122af20a82fcc613b7948a9035db3024

Sharing

Copy URL

Twitter E-mail

General

Target

122af20a82fcc613b7948a9035db3024
Size

2.7MB
MD5

122af20a82fcc613b7948a9035db3024
SHA1

71d3c2a9f43e71608285c19694bdf6e125fa2c34
SHA256

e728321468ff9cb0749288f1714433f34d85df086b8a0737c1d802dca4ef5bbe
SHA512

313bbe0406884f64ddde5a8c42c20b938610b5248a7ad448265804adbc1eee4eaa6bf5458ab749b007027b2b3c0e8f30ae035da90c32003584b147ef4cedee01
SSDEEP

49152:4hG68AI+PbkEqrCbB+djmKBunW4n4lnT8/2kdg301jO70vJ6/e+2apMouvZpo49U:4868AIqw9eIce28CT1hmDF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
122af20a82fcc613b7948a9035db3024

Files

122af20a82fcc613b7948a9035db3024
.dll regsvr32 windows:4 windows x86 arch:x86

782727188a2e548dce3388fe48be4078

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ddraw

DirectDrawCreate

kernel32

lstrcatA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SetEnvironmentVariableA
CreateMutexA
GetLastError
InterlockedIncrement
MultiByteToWideChar
InterlockedDecrement
lstrcpyA
DisableThreadLibraryCalls
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetVersionExA
OpenMutexA
InitializeCriticalSection
InterlockedExchange
GetEnvironmentVariableA
CloseHandle
SizeofResource
FreeLibrary
HeapFree
HeapReAlloc
GetProcessHeap
GetModuleFileNameA
GetModuleHandleA
lstrlenA
GetShortPathNameA
LocalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcatW
DeviceIoControl
GetDriveTypeA
MulDiv
GetLocalTime
IsBadReadPtr
OutputDebugStringA
SetErrorMode
GetVolumeInformationA
GetFileTime
GetSystemDirectoryA
GetTimeZoneInformation
FindFirstFileA
FindClose
SetFilePointer
ReadFile
GetFileAttributesA
GetTickCount
VirtualProtect
GetFileSize
GlobalMemoryStatus
GetCurrentThread
SetThreadPriority
CreateSemaphoreA
WaitForMultipleObjects
WriteFile
ResetEvent
ReleaseSemaphore
SetEvent
VirtualFree
VirtualAlloc
CreateEventA
ReleaseMutex
WaitForSingleObject
ResumeThread
Sleep
CreateFileA
ExitProcess
lstrlenW
WideCharToMultiByte
HeapAlloc

user32

FillRect
GetForegroundWindow
GetWindow
UnionRect
IsRectEmpty
IntersectRect
ClientToScreen
ReleaseDC
GetDC
MessageBoxA
GetMessageA
GetDesktopWindow
PeekMessageA
IsWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
OffsetRect
GetClientRect
MoveWindow
SetFocus
GetWindowPlacement
GetSystemMetrics
IsIconic
SetParent
EnableWindow
ScreenToClient
ChangeDisplaySettingsA
CharNextA
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SendMessageA
PostMessageA
SetRect
EqualRect
DestroyWindow
GetClassInfoExA
LoadCursorA
wsprintfA
GetWindowRect
InvalidateRect
SetWindowPos
SystemParametersInfoA
GetParent
RegisterClassExA
FindWindowA
PostThreadMessageA
EnumDisplaySettingsA
SetTimer
KillTimer
ShowWindow
DefWindowProcA

gdi32

DeleteObject
CreateSolidBrush
SetPixel
GetPixel
SetDIBitsToDevice
GetNearestPaletteIndex
CreateDCA
ExtEscape
DeleteDC
GetCurrentObject
GetDeviceCaps
CreateICA

advapi32

RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
OpenProcessToken
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegOpenKeyA

ole32

CoUninitialize
CLSIDFromString
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoInitialize

oleaut32

LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString

msvcrt

??1type_info@@UAE@XZ
_errno
_onexit
__dllonexit
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_CxxThrowException
_endthread
_beginthread
strchr
_except_handler3
ceil
calloc
wcslen
_stricmp
_strupr
clock
_fstati64
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_purecall
??0exception@@QAE@ABV0@@Z
fscanf
longjmp
exit
_setjmp3
strtok
_wcsicmp
wcsstr
swprintf
mbstowcs
_strcmpi
fopen
fseek
fread
fclose
toupper
_mbsnbcmp
atoi
_mbsnbcat
_mbsrchr
_mbsnbcpy
_CIpow
memcpy
_iob
fprintf
printf
_sleep
_mbsnicmp
_ftol
strstr
_stat
strncmp
srand
rand
_lseeki64
_read
_close
_open
_strnicmp
_vsnprintf
memmove
strncpy
_beginthreadex
sscanf
_mbsupr
_mbsstr
realloc
malloc
free
time
sprintf
__CxxFrameHandler
??2@YAPAXI@Z
atol
wcscmp

mfc42

ord2976
ord4033
ord540
ord535
ord800
ord4034
ord1949
ord5575
ord433
ord3005
ord6215
ord4299
ord818
ord567
ord2864
ord2135
ord4284
ord4424
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord4627
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080

winmm

mixerGetID
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutReset
waveOutWrite
waveOutSetVolume
waveOutGetVolume
mciSendCommandA
mixerGetLineInfoA
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetLineControlsA
mixerClose
mixerOpen
mixerGetDevCapsA
mixerGetNumDevs
timeEndPeriod
timeBeginPeriod
timeGetTime
waveOutGetDevCapsA

dsound

ord1

ws2_32

WSARecvFrom
WSASetEvent
WSAResetEvent
WSASocketA
htonl
htons
recvfrom
sendto
ntohl
listen
recv
WSAGetLastError
send
connect
accept
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACloseEvent
setsockopt
socket
bind
getsockname
select
closesocket
WSAStartup
WSACleanup
inet_addr
ntohs
WSAWaitForMultipleEvents

olepro32

ord250

quartz

AMGetErrorTextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 336KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

782727188a2e548dce3388fe48be4078

Headers

File Characteristics

Imports

ddraw

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcrt

mfc42

winmm

dsound

ws2_32

olepro32

quartz

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 152KB - Virtual size: 150KB

.data Size: 336KB - Virtual size: 3.7MB

.rsrc Size: 32KB - Virtual size: 29KB

.reloc Size: 188KB - Virtual size: 185KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 152KB - Virtual size: 150KB

.data
Size: 336KB - Virtual size: 3.7MB

.rsrc
Size: 32KB - Virtual size: 29KB

.reloc
Size: 188KB - Virtual size: 185KB