aa9b7787058c20d3c09e4906cf85dd12077311fbb360385fb19acf2572d63abe

Sharing

Copy URL

Twitter E-mail

General

Target

aa9b7787058c20d3c09e4906cf85dd12077311fbb360385fb19acf2572d63abe
Size

24KB
MD5

ee7aada6b80832d7a48a942a38317559
SHA1

599b21569b8e8be062303e8ad476f4f886dbe0c5
SHA256

aa9b7787058c20d3c09e4906cf85dd12077311fbb360385fb19acf2572d63abe
SHA512

a5a7cebac2cea38b12a9e983b6eb75dccfaf3dae92cac2d6f3a54a7efae549a27fa581656541984267a79a4ec6d11caada629040983690a96d79886907f4d28f
SSDEEP

384:A6wL584Z+fsGHpXjWXoZVNBCpz0XjjonCvTAlBwMpkvYDt6B:6fa1jWXobNApIXj8n8tMpMOt6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa9b7787058c20d3c09e4906cf85dd12077311fbb360385fb19acf2572d63abe

Files

aa9b7787058c20d3c09e4906cf85dd12077311fbb360385fb19acf2572d63abe
.dll regsvr32 windows:6 windows x64 arch:x64

5b87c2aea8c898f129255c4f11464cd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetThreadContext
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetThreadContext
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
WriteProcessMemory

msvcp140

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
memcpy
memmove
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_errno
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_seh_filter_dll

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

strlen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LaunchUI
WPRUICreateInstance

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b87c2aea8c898f129255c4f11464cd4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.00cfg Size: 512B - Virtual size: 56B

.retplne Size: 512B - Virtual size: 140B

.reloc Size: 512B - Virtual size: 100B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 56B

.retplne
Size: 512B - Virtual size: 140B

.reloc
Size: 512B - Virtual size: 100B