a012b6133381b5c444410bb0b65c6fb4f922634397dd097cbc393da7eac3d83d

Sharing

Copy URL Twitter E-mail

General

Target

a012b6133381b5c444410bb0b65c6fb4f922634397dd097cbc393da7eac3d83d
Size

1.1MB
MD5

5f7fc3b0f92d58b69bbfbaaa25c23c83
SHA1

e8fdbb3525a9ce176ab71bea4a7b19e2be567628
SHA256

a012b6133381b5c444410bb0b65c6fb4f922634397dd097cbc393da7eac3d83d
SHA512

b6d8c0ec0d4214f8670c907fd061b33ef5e7ca751330fe1c121ca5ed6bacbda22e005629bc58154fa57d77e125b075d577dc363762136ae0d025972fde1b306e
SSDEEP

24576:pelU98vAQO8kYk6rsuZcGPeFmsvju/4pLDzAzJQHa:QO8Wsw+/4p84a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a012b6133381b5c444410bb0b65c6fb4f922634397dd097cbc393da7eac3d83d

Files

a012b6133381b5c444410bb0b65c6fb4f922634397dd097cbc393da7eac3d83d
.dll regsvr32 windows:5 windows x86 arch:x86

2318fe7665c74f1249a6e50303d77133

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
FreeLibrary
CreateFileW
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
GetLocalTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
SetEvent
CreateEventW
WaitForMultipleObjects
GetTickCount
GetTempPathW
GetFileAttributesW
GetFileAttributesA
TerminateProcess
lstrcpynW
CreateDirectoryW
WTSGetActiveConsoleSessionId
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
SetLastError
LoadLibraryA
FindClose
GetSystemDirectoryW
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
ExpandEnvironmentStringsA
FormatMessageA
ResetEvent
ReadConsoleInputA
FindFirstFileA
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
FlushConsoleInputBuffer
GetModuleHandleW
GetProcAddress
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MultiByteToWideChar
lstrcatW
GetComputerNameW
CloseHandle
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
InterlockedExchange
RaiseException
GetModuleFileNameW
HeapDestroy
Sleep
InitializeCriticalSectionAndSpinCount
GetProcessHeap
InterlockedCompareExchange
HeapFree
GlobalMemoryStatus
GetModuleHandleA
LocalFree
SetEnvironmentVariableA
GetCurrentDirectoryW
WriteConsoleW
SystemTimeToTzSpecificLocalTime
SetConsoleMode
GetDriveTypeW
FindFirstFileExW
SetStdHandle
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
ReadConsoleW
GetConsoleMode
SetConsoleCtrlHandler
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapReAlloc
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetFullPathNameW
IsProcessorFeaturePresent
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
LoadLibraryExW
ExitThread
CreateThread
GetStringTypeW
EncodePointer
OutputDebugStringW
IsDebuggerPresent

user32

PostMessageW
PeekMessageW
TranslateMessage
wsprintfW
DispatchMessageW
CreateWindowExW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
DefWindowProcW
GetWindowLongW
DestroyWindow
GetMessageW
SetWindowLongW

advapi32

RegisterEventSourceA
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RevertToSelf
ImpersonateLoggedOnUser
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ReportEventA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW
DeregisterEventSource

shell32

SHGetSpecialFolderPathW

ole32

IIDFromString
CoInitializeSecurity
CoCreateGuid
CoCreateInstance
CoUninitialize
CoTaskMemFree
StringFromIID
CoInitializeEx

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathAddBackslashW
PathAppendW
StrCmpNIW

iphlpapi

GetIpForwardTable
GetAdaptersInfo

wldap32

ord216
ord26
ord41
ord127
ord118
ord14
ord79
ord145
ord208
ord167
ord147
ord27
ord301
ord46
ord142
ord133

wtsapi32

WTSQueryUserToken

ws2_32

WSACleanup
WSAStartup
getsockopt
closesocket
WSASetLastError
ntohs
bind
recv
setsockopt
getsockname
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
sendto
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
socket

Exports

Exports

CallTaskFun
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 877KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2318fe7665c74f1249a6e50303d77133

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

wldap32

wtsapi32

ws2_32

Exports

Exports

Sections

.text Size: 877KB - Virtual size: 877KB

.rdata Size: 224KB - Virtual size: 223KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 877KB - Virtual size: 877KB

.rdata
Size: 224KB - Virtual size: 223KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 39KB - Virtual size: 39KB