7a4eb863572c1031403ce96d0b976ab8f0cdc5948d5a932513fc70e5450382b3

Sharing

Copy URL Twitter E-mail

General

Target

7a4eb863572c1031403ce96d0b976ab8f0cdc5948d5a932513fc70e5450382b3
Size

365KB
MD5

70f0d013ff86ddff03d6846923dd5fdb
SHA1

9499b4a094b3133d95b0e6d2b05c2d5fae766eea
SHA256

7a4eb863572c1031403ce96d0b976ab8f0cdc5948d5a932513fc70e5450382b3
SHA512

f2263e83ff63fd83d54304798604d9412b30ca0cc540295fff2f2750477e104ced728f7afa68f2bf3246e1748e39bb8f656152dc53995e666c1eef3a74d35d98
SSDEEP

6144:gxnYIgFBvYnl7grfTJjs/1mpYy8QaCLzy3dIaqYd0d+ERmVxdNpg7mp+E:EnYIGJKl0blzv8TC3y8Yd0d+ERmVOm/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a4eb863572c1031403ce96d0b976ab8f0cdc5948d5a932513fc70e5450382b3

Files

7a4eb863572c1031403ce96d0b976ab8f0cdc5948d5a932513fc70e5450382b3
.dll windows:6 windows x86 arch:x86

1558445ee8c94ae3cb3edd1356841f07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetCurrentThread
OutputDebugStringW
GetVolumePathNameW
CreateHardLinkW
GetTickCount64
WaitForSingleObject
CloseHandle
GlobalSize
GlobalUnlock
CreateEventW
SetEvent
ResetEvent
GlobalLock
GlobalAlloc
GlobalFree
LoadLibraryExW
GetTickCount
lstrlenW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
GetProcAddress
GetThreadPriority
SetThreadPriority
ResumeThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
GetCurrentProcess
GetSystemTimeAsFileTime
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
DecodePointer
LoadLibraryExA
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
DisableThreadLibraryCalls
TerminateProcess
MoveFileExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
VirtualFree
HeapDestroy
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
RaiseException
MulDiv
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
GetFileAttributesW
SetLastError

user32

SystemParametersInfoW
ScrollWindowEx
SetScrollPos
EnumThreadWindows
IsWindowVisible
UpdateWindow
SetScrollInfo
SetRectEmpty
SetGestureConfig
GetWindowPlacement
IsIconic
CloseGestureInfoHandle
MonitorFromRect
GetGestureInfo
GetMenu
GetClipboardData
CloseClipboard
OpenClipboard
AdjustWindowRect
MapWindowPoints
OffsetRect
RegisterWindowMessageW
DrawEdge
AdjustWindowRectEx
MapDialogRect
IsZoomed
FillRect
EndDeferWindowPos
GetDC
DeferWindowPos
GetDlgCtrlID
DrawFrameControl
GetWindowTextLengthW
GetScrollInfo
GetWindowTextW
CopyRect
InvalidateRgn
GetSystemMetrics
GetSysColor
CharLowerW
SetActiveWindow
GetNextDlgTabItem
CallNextHookEx
WindowFromPoint
SetWindowsHookExW
UnhookWindowsHookEx
FrameRect
DrawTextW
IsRectEmpty
RedrawWindow
InflateRect
GetMessagePos
GetWindowDC
TrackMouseEvent
ReleaseDC
NotifyWinEvent
DestroyMenu
MonitorFromPoint
RegisterClassW
CreatePopupMenu
TrackPopupMenuEx
AppendMenuW
GetActiveWindow
GetFocus
MessageBeep
SetWindowTextW
GetDlgItem
GetMonitorInfoW
GetKeyState
PostMessageW
GetParent
CreateDialogParamW
SetTimer
SetCursor
SetCapture
KillTimer
SetFocus
GetCursorPos
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
PtInRect
ClientToScreen
IntersectRect
ScreenToClient
GetWindowRect
EnableWindow
ShowWindow
SetWindowPos
IsWindowEnabled
InvalidateRect
EndPaint
BeginPaint
GetClientRect
SetLayeredWindowAttributes
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
DestroyWindow
UnregisterClassW
SendMessageW
BeginDeferWindowPos

gdi32

FrameRgn
IntersectClipRect
GetStockObject
CreatePolygonRgn
CreateCompatibleBitmap
SetWindowOrgEx
OffsetWindowOrgEx
RestoreDC
SetDCBrushColor
SaveDC
SetViewportOrgEx
LPtoDP
CombineRgn
CreateFontIndirectW
SetDCPenColor
LineTo
MoveToEx
SetBkMode
GetObjectW
CreateRectRgnIndirect
CreateRectRgn
GetTextExtentPoint32W
GetTextColor
GetBkColor
GetCurrentObject
CreatePen
OffsetRgn
GetTextMetricsW
SelectObject
CreateCompatibleDC
BitBlt
FillRgn
GetDeviceCaps
ExtTextOutW
SetBkColor
SetTextColor
DeleteObject
DeleteDC

shell32

SHFileOperationW
SHQueryRecycleBinW
ord74

oleaut32

VariantInit
SysAllocString
VariantClear

shared

_PokeWindow@4
_uGetWindowText@8
_uShellExecute@24
_ModalDialog_Switch@4
_uGetOpenFileName@32
_uBrowseForFolder@12
_ModalDialog_PokeExisting@0
_GetInfiniteWaitEvent@0
_uSetWindowText@8
?g_from_system@t_font_description@@SG?AU1@H@Z
?create@t_font_description@@QBGPAUHFONT__@@XZ
_uExceptFilterProc@4
_stricmp_utf8_ex@16
??0uCallStackTracker@@QAE@PBD@Z
??1uCallStackTracker@@QAE@XZ
_FindOwningPopup@4
_uFormatSystemErrorMessage@8
_ModalDialog_CanCreateNew@0
_uAddStringLower@12
_stricmp_utf8@8
_uGetFileAttributes@4
_uPrintCrashInfo_OnEvent@8
_uBugCheck@0
_stricmp_utf8_partial@12
_uEvalKnownFolder@4

msvcp140

?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z

shlwapi

SHAutoComplete

comctl32

ord413
ord410

msimg32

GradientFill

oleacc

LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipCreatePen1
GdiplusStartup
GdiplusShutdown

vcruntime140

_except_handler3
__CxxFrameHandler3
__std_terminate
_purecall
__std_exception_copy
__std_exception_destroy
memset
strrchr
strstr
memcpy
strchr
memmove
memcmp
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

abort
_invalid_parameter_noinfo
_errno
_initterm_e
_initterm
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_beginthreadex
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
strcmp
wcsnlen
wcslen
strlen

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
realloc
_recalloc
_expand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

fabs
__libm_sse2_pow
ceil
sqrt
lround

api-ms-win-crt-utility-l1-1-0

srand
rand

uxtheme

SetWindowTheme
DrawThemeBackground
IsThemePartDefined
CloseThemeData
OpenThemeData

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
DoDragDrop

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1558445ee8c94ae3cb3edd1356841f07

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

shared

msvcp140

shlwapi

comctl32

msimg32

oleacc

gdiplus

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

uxtheme

ole32

Exports

Exports

Sections

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 19KB

.movehcs Size: 1024B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 19KB

.movehcs
Size: 1024B - Virtual size: 4KB