleaut32

SysStringLen
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
LoadRegTypeLi

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

044b542af451f9fb05e1ee745613453d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 7KB - Virtual size: 7KB