b336fc3d1baa30f6480140f259f5bdbde0efd3d4ec5aeef7d4b511bf0cc7beac

Sharing

Copy URL Twitter E-mail

General

Target

b336fc3d1baa30f6480140f259f5bdbde0efd3d4ec5aeef7d4b511bf0cc7beac
Size

324KB
MD5

76b8d6cad22505779755ba604c8d1955
SHA1

b51dc78a2a3ec952981c1837160b10b846fdcfc9
SHA256

b336fc3d1baa30f6480140f259f5bdbde0efd3d4ec5aeef7d4b511bf0cc7beac
SHA512

b4ba48486b24e8ed0c818bbc53dca3c707cd12debab01482582f008ce32246f03c5b06ec020233f58c976d7e90057f81f9208b5035613daf9bb6f7ffcba38b02
SSDEEP

6144:Z8n+pFCmtTFZnxqLtxUv05RGVlLQRh+ymC2qYMEpuV:2n+mC4LromGQqy5YMEpM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b336fc3d1baa30f6480140f259f5bdbde0efd3d4ec5aeef7d4b511bf0cc7beac

Files

b336fc3d1baa30f6480140f259f5bdbde0efd3d4ec5aeef7d4b511bf0cc7beac
.dll regsvr32 windows:6 windows x64

0db19164ab3c0ed3398d613e2be6f0f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoInitialize
CoTaskMemAlloc

user32

GetWindowLongW
DispatchMessageW
GetDesktopWindow
LoadStringW
GetWindowRect
CreateWindowExW
CreateDialogParamW
GetMessageW
TranslateMessage
DestroyIcon
InvalidateRect
LoadImageW
GetWindow
SetForegroundWindow
PostQuitMessage
EnumThreadWindows
GetCursorPos
TrackPopupMenu
PostMessageW
DestroyMenu
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
GetWindowLongPtrW
ShowWindow
MoveWindow
SetWindowPos
SetWindowLongW
SendDlgItemMessageW
UnregisterClassW
EnableWindow
GetDlgItem
SendMessageW
SetTimer
KillTimer
RegisterClassExW

comctl32

InitCommonControlsEx

avformat-lav-60

avio_alloc_context
avformat_alloc_output_context2
avformat_new_stream
avformat_write_header
av_write_trailer
avformat_free_context
av_write_frame
ff_sipr_subpk_size
ff_rm_reorder_sipr_data
ff_vorbis_comment

avutil-lav-58

av_channel_layout_uninit
av_opt_set_double
av_freep
av_log_set_callback
av_frame_free
av_channel_layout_from_mask
av_frame_unref
av_channel_layout_check
av_frame_alloc
av_dict_get
av_dict_free
av_free
av_channel_layout_copy
av_get_bytes_per_sample
av_channel_layout_compare
av_channel_layout_default
av_opt_set_int
av_mallocz

avcodec-lav-60

av_packet_unref
avcodec_receive_frame
avpriv_mpegaudio_decode_header
avcodec_flush_buffers
avcodec_is_open
ff_flac_is_extradata_valid
avcodec_open2
av_parser_init
avcodec_alloc_context3
avcodec_find_decoder_by_name
avcodec_find_decoder
av_parser_close
avcodec_close
avpriv_ac3_parse_header
av_parser_parse2
av_packet_alloc
av_packet_free
av_packet_new_side_data
avpriv_dca_convert_bitstream
avcodec_send_packet

swresample-lav-4

swr_alloc_set_opts2
swr_free
swr_init
swr_convert

kernel32

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
HeapSize
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
FreeEnvironmentStringsW
CreateFileW
GetConsoleMode
GetConsoleOutputCP
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameA
lstrlenW
lstrlenA
GetVersionExW
DisableThreadLibraryCalls
InitializeCriticalSection
lstrcmpW
GetCurrentProcess
WaitForSingleObject
GetCurrentThreadId
CreateEventW
SetEvent
CloseHandle
ResetEvent
FreeLibrary
CreateThread
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
SetLastError
RaiseException
WideCharToMultiByte
OutputDebugStringW
IsDebuggerPresent
UnhandledExceptionFilter
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile

advapi32

RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegSetValueW

oleaut32

OleCreatePropertyFrame

shell32

Shell_NotifyIconW

shlwapi

PathFindFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OpenConfiguration

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0db19164ab3c0ed3398d613e2be6f0f4

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

comctl32

avformat-lav-60

avutil-lav-58

avcodec-lav-60

swresample-lav-4

kernel32

advapi32

oleaut32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 3KB