cfb75b3fba2d6d1773fe9e22870a2d585864c2055bb5d870c48091272fd32f12

Sharing

Copy URL

Twitter E-mail

General

Target

cfb75b3fba2d6d1773fe9e22870a2d585864c2055bb5d870c48091272fd32f12
Size

742KB
MD5

0e44a44f8365e012b6cc2072cf97f498
SHA1

df10a08eee274ca24f916de141453b825b3662a6
SHA256

cfb75b3fba2d6d1773fe9e22870a2d585864c2055bb5d870c48091272fd32f12
SHA512

46a6a91f412ade60cb24cbaef06ca0fa84380fbd97d1a9f31927edaaec080d73332a3c55abf796408a9efd6b62c376d9f6fdcb9251f1068c6d03627d5606e56a
SSDEEP

12288:ckd4N2A+TyrjNDCaVN+dC1FXWWf3HlTT1LwmBvb:ckdxT2rZDCaVN+mXWW3HBemBj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
cfb75b3fba2d6d1773fe9e22870a2d585864c2055bb5d870c48091272fd32f12

Files

cfb75b3fba2d6d1773fe9e22870a2d585864c2055bb5d870c48091272fd32f12
.dll regsvr32 windows:4 windows x64 arch:x64

cef7e711f2eeb92f122893202dc2ab83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wsock32

inet_addr
WSACleanup
gethostbyname
WSAStartup

kernel32

FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapFree
VirtualProtect
GetSystemInfo
VirtualQuery
HeapAlloc
HeapReAlloc
FlsSetValue
GetCommandLineA
GetProcessHeap
HeapSize
FlsGetValue
FlsFree
FlsAlloc
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToSystemTime
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringA
FormatMessageA
LocalFree
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
SetLastError
GlobalAddAtomA
CloseHandle
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GetLastError
lstrlenA
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
LoadLibraryW
ExitProcess
VirtualAlloc
RtlVirtualUnwind

user32

CharNextA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
SetFocus
GetSysColorBrush
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
ReleaseCapture
LoadCursorA
SetCapture
EndPaint
GetWindowTextA
BeginPaint
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
CharUpperA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
GetMenu

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetDeviceCaps
ScaleViewportExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
PtVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
CoFreeUnusedLibraries
OleIsCurrentClipboard

oleaut32

SysFreeString
VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

Exports

Exports

DllRegisterServer
P8KN6Ry3VDViGrYu4GbA8RiNq

Sections

.text
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cef7e711f2eeb92f122893202dc2ab83

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 359KB - Virtual size: 358KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 14KB - Virtual size: 38KB

.pdata Size: 26KB - Virtual size: 25KB

.rsrc Size: 208KB - Virtual size: 208KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 359KB - Virtual size: 358KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 14KB - Virtual size: 38KB

.pdata
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 208KB - Virtual size: 208KB

.reloc
Size: 12KB - Virtual size: 12KB