737267d8c13854aea358091d0966c6018c1815b6ed31e3f436788bfa10d8790f

Sharing

Copy URL

Twitter E-mail

General

Target

737267d8c13854aea358091d0966c6018c1815b6ed31e3f436788bfa10d8790f
Size

79KB
MD5

16d56012ba6bcdf94d77f9d4ff37db0a
SHA1

ae9c4358c5229998e7ecadf1305e47625b77d3a3
SHA256

737267d8c13854aea358091d0966c6018c1815b6ed31e3f436788bfa10d8790f
SHA512

8613a50c5aef45e84615712bb40dddd5336dd2c8da44e169ed4daf1c05bfa7812a2d4025cd6e1bf89cb38502235e4b2c983d5b0a9045f2bfe02a2a73bdb0c979
SSDEEP

768:41u3jrZjBt2Q2Bd5pgmXtX6XO/YOGoEbOaTsw3BbZasf6XnzQbSxvzzjCcAScCLw:hNjBt65pFtP/1ecl5cnYvoS8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
737267d8c13854aea358091d0966c6018c1815b6ed31e3f436788bfa10d8790f

Files

737267d8c13854aea358091d0966c6018c1815b6ed31e3f436788bfa10d8790f
.dll regsvr32 windows:5 windows x86 arch:x86

75654ef70d05d1b518fdaee616e97251

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

DbgPrint

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterServiceCtrlHandlerW
SetServiceStatus

kernel32

CloseHandle
CreateEventW
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
SetEvent
SetSystemTime
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_wcsicmp
abort
calloc
free
fwrite
memmove
memset
strncmp
vfprintf
wcslen
wcsncpy

ws2_32

WSACleanup
WSAStartup
gethostbyname
htons
ntohl
recvfrom
select
sendto
socket

user32

LoadStringW

Exports

Exports

DllRegisterServer
DllUnregisterServer
SvchostEntry_W32Time
W32TimeSyncNow
W32TmServiceMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 984B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75654ef70d05d1b518fdaee616e97251

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

msvcrt

ws2_32

user32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 40B

.rdata Size: 35KB - Virtual size: 34KB

.bss Size: - Virtual size: 984B

.edata Size: 512B - Virtual size: 257B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 844B

.rossym Size: 23KB - Virtual size: 22KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 40B

.rdata
Size: 35KB - Virtual size: 34KB

.bss
Size: - Virtual size: 984B

.edata
Size: 512B - Virtual size: 257B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 844B

.rossym
Size: 23KB - Virtual size: 22KB