54a7428f382992278f8b325d55480f3d845ea8881e946f69c2be0ce544143e24

Sharing

Copy URL Twitter E-mail

General

Target

54a7428f382992278f8b325d55480f3d845ea8881e946f69c2be0ce544143e24
Size

536KB
MD5

99e8285ad0242715305a73ce128d4c87
SHA1

921161434aa33f39a4930a82a5901e1d8c1cc756
SHA256

54a7428f382992278f8b325d55480f3d845ea8881e946f69c2be0ce544143e24
SHA512

8958b81bc29648a3261cbed5c07788d0cc6e6ae46745a4aabbf349694791ca7116720632ce103150c27fa9a9e72611b5e7a73bf7fc4985aa187fdc1312220c7d
SSDEEP

12288:Jm0vZDQp56wdtK4LZ56wdtKyE8zp56wdtK4+Z56wdtKP0Xio+jZ56wdtKK2556wN:00hDalxE8vqo6iTP1gqPnQwv2TA+AYEN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54a7428f382992278f8b325d55480f3d845ea8881e946f69c2be0ce544143e24

Files

54a7428f382992278f8b325d55480f3d845ea8881e946f69c2be0ce544143e24
.dll regsvr32 windows:4 windows x86 arch:x86

7329f2517d9bcde6b3db2a45e6c9cb60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalHandle
GlobalAlloc
GlobalUnlock
GlobalLock
OutputDebugStringA
CloseHandle
GetCurrentProcess
GetCurrentThreadId
lstrcmpA
FlushInstructionCache
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
GlobalFree
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
TerminateProcess
RtlUnwind
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetVersion
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
GetModuleFileNameA
GetModuleHandleA
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
GetEnvironmentStringsW
FreeLibrary
GetShortPathNameA
lstrlenA
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenW
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteFile

user32

RegisterClassExA
LoadCursorA
GetClassInfoExA
SetWindowLongA
RegisterWindowMessageA
CharNextA
DefWindowProcA
GetWindow
DialogBoxIndirectParamA
SetWindowTextA
GetWindowTextA
LoadMenuIndirectA
LoadMenuA
wsprintfA
ShowWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
GetClassNameA
CreateWindowExA
GetDlgItem
SendMessageA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
GetDC
GetDesktopWindow
ReleaseDC
RedrawWindow
IsWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
CallWindowProcA
GetFocus
IsChild
SetFocus
GetSysColor
CreateDialogIndirectParamA
SendDlgItemMessageA
EndDialog
GetWindowLongA
GetWindowTextLengthA

gdi32

GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectA
CreateFontIndirectA
DeleteObject
GetStockObject

advapi32

RegDeleteValueA
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
CryptAcquireContextA
CryptCreateHash

ole32

CoTaskMemFree
OleLockRunning
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantClear
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi

tcuiext

TcLookupResource
RectToGrect
PutCellArrayPlusPalette
InitResourceDialogStrings
MultiResManualOperation
MyLoadString
SizeOfWordVector
TcDebugOut

tcole

?ResetStream@@YAJPAUIStream@@@Z

netapi32

NetGetDCName
NetUserGetInfo
NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7329f2517d9bcde6b3db2a45e6c9cb60

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

tcuiext

tcole

netapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 448KB - Virtual size: 444KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 448KB - Virtual size: 444KB

.reloc
Size: 8KB - Virtual size: 7KB