9944932efa9b7a74e327e729800ddfb5fad30b6ba39102c9afbe676feaa7e8e3

Sharing

Copy URL

Twitter E-mail

General

Target

9944932efa9b7a74e327e729800ddfb5fad30b6ba39102c9afbe676feaa7e8e3
Size

439KB
MD5

b9ba99eb526cb5b67d903b29a2d119e8
SHA1

40065f57c8ecc9afde7ff44eb7230f8c9ca2afe4
SHA256

9944932efa9b7a74e327e729800ddfb5fad30b6ba39102c9afbe676feaa7e8e3
SHA512

4cd40ccca13bbfd60c12e005b7d93e5e4f4a585d248ba3b0f9c7bc5bc97bc88c1f62cd2c2c6c584da779270a241a9d6d338d431001ba1b07cdfba6dbb3b0f976
SSDEEP

12288:G6RrcEiKH68RE/fZFuBcQqzesRzxW567oQzFdwAy9:G6FcETtIZacQIts4FdwAs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SeaOfChoros.dll

Files

9944932efa9b7a74e327e729800ddfb5fad30b6ba39102c9afbe676feaa7e8e3
.zip
SeaOfChoros.dll
.dll windows:6 windows x64 arch:x64

d4d41ec431d4378fe7b0188e6846924f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
_FExp
?_Xlength_error@std@@YAXPEBD@Z

user32

SetWindowLongPtrA
CallWindowProcA
DefWindowProcA
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SendInput
GetAsyncKeyState

kernel32

GetLastError
AreFileApisANSI
EnterCriticalSection
WaitForSingleObjectEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
WideCharToMultiByte
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
GetProcAddress
CloseHandle
GetCurrentProcess
GetModuleHandleA
K32GetModuleInformation
Sleep
AllocConsole
FreeConsole
SetConsoleOutputCP
CreateFileW
ReadFile
WriteFile
CreateThread
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleFileNameW
LocalFree
FormatMessageA
LeaveCriticalSection

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord4
ord2

ntdll

ZwQueryVirtualMemory
ZwAllocateVirtualMemory
ZwGetContextThread
ZwFlushInstructionCache
ZwProtectVirtualMemory
ZwOpenThread
ZwSetContextThread
ZwFreeVirtualMemory
ZwClose
ZwQuerySystemInformation
ZwResumeThread
ZwSuspendThread

vcruntime140

__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
__current_exception_context
__current_exception
__C_specific_handler
memset
memmove
memcpy
memcmp
memchr
_CxxThrowException
strstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
terminate
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_errno
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

sqrtf
sinf
acosf
log
pow
tanf
fmodf
sin
_fdsign
ldexp
copysignf
ilogbf
scalbnf
powf
logf
atan2f
cos
cosf

api-ms-win-crt-stdio-l1-1-0

fwrite
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
ftell
freopen_s
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtol
atof

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4d41ec431d4378fe7b0188e6846924f

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

user32

kernel32

imm32

d3dcompiler_47

xinput1_4

ntdll

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 416KB - Virtual size: 415KB

.rdata Size: 516KB - Virtual size: 515KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 312B

.text
Size: 416KB - Virtual size: 415KB

.rdata
Size: 516KB - Virtual size: 515KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 312B