7851d544529979fe327248301ae1e0dfb5aed2197e8d50c102cada70087169c0

Sharing

Copy URL

Twitter E-mail

General

Target

7851d544529979fe327248301ae1e0dfb5aed2197e8d50c102cada70087169c0
Size

138KB
MD5

b6a7cae2f37bc8009357a329fe3fd58f
SHA1

ee53de661ae942b456c728dcd2aa8825b69e9bb3
SHA256

7851d544529979fe327248301ae1e0dfb5aed2197e8d50c102cada70087169c0
SHA512

83f57ca14d72b5d33093e939c7f07746412b86d1319bc394f91f31462153116f5a8f4a5f115b225f3176451ab5ff83d655effb5374cb811463356ff1b47e0b7a
SSDEEP

3072:bdkeOYz49OcqZTXCHbb4YPWhTTPellAMUG7OAg0FuU9iEMVE:bYZqZjaPPcuEGKAOKsi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7851d544529979fe327248301ae1e0dfb5aed2197e8d50c102cada70087169c0

Files

7851d544529979fe327248301ae1e0dfb5aed2197e8d50c102cada70087169c0
.dll windows x86

38b2d519cb76f04164a1e123a1a5defb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
DeleteCriticalSection
WideCharToMultiByte
Sleep
WriteFile
GetModuleFileNameW
K32GetModuleFileNameExW
CreateFileW
OpenProcess
QueryPerformanceFrequency
CloseHandle
GetModuleHandleW
QueryFullProcessImageNameW
QueryPerformanceCounter
SetUnhandledExceptionFilter
CreateThread
GetProcAddress
WriteProcessMemory
WaitForSingleObject
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Module32FirstW
InitializeCriticalSection
CreateRemoteThread
Module32NextW
VirtualFreeEx
OutputDebugStringW
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LeaveCriticalSection
VirtualAllocEx
EnterCriticalSection
LCMapStringW
GetFileType
GetStdHandle
HeapFree
WriteConsoleW
HeapReAlloc
HeapAlloc
GetModuleHandleExW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess

user32

SetWindowLongW
RegisterClassW
GetClassInfoW
CreateWindowExW
DestroyWindow
DefWindowProcW
PostMessageW
IsWindowUnicode
PeekMessageA
TranslateMessage
PeekMessageW
DispatchMessageW
DispatchMessageA

advapi32

GetTokenInformation
OpenProcessToken

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
ioctlsocket
recv
send
WSAAsyncSelect
closesocket
htons
listen
bind
accept
socket

Exports

Exports

audioMixProc
disconnectPlayer
enumPlayer
injectPlayer
setAudioEventCallback
setAudioSource
setMixDisconnectCallback
setPlayerConnectCallback

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38b2d519cb76f04164a1e123a1a5defb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB