0d40a392eade4bc1bd49789aba12c4ea

Sharing

Copy URL

Twitter E-mail

General

Target

0d40a392eade4bc1bd49789aba12c4ea
Size

151KB
MD5

0d40a392eade4bc1bd49789aba12c4ea
SHA1

b43dcd9ca3382a0d04f98a42507d29e991472bf0
SHA256

7a9fbb69389bb505489be5772bcaed8bf291c953747b5fe352aebf2bc7a74fba
SHA512

b078afd513e88c10cb49625836c2668f3d5d4dafb1f5c4f7cf5981653829d103c0fc4c2b713e2fa8ed7e5683e43f248ccf4b4e956942856c54bbf197cb3dc749
SSDEEP

3072:VzfvFlWyPzIhQnpBvIOAqXN1fV2J5Icoh0a03Egd97MezsiW7zz:VzLWydIOAiN5Vm58h0jQEsiWT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d40a392eade4bc1bd49789aba12c4ea

Files

0d40a392eade4bc1bd49789aba12c4ea
.dll windows:4 windows x86 arch:x86

fb13fc586908b5c98f8b9852168529a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ExitWindowsEx

gdi32

GetDIBits

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

ws2_32

listen

shlwapi

StrRChrA

psapi

GetModuleFileNameExA

imm32

ImmReleaseContext

avicap32

capCreateCaptureWindowA

winmm

waveInUnprepareHeader

msvcrt

strrchr

kernel32

OpenProcess
GetModuleHandleA
GetProcAddress
VirtualProtect

Exports

Exports

Qy001DoMainWssk
Qy001Service
ServiceMain

Sections

�N��
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�O��
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�I��
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�O��
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

happy
Size: - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb13fc586908b5c98f8b9852168529a0

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

avicap32

winmm

msvcrt

kernel32

Exports

Exports

Sections

�N�� Size: - Virtual size: 66KB

�O�� Size: - Virtual size: 6KB

�I�� Size: - Virtual size: 2KB

�O�� Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 3KB

happy Size: - Virtual size: 512B

.vmp1 Size: - Virtual size: 98KB

.vmp2 Size: 145KB - Virtual size: 145KB

.reloc Size: 512B - Virtual size: 64B

�N��
Size: - Virtual size: 66KB

�O��
Size: - Virtual size: 6KB

�I��
Size: - Virtual size: 2KB

�O��
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 3KB

happy
Size: - Virtual size: 512B

.vmp1
Size: - Virtual size: 98KB

.vmp2
Size: 145KB - Virtual size: 145KB

.reloc
Size: 512B - Virtual size: 64B