a1075b68e4975722e8e3122222120dd3e5651d4956f486912c9180ed9dcfbfd9

Sharing

Copy URL Twitter E-mail

General

Target

a1075b68e4975722e8e3122222120dd3e5651d4956f486912c9180ed9dcfbfd9
Size

150KB
MD5

2a82835543ab6e4160babd286ca2eb97
SHA1

9c823bc065eb77ec2aed2bc374c29634674fc108
SHA256

a1075b68e4975722e8e3122222120dd3e5651d4956f486912c9180ed9dcfbfd9
SHA512

a65ccde1613664758578afe9c04866d4630fabbafc3bac63297a844e46e97f9a444ccc1d1ce789f9aaf168871b6fd57775c8d8ae6bf1520a8c659c2a81cc48c5
SSDEEP

3072:Wz4Ri0E38mx8fV154HKZ08hHWLzO3PRsoKA46MY9/g/eDsd1vF:Wzsi0Yfx8t15pZ9hHWufwADMKo/eg/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1075b68e4975722e8e3122222120dd3e5651d4956f486912c9180ed9dcfbfd9

Files

a1075b68e4975722e8e3122222120dd3e5651d4956f486912c9180ed9dcfbfd9
.dll windows x86

6f65440c617429bf42b4c23ff8f5dcb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wesingcommon

?GetProcessHostType@qqmusic@@YAHXZ

platformutils

blog
os_wcs_to_utf8_ptr
os_set_thread_name
dstr_replace
dstr_ncat
dstr_cat_dstr
dstr_copy
wstrstri
astrcmpi
blogva
dstr_from_wcs
bmalloc
bfree
brealloc
dstr_to_wcs
text_lookup_getstr
text_lookup_destroy

avcodec-lx-58

_source_get_flags
_source_showing
_source_set_error
_source_get_name
_source_get_settings
_notify_event
_get_video_info
_register_source_s
_property_list_item_int
_property_list_item_string
_property_list_item_name
_module_load_locale
_property_list_item_remove
_property_list_item_disabled
_property_list_item_disable
_property_list_add_int
_property_list_add_string
_property_list_clear
_property_set_long_description
_property_set_description
_property_set_enabled
_property_set_visible
_property_set_modified_callback
_properties_add_button
_properties_add_list
_properties_add_float
_properties_add_bool
_properties_get
_properties_get_param
_property_list_item_count
_avc_keyframe
_data_set_default_int
_data_get_int
_properties_create
_properties_set_param
_data_unset_autoselect_value
_source_set_async_unbuffered
_source_output_video
_data_has_autoselect_value
_data_get_autoselect_int
_data_get_autoselect_string
_data_get_bool
_data_get_string
_data_set_autoselect_int
_data_set_autoselect_string
_data_set_default_bool
_data_set_default_double
_data_set_default_string
_data_set_bool
_data_set_string
_data_release
_avc_find_startcode
_encoder_active
_encoder_video
_encoder_get_height
_encoder_get_width
_encoder_get_name
_register_encoder_s
_properties_add_int
_source_output_audio

avutil-55

av_free
av_frame_alloc
av_log_set_level
av_log_set_callback
av_log_default_callback

avcodec-57

avcodec_alloc_context3
avcodec_register_all
avcodec_decode_video2
avcodec_decode_audio4
avcodec_find_decoder
av_init_packet
avcodec_close
avcodec_open2

kernel32

OutputDebugStringW
LocalFree
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
FormatMessageW
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSemaphore
Sleep
WaitForSingleObject
CreateThread
CreateSemaphoreW

user32

MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

OleCreatePropertyFrame

sensetimeutil

DestroyBeautifyHelper
CreateBeautifyHelper

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

memset
__std_terminate
__CxxFrameHandler3
_purecall
memmove
_CxxThrowException
wcsstr
strchr
__vcrt_InitializeCriticalSectionEx
__std_exception_copy
__std_exception_destroy
_except_handler4_common
__std_type_info_destroy_list
memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_dll
_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
_crt_atexit
_cexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsscanf
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

_module_free_locale
_module_load
_module_set_locale
_module_set_pointer
_module_ver

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f65440c617429bf42b4c23ff8f5dcb9

Headers

DLL Characteristics

File Characteristics

Imports

wesingcommon

platformutils

avcodec-lx-58

avutil-55

avcodec-57

kernel32

user32

ole32

oleaut32

sensetimeutil

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 76B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 76B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB