2b7c248eab4b9fddad218d794c4c361d

Sharing

Copy URL Twitter E-mail

General

Target

2b7c248eab4b9fddad218d794c4c361d
Size

268KB
MD5

2b7c248eab4b9fddad218d794c4c361d
SHA1

76a8fc728da40f7ae0457fa3bc2bfa8349ba823f
SHA256

4a93b76969194f8a02752f9163d97a8d1ea9155b5dd5e580957aad22b3d87743
SHA512

d03ee00a3b29a4b58da5dafbf41c27b7aaeeb38dc2ab515c5aa70b3dab05001fabb0f5f21a22d0363be30939404361478090d29005a023fab3e7312ad338490d
SSDEEP

6144:uhgQGk8dtRHgVXxVd3jtLpm8mV3DI7Dd7BXKOZn85NR:uhgQY7HIxT3pf3XKO6b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b7c248eab4b9fddad218d794c4c361d

Files

2b7c248eab4b9fddad218d794c4c361d
.dll windows:4 windows x86 arch:x86

e6b58d7dbb7175465f5fcd99bc700ea1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ddraw

DDInternalUnlock
DDGetAttachedSurfaceLcl
DSoundHelp

user32

GetClassInfoExA
GetActiveWindow
FillRect
EndPaint
DragObject
DestroyWindow
DefWindowProcA
BeginPaint
CreateAcceleratorTableA
GetClassNameA
GetCursorPos
SetWindowTextA
SetWindowPos
SetWindowLongA
SetWindowContextHelpId
SetFocus
SetCursor
SetCapture
SendMessageA
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RedrawWindow
PtInRect
MessageBoxA
LoadStringA
LoadCursorA
IsWindow
IsChild
InvalidateRgn
InvalidateRect
GetWindowTextLengthA
GetWindowRect
GetWindow
GetSysColor
GetParent
GetMenuBarInfo
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
CharNextA
GetDC

comctl32

ord17

shell32

DuplicateIcon
SHBindToParent
SHFreeNameMappings
SHGetInstanceExplorer
SHGetMalloc
SHGetSpecialFolderLocation
SHUpdateRecycleBinIcon
DragAcceptFiles

advapi32

RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA

kernel32

lstrcmpA
WideCharToMultiByte
VirtualProtect
VirtualFree
VirtualAlloc
SetLastError
ReadProcessMemory
RaiseException
QueryPerformanceCounter
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
IsProcessorFeaturePresent
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
GlobalAlloc
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetProcessPriorityBoost
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetACP
FlushInstructionCache
FindResourceA
ExitProcess
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
lstrcmpiA

Exports

Exports

CreateCubeTextureFromFileA
GetImageInfoFromFileInMemory
mpegInOpenTSStream

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6b58d7dbb7175465f5fcd99bc700ea1

Headers

File Characteristics

Imports

ddraw

user32

comctl32

shell32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 43KB - Virtual size: 43KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 2KB - Virtual size: 1KB