85358dcec47dc3ab8336f57063704d56d2d16866091d18a6f4ca7290711c199b

Sharing

Copy URL Twitter E-mail

General

Target

85358dcec47dc3ab8336f57063704d56d2d16866091d18a6f4ca7290711c199b
Size

427KB
MD5

4773b58188006dd84a8670cde6373a6f
SHA1

444a3b7cf8fc459825547cf659e39a270dbd7539
SHA256

85358dcec47dc3ab8336f57063704d56d2d16866091d18a6f4ca7290711c199b
SHA512

7c6baa21133d434b3ac30d7955a8f3b36625ce7a40711d61c28036e04b03146da992a8cdcf106cfced665167a3e93278d26055526d9e9e282e5663707c2ce30c
SSDEEP

3072:/t5L13FKRvGi25xACRAthQ0zvOifWYKyM1dY9S1wjT7jddinnnnnx5O0U:PL13F8GB//2hQ0zvOhYTM7PwbjddK5O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85358dcec47dc3ab8336f57063704d56d2d16866091d18a6f4ca7290711c199b

Files

85358dcec47dc3ab8336f57063704d56d2d16866091d18a6f4ca7290711c199b
.dll windows x86

7b9e291a92f766dcff22170215d4a77b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

heif

heif_image_handle_get_metadata_size
heif_image_get_plane_readonly
heif_image_get_bits_per_pixel
heif_image_get_height
heif_image_get_width
heif_image_handle_get_raw_color_profile
heif_image_handle_get_raw_color_profile_size
heif_image_handle_get_metadata
heif_image_handle_get_list_of_metadata_block_IDs

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memset
__CxxFrameHandler3
memmove
_setjmp3
__std_exception_destroy
__std_type_info_destroy_list
_except_handler4_common
memcpy
__std_exception_copy
_CxxThrowException
longjmp

api-ms-win-crt-runtime-l1-1-0

_cexit
exit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
fflush
__stdio_common_vsscanf
_wfopen_s
ferror
__stdio_common_vsprintf
fclose
__stdio_common_vsnprintf_s
fwrite

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-environment-l1-1-0

getenv_s

Exports

Exports

EncodeWithExif

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b9e291a92f766dcff22170215d4a77b

Headers

DLL Characteristics

File Characteristics

Imports

heif

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 205KB - Virtual size: 204KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB