a992fe0481a117ff1cc212bf534a127a81b29a281fdb3b31e459b955eab979f2

Sharing

Copy URL Twitter E-mail

General

Target

a992fe0481a117ff1cc212bf534a127a81b29a281fdb3b31e459b955eab979f2
Size

560KB
MD5

b662802e9bb9fdc8bc449d7637429e01
SHA1

873f672536e137826823cd4490ac06a8662d6c4c
SHA256

a992fe0481a117ff1cc212bf534a127a81b29a281fdb3b31e459b955eab979f2
SHA512

e9721a10d5b4bf360b2c63264d3f5133458be766eeda3ecbccca3835ffb97699b23ac3a0a93188f5da42912fdc31dbfc8f0ed0b2c19c1d485f7d4c5921992f2c
SSDEEP

12288:+UsFiokdDn+dFINChT3VAviPmNRx7rPXr73/57zLL7bLL7zbbLTrbK9UiSH:+X0ooDn+d+NU2aPmrK/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a992fe0481a117ff1cc212bf534a127a81b29a281fdb3b31e459b955eab979f2

Files

a992fe0481a117ff1cc212bf534a127a81b29a281fdb3b31e459b955eab979f2
.dll regsvr32 windows:4 windows x86 arch:x86

d90f512a56d54bb04f0b86d6e1948f24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

mfc42

ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord4424
ord5825
ord723
ord648
ord985
ord334
ord423
ord5880
ord4459
ord4299
ord5033
ord2379
ord5805
ord4502
ord1168
ord2575
ord3402
ord3571
ord4396
ord2385
ord6374
ord4627
ord3574
ord640
ord609
ord323
ord567
ord3626
ord3663
ord2414
ord5785
ord4275
ord2405
ord5053
ord5981
ord2864
ord3874
ord4133
ord4297
ord5788
ord472
ord5875
ord613
ord1641
ord1640
ord289
ord1146
ord4160
ord823
ord858
ord537
ord5076
ord4341
ord4349
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord4432
ord812
ord559
ord6877
ord665
ord1979
ord4171
ord5186
ord354
ord2614
ord5572
ord2915
ord641
ord616
ord2514
ord535
ord939
ord3452
ord2515
ord355
ord2817
ord6283
ord6385
ord538
ord5773
ord4224
ord801
ord541
ord2818
ord3619
ord3693
ord922
ord5710
ord2764
ord4189
ord924
ord926
ord1799
ord614
ord290
ord2841
ord4226
ord6143
ord5858
ord654
ord341
ord1997
ord5465
ord798
ord5194
ord533
ord700
ord913
ord398
ord1622
ord1200
ord5683
ord941
ord2820
ord3811
ord2107
ord2846
ord4129
ord5861
ord5862
ord4278
ord6883
ord6282
ord5651
ord3127
ord3616
ord5608
ord350
ord5440
ord6383
ord5450
ord6394
ord4613
ord1920
ord784
ord415
ord517
ord4262
ord2086
ord4723
ord6129
ord5789
ord3754
ord1081
ord3573
ord6021
ord6189
ord6194
ord4023
ord4330
ord5787
ord2753
ord2754
ord4508
ord4464
ord5260
ord1233
ord6128
ord3752
ord2652
ord1669
ord6222
ord818
ord2463
ord1651
ord1623
ord6131
ord6216
ord5641
ord5620
ord4317
ord940
ord925
ord4204
ord2526
ord469
ord2535
ord4889
ord3078
ord4370
ord4589
ord4614
ord693
ord793
ord5146
ord6144
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord2301
ord3530
ord2362
ord2358
ord6334
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3719
ord2298
ord2294
ord2302
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord656
ord4909
ord3610
ord6199
ord3092
ord2582
ord4402
ord3370
ord3640
ord6907
ord3998
ord3996
ord6007
ord3286
ord3301
ord771
ord2528
ord1008
ord497
ord3706
ord501
ord773
ord1083
ord2645
ord5823
ord3664
ord715
ord5597
ord5605
ord2761
ord1842
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1131
ord4436
ord5252
ord4427
ord674
ord554
ord366
ord807
ord4242
ord5852
ord2258
ord2494
ord2627
ord2626
ord6146
ord5885
ord4163
ord6625
ord4457
ord4588
ord4899
ord4892
ord2971
ord5759
ord6192
ord5756
ord6186
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord2513
ord293
ord2452
ord3019
ord2516
ord361
ord2299
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord1175
ord4823
ord2399
ord4858
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord6467
ord1227
ord6364
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord1573
ord6004
ord3946
ord2884
ord6030
ord1601
ord551
ord1892
ord4252
ord3326
ord6365
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord746
ord5992
ord449
ord2278
ord1871
ord6571
ord2380
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord1710
ord1715
ord5234
ord5064
ord5248

msvcrt

_adjust_fdiv
_initterm
_onexit
__CxxFrameHandler
_purecall
_ftol
_mbsnbcpy
memmove
realloc
fread
fseek
fclose
fopen
fwrite
_mbscmp
_unlink
free
_strdup
_mbsicmp
atoi
malloc
_splitpath
_except_handler3
_ismbslead
_ismbstrail
isdigit
isalpha
_mbsicoll
ceil
_mbschr
_mbsstr
_mbsrchr
atof
_CIasin
_mbstok
strrchr
putc
getc
fprintf
sprintf
_setjmp3
__CxxLongjmpUnwind
longjmp
_mbctoupper
_ismbcdigit
isalnum
_ismbcalnum
_ismbclower
_ismbcupper
_mbctolower
sscanf
getenv
_EH_prolog
__dllonexit
??1type_info@@UAE@XZ

kernel32

IsDBCSLeadByte
MoveFileExA
GlobalSize
GlobalReAlloc
GlobalLock
GlobalUnlock
FindResourceA
SizeofResource
LoadResource
LockResource
GetTempFileNameA
MoveFileA
FindClose
GetTempPathA
DeleteFileA
ReadFile
MulDiv
LocalAlloc
GlobalAlloc
GlobalFree
CreateFileA
WriteFile
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
SetFileAttributesA
GetFileAttributesA
LocalFree

user32

EnableWindow
SetTimer
IsChild
PtInRect
GetMessageA
GetDesktopWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetCapture
SystemParametersInfoA
SetRect
IntersectRect
IsRectEmpty
EqualRect
ReleaseCapture
SetCapture
SetClipboardData
CreateCaret
SetCaretPos
HideCaret
ShowCaret
RedrawWindow
IsWindowVisible
LoadCursorA
IsWindow
GetClipboardData
GetKeyState
OpenClipboard
EmptyClipboard
CloseClipboard
RegisterClipboardFormatA
IsClipboardFormatAvailable
GetAsyncKeyState
CreateWindowExA
SetWindowPos
GetDC
ReleaseDC
FillRect
OffsetRect
GetClientRect
GetCursorPos
InflateRect
MessageBoxA
ScreenToClient
GetFocus
GetWindowLongA
GetSysColor
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageA

gdi32

CreateCompatibleDC
BitBlt
SetPixel
GetObjectA
GetDIBits
LineTo
MoveToEx
CreatePen
CreateFontIndirectA
GetDeviceCaps
GetTextMetricsA
GetTextExtentPoint32A
LineDDA
UnrealizeObject
CreateSolidBrush
SetBrushOrgEx
CreateCompatibleBitmap
GetBkColor
StretchDIBits
LPtoDP
ResetDCA
PatBlt
RoundRect
Rectangle
CreatePenIndirect
CreateBrushIndirect
CreatePolygonRgn
CreateEllipticRgnIndirect
RectInRegion
CreateRoundRectRgn
Polygon
RealizePalette
SelectPalette
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
Ellipse
GetStockObject

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent
InitCommonControlsEx

oleaut32

LoadRegTypeLi
SysAllocString

winmm

PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d90f512a56d54bb04f0b86d6e1948f24

Headers

File Characteristics

Imports

msvfw32

mfc42

msvcrt

kernel32

user32

gdi32

shell32

comctl32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 361KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 32KB - Virtual size: 32KB

.rsrc Size: 76KB - Virtual size: 72KB

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 364KB - Virtual size: 361KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 76KB - Virtual size: 72KB

.reloc
Size: 28KB - Virtual size: 24KB