47ac0d5b46138855b4ef3e5dd132f0416f02ac701456bfdd3dd4829d2ac199fc

Sharing

Copy URL Twitter E-mail

General

Target

47ac0d5b46138855b4ef3e5dd132f0416f02ac701456bfdd3dd4829d2ac199fc
Size

507KB
MD5

7ccfe26dbd1524e6fefd99f2268c0810
SHA1

1b035595ef9e65f4f32b58bfc8a08b416bbdcca8
SHA256

47ac0d5b46138855b4ef3e5dd132f0416f02ac701456bfdd3dd4829d2ac199fc
SHA512

507fa0f23baa859b7329b5757cb05e39427a3f4f9f958788a7569c90a41e9ab009858129829fca9434569eaf8d8a682ea302ebcb0421679516f1255c42041431
SSDEEP

3072:QvKbB4g729l4sIp4afKU03TbXY+qdcsAghV0ezVRxaz0bNIESdtBw56ftHB9KXYy:GgLHyL99NwsPRCBaq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47ac0d5b46138855b4ef3e5dd132f0416f02ac701456bfdd3dd4829d2ac199fc

Files

47ac0d5b46138855b4ef3e5dd132f0416f02ac701456bfdd3dd4829d2ac199fc
.dll regsvr32 windows:4 windows x64 arch:x64

63cbba4b329d77788f43ffbc3711cdc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

Imports

advapi32

RegCloseKey
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueW

comctl32

PropertySheetW

kernel32

DisableThreadLibraryCalls
EnumResourceNamesW
FindResourceW
GetEnvironmentVariableW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrW
LoadLibraryW
LoadResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte

ntdll

_vsnprintf

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ProgIDFromCLSID

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayPutElement
VarI2FromUI1
VarI2FromI4
VarI2FromR4
VarI2FromR8
VarI2FromCy
VarI2FromDate
VarI2FromStr
VarI2FromBool
VarI4FromUI1
VarI4FromI2
VarI4FromR4
VarI4FromR8
VarI4FromCy
VarI4FromDate
VarI4FromStr
VarI4FromBool
VarR4FromUI1
VarR4FromI2
VarR4FromI4
VarR4FromR8
VarR4FromCy
VarR4FromDate
VarR4FromStr
VarR4FromBool
VarR8FromUI1
VarR8FromI2
VarR8FromI4
VarR8FromR4
VarR8FromCy
VarR8FromDate
VarR8FromStr
VarR8FromBool
VarDateFromUI1
VarDateFromI2
VarDateFromI4
VarDateFromR4
VarDateFromR8
VarDateFromCy
VarDateFromStr
VarDateFromBool
VarCyFromUI1
VarCyFromI2
VarCyFromI4
VarCyFromR4
VarCyFromR8
VarCyFromDate
VarCyFromStr
VarCyFromBool
VarBstrFromUI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
VarBoolFromUI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromR4
VarBoolFromR8
VarBoolFromDate
VarBoolFromCy
VarBoolFromStr
VarUI1FromI2
VarUI1FromI4
VarUI1FromR4
VarUI1FromR8
VarUI1FromCy
VarUI1FromDate
VarUI1FromStr
VarUI1FromBool
SystemTimeToVariantTime
VariantTimeToSystemTime
VarI2FromI1
VarI2FromUI2
VarI2FromUI4
VarI2FromDec
VarI4FromI1
VarI4FromUI2
VarI4FromUI4
VarI4FromDec
VarR4FromI1
VarR4FromUI2
VarR4FromUI4
VarR4FromDec
VarR8FromI1
VarR8FromUI2
VarR8FromUI4
VarR8FromDec
VarDateFromI1
VarDateFromUI2
VarDateFromUI4
VarDateFromDec
VarCyFromI1
VarCyFromUI2
VarCyFromUI4
VarCyFromDec
VarBstrFromI1
VarBstrFromUI2
VarBstrFromUI4
VarBstrFromDec
VarBoolFromI1
VarBoolFromUI2
VarBoolFromUI4
VarBoolFromDec
VarUI1FromI1
VarUI1FromUI2
VarUI1FromUI4
VarUI1FromDec
VarI1FromUI1
VarI1FromI2
VarI1FromI4
VarI1FromR4
VarI1FromR8
VarI1FromDate
VarI1FromCy
VarI1FromStr
VarI1FromBool
VarI1FromUI2
VarI1FromUI4
VarI1FromDec
VarUI2FromUI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromR4
VarUI2FromR8
VarUI2FromDate
VarUI2FromCy
VarUI2FromStr
VarUI2FromBool
VarUI2FromI1
VarUI2FromUI4
VarUI2FromDec
VarUI4FromUI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromR4
VarUI4FromR8
VarUI4FromDate
VarUI4FromCy
VarUI4FromStr
VarUI4FromBool
VarUI4FromI1
VarUI4FromUI2
VarUI4FromDec
VarI8FromStr
VarI2FromI8
VarI2FromUI8
VarI4FromI8
VarI4FromUI8
VarR4FromI8
VarR4FromUI8
VarR8FromI8
VarR8FromUI8
VarDateFromI8
VarDateFromUI8
VarCyFromI8
VarCyFromUI8
VarBstrFromI8
VarBstrFromUI8
VarBoolFromI8
VarBoolFromUI8
VarUI1FromI8
VarUI1FromUI8
VarDecFromI8
VarI1FromI8
VarI1FromUI8
VarUI2FromI8
VarUI2FromUI8
VarUI4FromI8
VarUI4FromUI8
VarUI8FromI8
VarUI8FromUI1
VarUI8FromI2
VarUI8FromR4
VarUI8FromR8
VarUI8FromCy
VarUI8FromDate
VarUI8FromStr
VarUI8FromBool
VarUI8FromI1
VarUI8FromUI2
VarUI8FromUI4
VarUI8FromDec

