DllRegisterServer
Static task
static1
Behavioral task
behavioral1
Sample
2b635ec0b565fc5de655d75058075a6829482cc12828ee9a91ad7af6f7f6a3d5.dll
Resource
win7-20241010-en
General
-
Target
2b635ec0b565fc5de655d75058075a6829482cc12828ee9a91ad7af6f7f6a3d5
-
Size
764KB
-
MD5
04d1218c1b3b287c6064ba436590a89c
-
SHA1
18641e69b81c7283662289b966d4790231358577
-
SHA256
2b635ec0b565fc5de655d75058075a6829482cc12828ee9a91ad7af6f7f6a3d5
-
SHA512
dad94a776fd20656013b1d79b8b95fa8b3f4cdd9ab68e6a7a570c8fb91258d343798379ae4acf4db6a07adbd39573e376dc062d7dc38940be15347f78b69ef3d
-
SSDEEP
12288:hJheLDF+GBXYT7Ose6FPmg3TVtG2lqfn3tBzqgf/lvusL+o:hJhGgGJIJe6FPmg3W2lqfn3POS/lmsLL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2b635ec0b565fc5de655d75058075a6829482cc12828ee9a91ad7af6f7f6a3d5
Files
-
2b635ec0b565fc5de655d75058075a6829482cc12828ee9a91ad7af6f7f6a3d5.dll regsvr32 windows:4 windows x64 arch:x64
3a54e861d3d9d8c5cf26fa2949d55f6d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
RaiseException
RtlPcToFileHeader
HeapSize
VirtualProtect
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsGetValue
FlsFree
FlsAlloc
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
FlsSetValue
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetTickCount
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
FileTimeToSystemTime
GetThreadLocale
lstrlenA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
CloseHandle
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalAlloc
FormatMessageW
LocalFree
GlobalFree
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
FreeLibrary
GetModuleFileNameW
LockResource
VirtualAlloc
GetProcAddress
SetLastError
GetLastError
SizeofResource
LoadLibraryW
GetModuleHandleW
LoadResource
FindResourceW
GetStartupInfoA
ExitProcess
user32
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
SetCursor
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
CharNextW
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ReleaseDC
GetDC
CharUpperW
DestroyMenu
GetTopWindow
CopyRect
IsWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
GetWindowTextLengthW
GetWindowTextW
GetParent
GetWindow
SetFocus
SetCapture
ReleaseCapture
UpdateWindow
GetWindowRect
IsIconic
LoadCursorW
DrawIcon
GetClientRect
LoadIconW
SetRect
InvalidateRect
GetWindowLongW
SetWindowLongW
GetSystemMetrics
SendMessageW
EnableWindow
MessageBoxW
UnregisterClassA
gdi32
ExtSelectClipRgn
DeleteDC
ExtTextOutW
GetStockObject
GetDeviceCaps
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
GetWindowExtEx
GetViewportExtEx
GetObjectW
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateRectRgnIndirect
Escape
comdlg32
GetFileTitleW
winspool.drv
DocumentPropertiesW
OpenPrinterW
ClosePrinter
advapi32
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
shlwapi
PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW
oledlg
OleUIBusyW
ole32
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoLoadLibrary
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
oleaut32
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysStringLen
Exports
Exports
Sections
.text Size: 312KB - Virtual size: 312KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 302KB - Virtual size: 301KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