44a496a5c1edbcbf8d564c024a64c38ac026ffd91b9b9df466ba3c9c73792645

Sharing

Copy URL Twitter E-mail

General

Target

44a496a5c1edbcbf8d564c024a64c38ac026ffd91b9b9df466ba3c9c73792645
Size

3.7MB
MD5

1c5eacd2888c79db86ecfec71ed2e509
SHA1

b18ce8210f8f96ee40730e1941558ab3a9fe4fec
SHA256

44a496a5c1edbcbf8d564c024a64c38ac026ffd91b9b9df466ba3c9c73792645
SHA512

1c6fbc73c44d120d822000c2ecabc7f6e036816e341a95981e91e8af5a1a567c4f05b80aa0333b846f6974e8893e60809242a9d3827075780d7ac6a7aa59f5df
SSDEEP

49152:0Ey1uzNj9u4QPEGLZp+7tn44cpUxkuK5dJfJ0VrFj4AY7s3b6ltO3/ie0Qpu2VJ:0x1mNYPe7DxRK5dUrFkAutOv7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44a496a5c1edbcbf8d564c024a64c38ac026ffd91b9b9df466ba3c9c73792645

Files

44a496a5c1edbcbf8d564c024a64c38ac026ffd91b9b9df466ba3c9c73792645
.dll regsvr32 windows:10 windows x86 arch:x86

2a4aa2bf50c18d4670c4c746ad402e94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

jscript9.pdb

Imports

ntdll

RtlCaptureContext

msvcrt

__libm_sse2_asin
__libm_sse2_acos
qsort
__libm_sse2_pow
isdigit
isalpha
_wcslwr_s
_wasctime_s
_vscwprintf
qsort_s
modf
_tzset
_ui64tow_s
_itow_s
_snwprintf_s
_beginthreadex
fwprintf
_flushall
fflush
__libm_sse2_exp
fclose
rand
srand
wcstok_s
wcsrchr
_wfsopen
__libm_sse2_atan
wcsstr
wcstoul
_stricmp
vswprintf_s
_i64tow_s
_wcsicmp
_set_SSE2_enable
_localtime32_s
swprintf_s
_ltow
wcscat_s
_vsnwprintf_s
_ltow_s
_ultow_s
_control87
_wcsnicmp
wcsncmp
wcsncpy_s
realloc
_wcsdup
wcschr
free
malloc
wcscpy_s
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__libm_sse2_log
_wsplitpath_s
__libm_sse2_cos
__libm_sse2_sin
__libm_sse2_tan
memcmp
__libm_sse2_atan2
strncmp
wcsncat_s
iswalpha
_callnewh
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
ceil
memcpy
_purecall
memcpy_s
_vsnwprintf
__iob_func
bsearch
_CxxThrowException
memmove
memset
tolower
__CxxFrameHandler3
floor
fwprintf_s
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIexp
_CIfmod
_CIlog
_CIpow
_CIsin
_CIsqrt
_CItan
_ftol2
_ftol2_sse

api-ms-win-downlevel-advapi32-l1-1-0

RegSetValueExW
RegDeleteKeyExW
EventWrite
RegCreateKeyExW
RegOpenKeyExW
EventWriteTransfer
EventRegister
EventUnregister
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-downlevel-shlwapi-l1-1-0

PathGetDriveNumberW
PathIsUNCW
PathIsLFNFileSpecW
PathIsFileSpecW
PathFindFileNameW
StrTrimW
PathFileExistsW
StrCmpLogicalW
PathRemoveFileSpecW
StrCmpICW

