29defb899c0d397a7ac7a59fa094eb5be3c7e12c5984ceb029ff656485b0cf56

Sharing

Copy URL

Twitter E-mail

General

Target

29defb899c0d397a7ac7a59fa094eb5be3c7e12c5984ceb029ff656485b0cf56
Size

539KB
MD5

fd490298b613a4354b3d242806c1dd08
SHA1

f71d664c380da8a7c2a79e66247cb106c13c78c3
SHA256

29defb899c0d397a7ac7a59fa094eb5be3c7e12c5984ceb029ff656485b0cf56
SHA512

0144d2caaddbeffd666abf27a3cd86f4fc579bd80ab07aa34abbfea5991a115a47b734acff845788682f063b4455dee082d1e35eb9ae2c24cd0ceee0ad1946cf
SSDEEP

12288:7k4q+DxOsJaGHtKbEuDQ8O71JklGPkEJmWTue:7fq+UssGHtUxQ8ORqlGPkEUa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
29defb899c0d397a7ac7a59fa094eb5be3c7e12c5984ceb029ff656485b0cf56

Files

29defb899c0d397a7ac7a59fa094eb5be3c7e12c5984ceb029ff656485b0cf56
.dll regsvr32 windows:6 windows x64 arch:x64

dbf972b64f5bee9962fa1fbd93701ced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

dwrite

DWriteCreateFactory

kernel32

VirtualAlloc
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
OutputDebugStringW
LCMapStringW
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
RtlPcToFileHeader
RaiseException
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
GetStringTypeW
CreateFileW

user32

MessageBoxA
ShowWindow

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitialize

Exports

Exports

DllRegisterServer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbf972b64f5bee9962fa1fbd93701ced

Headers

DLL Characteristics

File Characteristics

Imports

dwrite

kernel32

user32

shell32

ole32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 426KB - Virtual size: 426KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 426KB - Virtual size: 426KB

.reloc
Size: 2KB - Virtual size: 1KB