0405983332a885f0df210793af35e851ad17e1e2adb8c5cdf7a0cbfc49c07d16N

Sharing

Copy URL

Twitter E-mail

General

Target

0405983332a885f0df210793af35e851ad17e1e2adb8c5cdf7a0cbfc49c07d16N
Size

68KB
MD5

f07fd4d1157cbed4f1b8152b7ea765b0
SHA1

55711fdf23aee640b8991f49eac17deda832f4f1
SHA256

0405983332a885f0df210793af35e851ad17e1e2adb8c5cdf7a0cbfc49c07d16
SHA512

91a93ea3bd41ea6da7da0dd65523edef7e00cfcac72a38eace1512c85998d15937f46837cd8106eeb6ddb7a78c81595ffa9a2161dee8b1bc7a786b26395573cc
SSDEEP

1536:ZThApOSc59fv8O8DDFW8SCuHnhuj52w3/RhoOJre:ZTmbc5MDZW8StHhujcw3/RhoOFe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0405983332a885f0df210793af35e851ad17e1e2adb8c5cdf7a0cbfc49c07d16N

Files

0405983332a885f0df210793af35e851ad17e1e2adb8c5cdf7a0cbfc49c07d16N
.dll windows:4 windows x86 arch:x86

16b9aa58c3ca973ebea4a861bb147402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDateFormatA
HeapAlloc
GetProcessHeap
DeleteFileW
GetProcessTimes
LocalFree
GetCurrentProcess
LocalReAlloc
GetLocaleInfoW
LocalAlloc
GetUserDefaultLCID
GetTickCount
AreFileApisANSI
lstrcpynA
ExpandEnvironmentStringsW
Beep
Sleep
GetLastError
LeaveCriticalSection
SystemTimeToFileTime
EnterCriticalSection
CloseHandle
CompareFileTime
ReleaseMutex
IsBadReadPtr
WaitForSingleObject
lstrlenA
LoadResource
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatA
GetDateFormatW
FindResourceW
FindResourceA
SetFileAttributesW
SetFileAttributesA
SearchPathA
SearchPathW
CreateMutexW
CreateMutexA
CreateProcessW
CreateProcessA
LoadLibraryW
LoadLibraryA
DeleteFileA
GetSystemTime
ExpandEnvironmentStringsA
GetCurrentThreadId
LockResource
SetLastError
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
GetVersionExA
GetSystemDefaultLangID
GetTimeFormatW
lstrcmpA
GetProcAddress
GetModuleFileNameA
FreeLibrary
HeapFree

ole32

CoFreeUnusedLibraries
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CLSIDFromString
StringFromGUID2

user32

MessageBeep
GetParent
IsWindowEnabled
GetDlgItemInt
SetForegroundWindow
CheckDlgButton
PostMessageA
SetFocus
IsDlgButtonChecked
GetFocus
EndDialog
CheckRadioButton
FindWindowA
SetWindowLongA
SetWindowTextW
WinHelpW
GetSysColor
DestroyIcon
InvalidateRect
BeginPaint
EndPaint
GetWindowLongA
SendMessageW
MessageBoxW
MessageBoxA
FindWindowW
SetWindowTextA
GetWindowTextW
WinHelpA
LoadImageW
LoadImageA
MapWindowPoints
OffsetRect
GetClientRect
MoveWindow
InflateRect
SetRect
GetDC
ReleaseDC
LoadStringA
CharPrevA
SendMessageA
GetDlgItem
GetSystemMetrics
ShowWindow
UpdateWindow
SystemParametersInfoA
LoadStringW
DialogBoxParamA
DialogBoxParamW
DefWindowProcA
DefWindowProcW
LoadIconA
GetWindowTextA
EnableWindow

advapi32

RegSetValueExW
RegSetKeySecurity
QueryServiceStatus
StartServiceW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegQueryValueExA
AddAccessAllowedAce
GetLengthSid
OpenSCManagerW
InitializeAcl
RegCloseKey
FreeSid
RegOpenKeyExA
CloseServiceHandle
GetSidSubAuthority
GetSidSubAuthorityCount
LookupAccountSidW
IsValidSid
GetTokenInformation
GetSidIdentifierAuthority
RegSetValueExA
SetSecurityDescriptorDacl
RegEnumKeyA
RegEnumKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExA
RegOpenKeyExW
RegDeleteKeyA
RegQueryValueExW
RegCreateKeyExW
GetUserNameW
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegDeleteValueW
OpenProcessToken
OpenServiceW

msvcrt

memset
wcscat
wcslen
wcscmp
_itow
wcsncmp
wcscpy
_ltow

comctl32

PropertySheetW
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
CreatePropertySheetPageW

gdi32

UpdateColors
RealizePalette
SetDIBitsToDevice
DeleteObject
GetDeviceCaps
CreatePalette
SelectPalette

rpcrt4

NdrOleFree
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrOleAllocate
CStdStubBuffer_CountRefs

Exports

Exports

yrvovd

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16b9aa58c3ca973ebea4a861bb147402

Headers

File Characteristics

Imports

kernel32

ole32

user32

advapi32

msvcrt

comctl32

gdi32

rpcrt4

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 4KB - Virtual size: 796B

.text
Size: 32KB - Virtual size: 29KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 4KB - Virtual size: 796B