1f01a1bf32ef1bce083f7b95dcda5d28244708822966d9f63b4f64556bee9f9e

Sharing

Copy URL

Twitter E-mail

General

Target

1f01a1bf32ef1bce083f7b95dcda5d28244708822966d9f63b4f64556bee9f9e
Size

1.2MB
MD5

9235b1ff4feb72fd521a7ff48e24c10d
SHA1

b9eb9dd87b70715754fac403052fd54df2a01b21
SHA256

1f01a1bf32ef1bce083f7b95dcda5d28244708822966d9f63b4f64556bee9f9e
SHA512

ffc85acd6b5ff0d3ed7ad142cbbf6ba11d3b35e281d90671507478108579dc3f7e0f9f9fc7c6ad48b5176db2aa48155696718e9c804002e39f3e533efeb2bdb5
SSDEEP

24576:JbYRleg4H/qZHeK+dVxodFx2mi8WJhFwmuK/DHvb1MrzM+SU5L5tj112jGLF2eoj:0UQH1dFx2mi8kwybqzM8L5tj112jGLFq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f01a1bf32ef1bce083f7b95dcda5d28244708822966d9f63b4f64556bee9f9e

Files

1f01a1bf32ef1bce083f7b95dcda5d28244708822966d9f63b4f64556bee9f9e
.dll regsvr32 windows:6 windows x86 arch:x86

6e16afd0d7990d33ac75371bcceecbc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
lstrcatA
ExitThread
Sleep
GetLastError
DeleteFileA
HeapAlloc
ExitProcess
GetProcessHeap
GetSystemTime
Process32First
EnterCriticalSection
VirtualFree
WriteFile
LeaveCriticalSection
CreateMutexA
GetTimeFormatA
CreateToolhelp32Snapshot
GetTempPathA
GetDateFormatA
GlobalAlloc
Process32Next
GetTickCount
GetModuleHandleW
lstrcmpA
lstrcpyA
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleExW
DeleteCriticalSection
GetConsoleCP
SetLastError
GetCurrentThread
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
RaiseException
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
GetFileSizeEx
SetFilePointerEx
InitializeCriticalSectionAndSpinCount
GetCommandLineA
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
MultiByteToWideChar
DeleteFileW
WideCharToMultiByte
CreateFileW
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
ReadConsoleW
ReadFile
GetCPInfo
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
GetModuleFileNameW
HeapSize
HeapReAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
EncodePointer
DecodePointer
OutputDebugStringW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
SwitchToThread
CreateEventW
FormatMessageW
MapViewOfFile
FreeLibrary
GetFileSize
CreateFileMappingA
HeapFree
GetProcAddress
CloseHandle
LoadLibraryA
CreateFileA
UnmapViewOfFile
VirtualProtect
TlsAlloc
GetModuleFileNameA
SetEndOfFile

user32

DispatchMessageA
GetDC
CreateWindowExW
ShowWindow
DefWindowProcA
GetMessageA
TranslateMessage
PostQuitMessage
EnableMenuItem
RegisterClassExA
UpdateWindow
DestroyMenu
MessageBoxA
ActivateKeyboardLayout
EndPaint
GetKeyboardLayout
BeginPaint

gdi32

LineTo
GetStockObject
CreatePen
Rectangle
SelectObject
TextOutA
DeleteObject
MoveToEx

comdlg32

FindTextA
GetOpenFileNameA
GetSaveFileNameA

wininet

InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA
InternetOpenA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
InternetQueryOptionA
InternetCanonicalizeUrlA

Exports

Exports

DllRegisterServer
ajb6uujmba7ljobupoyex1n5
c0wqso26efwq
h6i4f54ttqxq
i1nxq1k0k82ratrljmsex6pq3j
iyctzr1t733pfq3t
lr0ukz75o2j5xwsx
r32ff4y8les
syd
vhbd6nnyxq69dl
vs5xxc3ri6w5d6b
wf8nga1z8n1f45uk6
ymam87fdr14vcw74lr40bg

Sections

.text
Size: 988KB - Virtual size: 988KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e16afd0d7990d33ac75371bcceecbc8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

wininet

Exports

Exports

Sections

.text Size: 988KB - Virtual size: 988KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 7KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 79KB - Virtual size: 79KB

.text
Size: 988KB - Virtual size: 988KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 7KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 79KB - Virtual size: 79KB