29d14c026053d4e3fe0b537886b072b7b4a1d5d157c55a11b369aa46f66c7f98

Sharing

Copy URL Twitter E-mail

General

Target

29d14c026053d4e3fe0b537886b072b7b4a1d5d157c55a11b369aa46f66c7f98
Size

1.2MB
MD5

b6b4a25949df23a1f9b281f5062f6eb2
SHA1

5983d425eefcc951e157c98d8aa8af607167b93c
SHA256

29d14c026053d4e3fe0b537886b072b7b4a1d5d157c55a11b369aa46f66c7f98
SHA512

002b70cc61fda44df40b0b884bc27fdda1d51f47bd4e2c5fd7dabf100c6317d9abefb1d37ce624f3c5a7983ba4e72e2788f6230715269cd7b27741bf3240f8e6
SSDEEP

24576:+uuNBsM1pUqEPCz5nCLRI6fQyt4AYzLTnTcc+hTINgajpw52RTrTjDf:+5k4UxPK5nCLUTl+Vg20hPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29d14c026053d4e3fe0b537886b072b7b4a1d5d157c55a11b369aa46f66c7f98

Files

29d14c026053d4e3fe0b537886b072b7b4a1d5d157c55a11b369aa46f66c7f98
.dll regsvr32 windows:6 windows x64 arch:x64

5d40f925acea534a38ebf5c715b9d2e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libyuv_x64

ARGBToRGB24
ARGBCopy
ARGBToABGR
ARGBToI420
RGB24ToARGB
NV12ToARGB
I420ToARGB
ARGBScale
ScalePlane
ABGRToNV12
ABGRToI420
I420Copy
I420ToNV12
ABGRToARGB

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

kernel32

SetStdHandle
GetFullPathNameA
GetFullPathNameW
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
GetCurrentProcessId
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
InitializeCriticalSectionEx
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
TerminateProcess
OpenProcess
FreeResource
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
CreateToolhelp32Snapshot
MoveFileExW
GetCommandLineW
GetTempPathW
GetModuleHandleExW
SetEvent
ResetEvent
OpenEventW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
RemoveDirectoryW
CopyFileW
WideCharToMultiByte
VerSetConditionMask
OutputDebugStringA
LoadLibraryW
VerifyVersionInfoW
LoadLibraryA
lstrlenW
GetVersionExW
DisableThreadLibraryCalls
DuplicateHandle
ReleaseSemaphore
GetCurrentProcess
GetCurrentThreadId
GetSystemInfo
VirtualAlloc
VirtualFree
WaitForMultipleObjects
lstrcmpW
CreateSemaphoreW
Sleep
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetTickCount
GetModuleHandleW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFilePointerEx
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
GetACP
GetStdHandle
EnumSystemLocalesW
SetConsoleCtrlHandler
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
Process32FirstW
GetCommandLineA
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
ReadConsoleW
Process32NextW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapQueryInformation
ExitProcess
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
VirtualProtect
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
EncodePointer
FormatMessageW
GetStringTypeW

user32

PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
RegisterWindowMessageW
SetTimer
SetRectEmpty
MessageBoxW
UnregisterClassW
GetQueueStatus

gdi32

SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegCloseKey
RegSetValueExW
RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFindFileNameW

winmm

timeSetEvent
timeGetTime

gdiplus

GdipAlloc
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d40f925acea534a38ebf5c715b9d2e7

Headers

DLL Characteristics

File Characteristics

Imports

libyuv_x64

dxgi

d3d11

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

gdiplus

Exports

Exports

Sections

.text Size: 813KB - Virtual size: 813KB

.rdata Size: 270KB - Virtual size: 270KB

.data Size: 11KB - Virtual size: 21KB

.pdata Size: 46KB - Virtual size: 46KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 813KB - Virtual size: 813KB

.rdata
Size: 270KB - Virtual size: 270KB

.data
Size: 11KB - Virtual size: 21KB

.pdata
Size: 46KB - Virtual size: 46KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 7KB - Virtual size: 6KB