28bd85069d2475bd79b0858ebcb19b255afd2cfeb594ed9e554717c4fcc33513

Sharing

Copy URL

Twitter E-mail

General

Target

28bd85069d2475bd79b0858ebcb19b255afd2cfeb594ed9e554717c4fcc33513
Size

1.0MB
MD5

3dd45214674f4021da7d5239aac7e86d
SHA1

edf4c18e8ccdf2728f34a52fd7d3f19bd20352c9
SHA256

28bd85069d2475bd79b0858ebcb19b255afd2cfeb594ed9e554717c4fcc33513
SHA512

1e253602ade82af65d8f5dde0cddc13233018e15e5fd9119326ee03fca6e3198bd8c26e281e0773045bf652fa6dc8eead156f175c679499a1cb37a891a2d1d00
SSDEEP

12288:j1qT+o1ydFrsBIUGbE6SHWFIVckN4gHqdCC+5nqNEEEEEEEEEEEEGEEEEEEGGdzR:j1Y+o1ydFrsBIUuEpHWFIS3gHjT+GXVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28bd85069d2475bd79b0858ebcb19b255afd2cfeb594ed9e554717c4fcc33513

Files

28bd85069d2475bd79b0858ebcb19b255afd2cfeb594ed9e554717c4fcc33513
.dll regsvr32 windows:4 windows x86 arch:x86

eb2b8fca0e339cbd76eb74069b470a52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

SystemFunction036

kernel32

DisableThreadLibraryCalls
EnumResourceNamesW
FileTimeToLocalFileTime
FindResourceW
GetDateFormatW
GetEnvironmentVariableW
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetNumberFormatW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LoadLibraryW
LoadResource
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
SizeofResource
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TzSpecificLocalTimeToSystemTime
WideCharToMultiByte

ntdll

_vsnprintf

ole32

CLSIDFromProgID
CoGetClassObject
CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayCopy
VariantChangeTypeEx
LoadRegTypeLib
VarUdateFromDate

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vswprintf_s
_assert
_create_locale
_dclass
_free_locale
_itow
_ltow_s
_strdup
_wcsdup
_wcsicmp
_wcsnicmp
acos
asin
atan
atan2
bsearch
calloc
cos
exp
fmod
free
fwrite
getenv
isalnum
iswalnum
iswalpha
iswspace
log
log10
lround
malloc
memcmp
memcpy
memmove
memset
pow
realloc
sin
sqrt
strchr
strcmp
strcspn
strlen
tan
towlower
towupper
wcschr
wcscmp
wcscpy
wcsncmp
wcsstr
wcstol

user32

LoadStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb2b8fca0e339cbd76eb74069b470a52

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

ole32

oleaut32

ucrtbase

user32

Exports

Exports

Sections

.text Size: 468KB - Virtual size: 467KB

.data Size: 4KB - Virtual size: 1KB

.rodata Size: 4KB - Virtual size: 24B

.rdata Size: 80KB - Virtual size: 78KB

/4 Size: 60KB - Virtual size: 58KB

.edata Size: 4KB - Virtual size: 172B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 168KB - Virtual size: 166KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 468KB - Virtual size: 467KB

.data
Size: 4KB - Virtual size: 1KB

.rodata
Size: 4KB - Virtual size: 24B

.rdata
Size: 80KB - Virtual size: 78KB

/4
Size: 60KB - Virtual size: 58KB

.edata
Size: 4KB - Virtual size: 172B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 168KB - Virtual size: 166KB

.reloc
Size: 24KB - Virtual size: 21KB