04dc394c0c81cdd82fff7e61c4a6598d

Sharing

Copy URL

Twitter E-mail

General

Target

04dc394c0c81cdd82fff7e61c4a6598d
Size

1.1MB
MD5

04dc394c0c81cdd82fff7e61c4a6598d
SHA1

65bf32bd7ed5d46f66eb528a12d297ab4a9a8836
SHA256

eab95176b05903e0ef3c70073d62ef769c668319312314eb2dd710cde4ede938
SHA512

1a8f9a17c04d374e34f8ee0948efa588606d284b0ad2e9cec3623e0ff819b0aaa39ef08ddea708e9620eb38524c36b2bb3c133d2c18a1d712a7481716e853a98
SSDEEP

24576:hNwY9kjEHdtqg8kCO3mkzRs++20WNEdkpBUHpb:hNB6jMdtbPeN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04dc394c0c81cdd82fff7e61c4a6598d

Files

04dc394c0c81cdd82fff7e61c4a6598d
.dll windows:5 windows x86 arch:x86

212b48b1c423973628d4826323e82a98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d8thk

OsThunkDdQueryDirectDrawObject
OsThunkDdBlt
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdGetDC
OsThunkDdDeleteDirectDrawObject
OsThunkDdGetDriverInfo
OsThunkDdGetAvailDriverMemory
OsThunkDdFlipToGDISurface
OsThunkDdSetExclusiveMode
OsThunkDdGetScanLine
OsThunkDdWaitForVerticalBlank
OsThunkDdGetFlipStatus
OsThunkDdGetBltStatus
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdDestroyD3DBuffer
OsThunkDdLockD3D
OsThunkDdResetVisrgn
OsThunkDdFlip
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdGetDriverState
OsThunkD3dContextDestroyAll
OsThunkD3dContextDestroy
OsThunkD3dContextCreate
OsThunkDdCreateSurfaceEx
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdCreateSurfaceObject
OsThunkDdAttachSurface
OsThunkDdCreateD3DBuffer
OsThunkDdCreateSurface
OsThunkDdSetGammaRamp
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroySurface
OsThunkDdLock

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_initterm
realloc
_CIpow
_CxxThrowException
free
malloc
_ftol
sscanf
sprintf
_vsnprintf
__CxxFrameHandler
_purecall
_strlwr
wcsrchr
atoi
_stricmp
_snprintf
pow
memmove
fflush
fwrite
fprintf
fclose
fopen
_errno
exp
floor

user32

IntersectRect
GetCursor
SetRect
GetClientRect
ClientToScreen
OffsetRect
EnumDisplaySettingsA
GetSystemMetrics
GetMonitorInfoA
GetDC
ReleaseDC
LoadStringA
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
GetThreadDesktop
IsWindow
GetWindowThreadProcessId
CallWindowProcA
SendMessageA
IsIconic
PostMessageA
GetWindowLongA
GetKeyState
DefWindowProcA
SetWindowPos
GetForegroundWindow
IsWindowVisible
ShowWindow
IsZoomed
ChangeDisplaySettingsA
SystemParametersInfoA
CreateIconIndirect
GetWindowDC
GetDesktopWindow
GetIconInfo
SetCursorPos
GetCursorPos
SetForegroundWindow
DestroyIcon
SetCursor
SetWindowLongA
wsprintfA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdi32

GetDeviceCaps
CreateDCA
GdiEntry13
GetRegionData
DeleteObject
GetRandomRgn
CreateRectRgn
GetDIBits
CreateCompatibleBitmap
GdiEntry1
GetDeviceGammaRamp
StretchBlt
SetStretchBltMode
BitBlt
DeleteDC
GetNearestColor
GetSystemPaletteEntries
CreateCompatibleDC
CreateDIBitmap
GetObjectA

kernel32

GetCurrentProcess
DebugBreak
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleFileNameA
GetVersionExA
GetSystemInfo
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedDecrement
lstrcpyA
OpenMutexA
CreateMutexA
DisableThreadLibraryCalls
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SetErrorMode
lstrcmpA
GetCurrentThreadId
ReleaseMutex
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CloseHandle
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
InterlockedCompareExchange
VerifyVersionInfoA
VerSetConditionMask
Sleep
GetTickCount
GetProcAddress
LocalAlloc
LocalFree
CreateFileA
SetFilePointer
ReadFile
MoveFileA
DeleteFileA
WriteFile
GetFileSize
WideCharToMultiByte
FreeLibrary
LoadLibraryA
lstrcpynA
OutputDebugStringA
MultiByteToWideChar
lstrlenA
HeapAlloc
GetProcessHeap
ConnectNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
FlushFileBuffers
PeekNamedPipe
InterlockedIncrement
lstrcatA
GetSystemDirectoryA
GetModuleHandleA

Exports

Exports

CheckFullscreen
DebugSetMute
Direct3DCreate8
ValidatePixelShader
ValidateVertexShader

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

212b48b1c423973628d4826323e82a98

Headers

File Characteristics

Imports

d3d8thk

msvcrt

user32

advapi32

version

gdi32

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 11KB - Virtual size: 32KB

.data1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 30KB - Virtual size: 32KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 11KB - Virtual size: 32KB

.data1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 30KB - Virtual size: 32KB