96285060581b108edaa385dc50c28f6e0933ad8034e515ab7f738101bb016090

Sharing

Copy URL Twitter E-mail

General

Target

96285060581b108edaa385dc50c28f6e0933ad8034e515ab7f738101bb016090
Size

1.1MB
MD5

cbf1dbbdcdd8a6addb182b2be25c11d8
SHA1

5f7afc3bbc2c058bedc7a20cd0e9f8b768ddff6b
SHA256

96285060581b108edaa385dc50c28f6e0933ad8034e515ab7f738101bb016090
SHA512

a8b53ba363c624dcf41670b1fa65b133413657be5201df6fba3be6804a0e8dae1ddec8b4198553f5d8a65ced6a5c03a6abdff12d0e6568a7a5210a0c78dff632
SSDEEP

6144:Zhb/Mi0pFvwKuIdfJdLu3ndLuDndLuDSdt:fjMLr4wzdLu3ndLuDndLuDSdt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96285060581b108edaa385dc50c28f6e0933ad8034e515ab7f738101bb016090

Files

96285060581b108edaa385dc50c28f6e0933ad8034e515ab7f738101bb016090
.dll regsvr32 windows:4 windows x86 arch:x86

bedf1b0f44832d191ca3e93149cffbbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.Depot\Current\Client\ApplicationMC\Release\mcapp.pdb

Imports

kernel32

GetACP
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
TerminateThread
GetExitCodeThread
CloseHandle
SetEvent
CreateEventW
LocalFree
GetProcAddress
WideCharToMultiByte
DeleteFileW
GetComputerNameW
lstrcpynW
WriteFile
CreateFileW
GetCurrentThreadId
ProcessIdToSessionId
CreateDirectoryW
lstrcatW
GlobalUnlock
GlobalLock
GlobalSize
GetTempFileNameW
GetTempPathW
ReadFile
GetFileSize
GetLocalTime
GetSystemDefaultLangID
GlobalReAlloc
GlobalAlloc
ReleaseMutex
ReleaseSemaphore
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
CreateSemaphoreW
CreateMutexW
OpenFileMappingW
CreateFileMappingW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapFree
Sleep
WaitForSingleObject
ExitProcess
FileTimeToSystemTime
lstrcpyW
GetTickCount
SetProcessShutdownParameters
lstrcmpW
GetCurrentProcessId
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW
lstrlenW
GetLastError
RaiseException
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
VirtualAlloc
VirtualFree
HeapCreate
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateThread
ExitThread
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange

user32

PostMessageW
GetDesktopWindow
CharNextW
UnregisterClassA
SendMessageTimeoutW
LoadStringW
ShowWindow
GetWindowThreadProcessId
IsWindowVisible
FindWindowExW
UnhookWindowsHookEx
CallNextHookEx
GetForegroundWindow
GetLastInputInfo
GetWindowTextW
GetWindowLongW
SetWindowsHookExW
EnumWindows
CharLowerW

advapi32

CryptAcquireContextW
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
VarBstrCat
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
VarBstrFromI4
SafeArrayUnaccessData
SafeArrayAccessData
RegisterTypeLi
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayDestroy
VariantInit

shlwapi

SHCreateStreamOnFileW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSQuerySessionInformationW
WTSOpenServerW

netapi32

NetApiBufferFree
NetWkstaUserEnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 896KB - Virtual size: 894KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bedf1b0f44832d191ca3e93149cffbbb

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 49KB

.SHARDAT Size: 896KB - Virtual size: 894KB

.SHARSTA Size: 4KB - Virtual size: 48B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 49KB

.SHARDAT
Size: 896KB - Virtual size: 894KB

.SHARSTA
Size: 4KB - Virtual size: 48B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 16KB - Virtual size: 15KB