0195ee3b3b8a113a7642efeb47924467

Sharing

Copy URL Twitter E-mail

General

Target

0195ee3b3b8a113a7642efeb47924467
Size

112KB
MD5

0195ee3b3b8a113a7642efeb47924467
SHA1

cfe5f28602b7e8a8482116094dca595a81195abd
SHA256

5f12313fda5481b92bd873ed6c7102a4dfd3d452e4784a0e121d67457b618592
SHA512

10c72b2eac30d49af3105e72bc8659820dc9d8b72ed010ecf8a3539e58b4068a278c9559fa48099e18a2253f7857719edc86b36c74be03e3af9063ed063c7122
SSDEEP

3072:LdvC6qBMmJphpAoN9SJW2bREqYo3N7PhRtz0:JlcZpN0bXLJ/t4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0195ee3b3b8a113a7642efeb47924467

Files

0195ee3b3b8a113a7642efeb47924467
.dll windows:4 windows x86 arch:x86

0a5bc16ab1201b95d0cf3b044063bac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

WOW32DriverCallback
midiInStart
midiOutSetVolume
mmioInstallIOProcA
mod32Message
timeBeginPeriod
timeKillEvent
waveInGetDevCapsA
waveInStart
waveOutRestart
waveOutUnprepareHeader
PlaySoundW

dinput

DirectInputCreateW

user32

BeginDeferWindowPos
CharLowerBuffA
CharLowerW
DefWindowProcA
UpdateWindow
TranslateMessage
ShowWindow
SetUserObjectSecurity
SetSystemCursor
SetRect
RemoveMenu
RegisterWindowMessageW
RegisterShellHookWindow
RegisterClassA
PeekMessageA
OpenClipboard
MsgWaitForMultipleObjects
MessageBoxW
GetTopWindow
GetKeyState
GetForegroundWindow
GetCaretPos
EnumPropsA
EmptyClipboard
DispatchMessageA
DialogBoxParamA
CreateWindowExA
CharToOemA

shell32

SHGetSpecialFolderPathW
ShellExecuteA
SHFileOperationW

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

lstrcmpA
WaitForMultipleObjectsEx
TlsGetValue
SetFileTime
SetEnvironmentVariableA
ReadFile
OpenJobObjectW
OpenEventW
MulDiv
HeapCreate
HeapAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetTimeZoneInformation
GetTempPathW
GetSystemInfo
GetSystemDefaultLangID
GetStringTypeExA
GetPrivateProfileSectionW
GetModuleHandleA
GetFileAttributesExA
GetCurrentProcessId
GetConsoleOutputCP
GetConsoleAliasA
GetCommandLineA
GetBinaryTypeA
FormatMessageA
FlushConsoleInputBuffer
FindNextVolumeW
FindAtomW
FindAtomA
Beep
BindIoCompletionCallback
CloseHandle
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnumTimeFormatsA
ExitProcess

ole32

PropVariantClear
IsEqualGUID

ws2_32

htons
WSCDeinstallProvider
closesocket
WSAGetLastError
socket
WSAUnhookBlockingHook
gethostbyname
connect

advapi32

SetUserFileEncryptionKey
SetSecurityDescriptorDacl
RegisterEventSourceA
RegQueryValueExA
OpenTraceW
LsaSetInformationTrustedDomain
LsaRemoveAccountRights
LookupPrivilegeNameW
I_ScSetServiceBitsA
GetTrusteeNameW
GetSecurityDescriptorDacl
GetAclInformation
BuildExplicitAccessWithNameW
FileEncryptionStatusA
GetAce
AddAccessDeniedAce

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a5bc16ab1201b95d0cf3b044063bac1

Headers

File Characteristics

Imports

winmm

dinput

user32

shell32

version

kernel32

ole32

ws2_32

advapi32

Sections

.text Size: 76KB - Virtual size: 75KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 75KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB