4b9681a3870a5b81830e3271ac19dcaa8ebcff1d41ca88f59289e349c617a59f

Sharing

Copy URL Twitter E-mail

General

Target

4b9681a3870a5b81830e3271ac19dcaa8ebcff1d41ca88f59289e349c617a59f
Size

1.2MB
MD5

2cfd7c366f70e03da8d09f3f6ce1d09b
SHA1

17c5e863e5286cf05297403a756a066717d6a424
SHA256

4b9681a3870a5b81830e3271ac19dcaa8ebcff1d41ca88f59289e349c617a59f
SHA512

bcf9d7b66a353f01fa294ca6c0a462845aa5506926428b7030f568526adf62777af1725d87b858fd764869c051513b1146f06f25477a2bb2dd1106541c256a15
SSDEEP

6144:neR4DJsSZsR3mLVKNQ6EdMLBukkkP7g9lSis2nxGepz:nu4DJsSe3mLQgkke6iKGepz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b9681a3870a5b81830e3271ac19dcaa8ebcff1d41ca88f59289e349c617a59f

Files

4b9681a3870a5b81830e3271ac19dcaa8ebcff1d41ca88f59289e349c617a59f
.dll regsvr32 windows:4 windows x86 arch:x86

a0eb6e53706349729e403801f02f3e6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

Imports

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptGetKeyParam
CryptGetUserKey
CryptReleaseContext
CryptSetProvParam
RegCloseKey
RegCreateKeyExW
RegDeleteValueA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_SetBkColor
PropertySheetW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

crypt32

CertAddCRLContextToStore
CertAddCTLContextToStore
CertAddCertificateContextToStore
CertAddStoreToCollection
CertCloseStore
CertCreateCertificateChainEngine
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertEnumCRLsInStore
CertEnumCTLsInStore
CertEnumCertificatesInStore
CertEnumSystemStore
CertFindExtension
CertFreeCRLContext
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetNameStringW
CertGetPublicKeyLength
CertGetStoreProperty
CertGetValidUsages
CertNameToStrW
CertOpenStore
CertOpenSystemStoreW
CertRDNValueToStrW
CertSaveStore
CertSetCertificateContextProperty
CertSetEnhancedKeyUsage
CryptBinaryToStringA
CryptDecodeObjectEx
CryptFindLocalizedName
CryptFindOIDInfo
CryptFormatObject
CryptQueryObject
PFXExportCertStore

gdi32

CreateFontW
DeleteObject
GetDeviceCaps

kernel32

CloseHandle
CompareFileTime
CreateFileW
DelayLoadFailureHook
DisableThreadLibraryCalls
EnumResourceNamesW
FileTimeToSystemTime
FindResourceW
FormatMessageW
FreeLibrary
GetDateFormatW
GetEnvironmentVariableW
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrW
LoadLibraryW
LoadResource
LocalFree
MulDiv
MultiByteToWideChar
RaiseException
ResolveDelayLoadedAPI
SizeofResource
WriteFile
lstrcmpW

ntdll

_vsnprintf

ole32

CreateBindCtx
OleCreateDefaultHandler

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
_strdup
_wcsdup
_wcsicmp
calloc
free
fwrite
getenv
iswprint
iswspace
malloc
memcmp
memcpy
memmove
realloc
strchr
strcmp
strcpy
strcspn
strlen
wcslen
wcsrchr

user32

DialogBoxParamW
EnableWindow
EndDialog
EnumChildWindows
GetClassLongW
GetDC
GetDlgItem
GetParent
GetWindowLongW
GetWindowRect
IsDlgButtonChecked
LoadBitmapW
LoadImageW
LoadStringW
MapWindowPoints
MessageBoxW
PostMessageW
ReleaseDC
SendMessageA
SendMessageW
SetFocus
SetWindowLongW
SetWindowPos
ShowScrollBar
ShowWindow

Exports

Exports

ACUIProviderInvokeUI
CryptUIDlgCertMgr
CryptUIDlgFreeCAContext
CryptUIDlgSelectCA
CryptUIDlgSelectCertificateA
CryptUIDlgSelectCertificateFromStore
CryptUIDlgSelectCertificateW
CryptUIDlgSelectStoreA
CryptUIDlgSelectStoreW
CryptUIDlgViewCRLA
CryptUIDlgViewCRLW
CryptUIDlgViewCTLA
CryptUIDlgViewCTLW
CryptUIDlgViewCertificateA
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgViewCertificateW
CryptUIDlgViewContext
CryptUIDlgViewSignerInfoA
CryptUIDlgViewSignerInfoW
CryptUIFreeCertificatePropertiesPagesA
CryptUIFreeCertificatePropertiesPagesW
CryptUIFreeViewSignaturesPagesA
CryptUIFreeViewSignaturesPagesW
CryptUIGetCertificatePropertiesPagesA
CryptUIGetCertificatePropertiesPagesW
CryptUIGetViewSignaturesPagesA
CryptUIGetViewSignaturesPagesW
CryptUIStartCertMgr
CryptUIWizBuildCTL
CryptUIWizCertRequest
CryptUIWizCreateCertRequestNoDS
CryptUIWizDigitalSign
CryptUIWizExport
CryptUIWizFreeCertRequestNoDS
CryptUIWizFreeDigitalSignContext
CryptUIWizImport
CryptUIWizQueryCertRequestNoDS
CryptUIWizSubmitCertRequestNoDS
DllRegisterServer
DllUnregisterServer
EnrollmentCOMObjectFactory_getInstance
I_CryptUIProtect
I_CryptUIProtectFailure
LocalEnroll
LocalEnrollNoDS
RetrievePKCS7FromCA
WizardFree

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 196B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 888KB - Virtual size: 887KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0eb6e53706349729e403801f02f3e6d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

comctl32

comdlg32

crypt32

gdi32

kernel32

ntdll

ole32

ucrtbase

user32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 464B

.rodata Size: 4KB - Virtual size: 1KB

.rdata Size: 40KB - Virtual size: 38KB

.buildid Size: 4KB - Virtual size: 53B

.eh_fram Size: 12KB - Virtual size: 9KB

.bss Size: - Virtual size: 196B

.edata Size: 4KB - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 888KB - Virtual size: 887KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 464B

.rodata
Size: 4KB - Virtual size: 1KB

.rdata
Size: 40KB - Virtual size: 38KB

.buildid
Size: 4KB - Virtual size: 53B

.eh_fram
Size: 12KB - Virtual size: 9KB

.bss
Size: - Virtual size: 196B

.edata
Size: 4KB - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 888KB - Virtual size: 887KB

.reloc
Size: 4KB - Virtual size: 3KB