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

kernel32

ResumeThread
LoadLibraryExA
GetProcessHeap
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreateFileW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
SearchPathW
SleepConditionVariableSRW
WakeAllConditionVariable
SetUnhandledExceptionFilter
LocalFree
LocalAlloc
MultiByteToWideChar
FlushInstructionCache
ResetEvent
SetThreadStackGuarantee
GetSystemTimeAdjustment
QueryPerformanceFrequency
CompareStringEx
GetUserDefaultLocaleName
ResolveLocaleName
QueryThreadCycleTime
GetProcessIoCounters
Sleep
GetNumberFormatW
GetTimeFormatW
GetDateFormatW
GetSystemTime
LCMapStringW
CompareStringW
GetTimeZoneInformation
GetStringTypeW
SizeofResource
LockResource
LoadResource
FindResourceExW
UnhandledExceptionFilter
TerminateProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualAlloc
VirtualFree
GlobalMemoryStatusEx
ResetWriteWatch
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
WaitForMultipleObjectsEx
GetWriteWatch
SetEvent
CreateEventW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformationForYear
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
GetVersionExW
GetSystemInfo
EncodeSystemPointer
QueryPerformanceCounter
WerGetFlags
VirtualProtect
WerSetFlags
LoadLibraryExW
GetSystemDirectoryW
RaiseException
IsValidCodePage
GetLocaleInfoW
IsValidLocale
VirtualQuery
GetEnvironmentVariableW
GetACP
GetUserDefaultLCID
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
RaiseFailFastException
DeleteAtom
TryEnterCriticalSection
FreeLibrary
AddAtomW
FindAtomW
InitializeCriticalSectionAndSpinCount
GetTickCount
InitializeCriticalSection
GetModuleFileNameW
GetCurrentProcess
K32GetModuleInformation
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
DelayLoadFailureHook

bcrypt

BCryptGenRandom

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy

advapi32

CryptReleaseContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JsAddRef
JsBoolToBoolean
JsBooleanToBool
JsCallFunction
JsCollectGarbage
JsConstructObject
JsConvertValueToBoolean
JsConvertValueToNumber
JsConvertValueToObject
JsConvertValueToString
JsCreateArray
JsCreateContext
JsCreateError
JsCreateExternalObject
JsCreateExternalType
JsCreateFunction
JsCreateObject
JsCreateRangeError
JsCreateReferenceError
JsCreateRuntime
JsCreateSyntaxError
JsCreateTypeError
JsCreateTypedExternalObject
JsCreateURIError
JsDefineProperty
JsDeleteIndexedProperty
JsDeleteProperty
JsDisableRuntimeExecution
JsDisposeRuntime
JsDoubleToNumber
JsEnableRuntimeExecution
JsEnumerateHeap
JsEquals
JsGetAndClearException
JsGetCurrentContext
JsGetDefaultTypeDescription
JsGetExtensionAllowed
JsGetExternalData
JsGetExternalType
JsGetFalseValue
JsGetGlobalObject
JsGetIndexedProperty
JsGetNullValue
JsGetOwnPropertyDescriptor
JsGetOwnPropertyNames
JsGetProperty
JsGetPropertyIdFromName
JsGetPropertyNameFromId
JsGetPrototype
JsGetRuntime
JsGetRuntimeMemoryLimit
JsGetRuntimeMemoryUsage
JsGetStringLength
JsGetTrueValue
JsGetUndefinedValue
JsGetValueType
JsHasException
JsHasExternalData
JsHasIndexedProperty
JsHasProperty
JsIdle
JsIntToNumber
JsIsEnumeratingHeap
JsIsRuntimeExecutionDisabled
JsNumberToDouble
JsParseScript
JsParseSerializedScript
JsPointerToString
JsPreventExtension
JsRelease
JsRunScript
JsRunSerializedScript
JsSerializeScript
JsSetCurrentContext
JsSetException
JsSetExternalData
JsSetIndexedProperty
JsSetProperty
JsSetPrototype
JsSetRuntimeBeforeCollectCallback
JsSetRuntimeMemoryAllocationCallback
JsSetRuntimeMemoryLimit
JsStartDebugging
JsStartProfiling
JsStopProfiling
JsStrictEquals
JsStringToPointer
JsValueToVariant
JsVarAddRef
JsVarRelease
JsVarToExtension
JsVarToScriptDirect
JsVariantToValue

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a4aa2bf50c18d4670c4c746ad402e94

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

msvcrt

api-ms-win-downlevel-advapi32-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-version-l1-1-0

kernel32

bcrypt

rpcrt4

advapi32

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.data Size: 49KB - Virtual size: 65KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 168B

.rsrc Size: 88KB - Virtual size: 88KB

.reloc Size: 159KB - Virtual size: 158KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 49KB - Virtual size: 65KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 168B

.rsrc
Size: 88KB - Virtual size: 88KB

.reloc
Size: 159KB - Virtual size: 158KB