5f2a9fc0d3823b890d08ecafb916ca166bc596f77c6189fcb81efabfb4d0d3d4

Sharing

Copy URL

Twitter E-mail

General

Target

5f2a9fc0d3823b890d08ecafb916ca166bc596f77c6189fcb81efabfb4d0d3d4
Size

7.7MB
MD5

eb033fea2da2f9ca0453f602187cd649
SHA1

b0b6705c3e19286e231a0db56db7f1478301aecc
SHA256

5f2a9fc0d3823b890d08ecafb916ca166bc596f77c6189fcb81efabfb4d0d3d4
SHA512

e25298ba671ff9f5ac0c69bb9094d4b9dadb9673d096255c685743d09603740ecbf647c2a91be4d44399900717369d9db06c0b0e319dfa170c21593660bb9018
SSDEEP

196608:JH6jtxauC81wL1WRHaI8GuIVmn+Ka9btMo/8:kp8u9G1WR6I8GuIHVzE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f2a9fc0d3823b890d08ecafb916ca166bc596f77c6189fcb81efabfb4d0d3d4

Files

5f2a9fc0d3823b890d08ecafb916ca166bc596f77c6189fcb81efabfb4d0d3d4
.dll regsvr32 windows:5 windows x64 arch:x64

88477fed40ae7c0715ed76a52786b40e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetFilePointer
GetStartupInfoW
SetHandleCount
ReadFile
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
HeapSize
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FlsAlloc
FlsFree
FlsGetValue
HeapDestroy
HeapCreate
HeapSetInformation
CompareStringW
GetCPInfo
LCMapStringW
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetCommandLineA
FlsSetValue
ExitThread
HeapReAlloc
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
CreateThread
GetModuleHandleA
LoadLibraryA
FlushConsoleInputBuffer
GlobalMemoryStatus
LoadLibraryW
RtlVirtualUnwind
GetStdHandle
GetFileType
GetThreadLocale
SetThreadLocale
WaitForSingleObject
GetLocaleInfoA
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenA
GetCurrentProcessId
OutputDebugStringA
GetTickCount
WideCharToMultiByte
Sleep
LocalAlloc
LocalFree
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
SetLastError
GetModuleFileNameW
GetVersion
GetCurrentThreadId
GlobalAlloc
CloseHandle
GlobalLock
GlobalUnlock
MulDiv
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
SizeofResource
CreateFileW
WriteFile
GetModuleHandleExW
GetSystemDirectoryW
lstrcmpiW
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
lstrlenW
GetCurrentProcess
SetPriorityClass
CreateFileA
DeviceIoControl
GetVersionExW
GetLastError
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalAlloc
GetModuleFileNameW
LocalFree
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
UnregisterClassA
CharNextW
ShowWindow
SetFocus
IsChild
GetClassInfoExW
LoadCursorW
ReleaseDC
GetDC
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
GetClientRect
BeginPaint
CallWindowProcW
PtInRect
UnionRect
SetWindowLongPtrW
DialogBoxParamW
EndDialog
GetDlgItem
SendMessageA
DefWindowProcW
GetWindowLongPtrW
GetFocus
DestroyWindow
IsWindow
SetForegroundWindow
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
keybd_event
HideCaret
LoadBitmapW
GetKeyboardState
ToAscii
GetSystemMetrics
GetMonitorInfoA
EnumDisplayMonitors
SetWindowTextA
FillRect
UpdateWindow
GetWindowDC
SetWindowsHookExW
UnhookWindowsHookEx
SetRectEmpty
LoadStringW
DrawEdge
DrawTextW
FrameRect
GetWindowThreadProcessId
CallNextHookEx
SetCursor
SetTimer
GetWindowRect
SendMessageW
SetWindowTextW
MoveWindow
MessageBoxW
CreateWindowExW
RegisterClassExW
GetKeyState
InvalidateRect
CharUpperBuffW

gdi32

CreateDCA
CreateFontIndirectW
SetBkMode
CreateSolidBrush
DeleteObject
SetTextColor
SetBkColor
SelectObject
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
SetTextAlign
TextOutW
GetDeviceCaps

advapi32

DeleteService
RegCreateKeyExW
RegEnumValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
ControlService
StartServiceW
QueryServiceStatus
RegOpenKeyExW
CloseServiceHandle
OpenSCManagerW
CreateServiceW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW

ole32

StringFromGUID2
OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CreateOleAdviseHolder
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleTranslateColor
SysAllocStringLen
VariantCopy
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayGetElement
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
VariantClear
VariantChangeType

shlwapi

SHRegGetUSValueA
PathFileExistsW
StrCmpIW

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExA
GetModuleFileNameExW

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cen0
Size: - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cen1
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88477fed40ae7c0715ed76a52786b40e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

psapi

imm32

version

Exports

Exports

Sections

.text Size: - Virtual size: 914KB

.rdata Size: - Virtual size: 293KB

.data Size: - Virtual size: 174KB

.pdata Size: - Virtual size: 51KB

.cen0 Size: - Virtual size: 5.6MB

.cen1 Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 512B - Virtual size: 144B

.rsrc Size: 15KB - Virtual size: 112KB

.text
Size: - Virtual size: 914KB

.rdata
Size: - Virtual size: 293KB

.data
Size: - Virtual size: 174KB

.pdata
Size: - Virtual size: 51KB

.cen0
Size: - Virtual size: 5.6MB

.cen1
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 512B - Virtual size: 144B

.rsrc
Size: 15KB - Virtual size: 112KB