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswscanf
_strdup
_wcsdup
_wcsicmp
bsearch
calloc
free
fwrite
getenv
malloc
memcmp
memcpy
memmove
memset
realloc
strchr
strcmp
strcspn
strlen
wcschr
wcsstr

user32

CharLowerW
EnableWindow
GetDlgItem
GetParent
GetWindowRect
LoadStringW
MessageBoxA
MessageBoxW
SendMessageA
SendMessageW
SetWindowLongPtrW
wsprintfW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 368B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63cbba4b329d77788f43ffbc3711cdc4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

comctl32

kernel32

ntdll

ole32

oleaut32

ucrtbase

user32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.data Size: 4KB - Virtual size: 272B

.rodata Size: 4KB - Virtual size: 344B

.rdata Size: 56KB - Virtual size: 54KB

.buildid Size: 4KB - Virtual size: 53B

.pdata Size: 4KB - Virtual size: 1KB

.xdata Size: 4KB - Virtual size: 1KB

.bss Size: - Virtual size: 368B

.edata Size: 4KB - Virtual size: 224B

.idata Size: 12KB - Virtual size: 9KB

.rsrc Size: 116KB - Virtual size: 114KB

.reloc Size: 4KB - Virtual size: 332B

.text
Size: 64KB - Virtual size: 60KB

.data
Size: 4KB - Virtual size: 272B

.rodata
Size: 4KB - Virtual size: 344B

.rdata
Size: 56KB - Virtual size: 54KB

.buildid
Size: 4KB - Virtual size: 53B

.pdata
Size: 4KB - Virtual size: 1KB

.xdata
Size: 4KB - Virtual size: 1KB

.bss
Size: - Virtual size: 368B

.edata
Size: 4KB - Virtual size: 224B

.idata
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 116KB - Virtual size: 114KB

.reloc
Size: 4KB - Virtual size: 332B