3d0ef10ef26afa9f47f3fe516eacc168fbd4ff25d8cb037578f02f13c1e204d2N

Sharing

Copy URL

Twitter E-mail

General

Target

3d0ef10ef26afa9f47f3fe516eacc168fbd4ff25d8cb037578f02f13c1e204d2N
Size

209KB
MD5

fba7951acedbe89fb0b6ea23d6a80320
SHA1

d7aa2a9f9ce614e38547911ce728716cc15bfd33
SHA256

3d0ef10ef26afa9f47f3fe516eacc168fbd4ff25d8cb037578f02f13c1e204d2
SHA512

17dc5929a57946b4c79bc3ed3b3b6425e9a9e0a54b7a543a3f441ef06ac3085e219288c82af99f612f0c218473957997e920a546ce9d9c8c14e487881fe1fbf4
SSDEEP

3072:iLaTjeSgIjbpwwJrV5A5TkzykDho+7JTpJ7WG/waF5OZwSEHPIge:KanPdROmerGBF5SwSEAge

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d0ef10ef26afa9f47f3fe516eacc168fbd4ff25d8cb037578f02f13c1e204d2N

Files

3d0ef10ef26afa9f47f3fe516eacc168fbd4ff25d8cb037578f02f13c1e204d2N
.dll regsvr32 windows:5 windows x86 arch:x86

e4525326eeb953a2976ed938af8e353f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

custsat.pdb

Imports

msvcrt

??3@YAXPAX@Z
_ftol
ceil
??2@YAPAXI@Z
free
realloc
_except_handler3

advapi32

RegCloseKey

shlwapi

SHSetValueW
PathFindFileNameW
wnsprintfW
PathFileExistsW
wnsprintfA
SHStrDupW
SHGetValueW
StrCpyNW

ole32

CreateBindCtx
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString

kernel32

GetSystemInfo
CreateEventA
LocalAlloc
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileMappingA
LocalReAlloc
LeaveCriticalSection
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetLastError
GetVersion
VirtualQuery
FlushInstructionCache
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
InterlockedExchange
CompareStringA
FindClose
ResetEvent
DisableThreadLibraryCalls
LoadLibraryA
IsBadWritePtr
IsBadCodePtr
IsBadReadPtr
GetVersionExA
LocalFree
GetLastError
GetSystemTimeAsFileTime
CloseHandle
SystemTimeToFileTime
GetCurrentProcess
CompareFileTime
UnmapViewOfFile
GetSystemTime
MapViewOfFile
GetTickCount
InterlockedIncrement
SetEvent
EnterCriticalSection
WaitForSingleObject
VirtualAlloc
WriteFile
GlobalFree
ReadFile
GlobalAlloc
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4525326eeb953a2976ed938af8e353f

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

shlwapi

ole32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 636B

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 3KB - Virtual size: 2KB

.text Size: 176KB - Virtual size: 176KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 636B

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 176KB - Virtual size: 176KB