2bd7db63f80b74c3a31f09b1405356c6

Sharing

Copy URL Twitter E-mail

General

Target

2bd7db63f80b74c3a31f09b1405356c6
Size

196KB
MD5

2bd7db63f80b74c3a31f09b1405356c6
SHA1

1b915b8a60336f5de1e32929c9c8587fe0e241a3
SHA256

d6dd83fa977ce80f610621f2a7f87d915ee38b133cdd89d23e875a4db80407af
SHA512

f33b3f8b8d33e8eab0b4140e3bcb03963526c801b0c9c2552a7d91c915a6bf09b90d470615fbeec36bd2f0bcf471518f194002f5d83dde07d850fee534984714
SSDEEP

3072:tUqlC3fnF7KvOmUmO3wFOqDoMBw4I51pl1yLwPxZD9qB4/sXkpCdKgyQbZ:tFl0MDoMyyLwPrZqB4/sXkCE2N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bd7db63f80b74c3a31f09b1405356c6

Files

2bd7db63f80b74c3a31f09b1405356c6
.dll windows:5 windows x86 arch:x86

8702fb07268e50e30eea524228369473

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
OutputDebugStringW
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
EncodePointer

user32

PostMessageW
RegisterClassExW
DefWindowProcW
CreateWindowExW

msvcr120

_except1
memmove
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??8type_info@@QBE_NABV0@@Z
_stricmp
__RTDynamicCast
swprintf_s
_except_handler4_common
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
__clean_type_info_names_internal
??_V@YAXPAX@Z
??_U@YAPAXI@Z
modf
malloc
memset
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
sprintf_s
_purecall
?before@type_info@@QBE_NABV1@@Z
_CxxThrowException
__CxxFrameHandler3
memcpy
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
__RTCastToVoid

python27

PyFloat_FromDouble
PyString_FromFormat
PyErr_WarnEx
PyErr_SetObject
PyErr_Format
PyExc_TypeError
PyType_Ready
PyObject_GetAttrString
PyObject_SetAttr
PyObject_IsTrue
PyLong_FromUnsignedLong
PyString_InternFromString
PyTuple_New
PyTuple_Size
PyTuple_GetItem
PyList_Size
PyDict_Size
PyMethod_New
PyErr_SetString
PyErr_Occurred
PyErr_Clear
PyErr_NewException
PyObject_Size
PyObject_GetItem
PyType_Type
_Py_NotImplementedStruct
PyCFunction_Type
PyStaticMethod_Type
PyClass_Type
PyExc_AttributeError
PyExc_RuntimeError
PyObject_SetAttrString
PyObject_GetAttr
PySlice_New
PyErr_ExceptionMatches
_PyEval_SliceIndex
PyObject_SetItem
PySequence_GetSlice
PyErr_NoMemory
PyExc_IndexError
PyExc_OverflowError
PyExc_ValueError
PyInt_AsLong
PyList_New
PyList_Append
PyList_Reverse
PyObject_CallFunction
PyDict_New
PyDict_Keys
PyUnicodeUCS2_FromWideChar
PyMem_Malloc
PyMem_Free
PyType_IsSubtype
PyType_GenericAlloc
_PyType_Lookup
PyObject_ClearWeakRefs
PyArg_ParseTupleAndKeywords
PyBaseObject_Type
PyModule_Type
PyProperty_Type
PyUnicodeUCS2_FromEncodedObject
PyUnicodeUCS2_AsWideChar
PyLong_AsUnsignedLong
PyLong_AsLongLong
PyLong_AsUnsignedLongLong
PyComplex_RealAsDouble
PyComplex_ImagAsDouble
PyString_FromStringAndSize
PyString_FromString
PyString_Size
PyUnicode_Type
PyInt_Type
PyLong_Type
PyFloat_Type
PyComplex_Type
PyString_Type
PyObject_RichCompare
PyNumber_Add
PyNumber_Remainder
PyNumber_InPlaceAdd
PyObject_CallMethod
PyTuple_Type
PyObject_IsInstance
PyList_Type
PyDict_Type
PyEval_CallFunction
PyGILState_Ensure
PyGILState_Release
PyErr_Fetch
PyObject_Str
PyString_AsString
PyInt_FromLong
PyBool_Type
PyBool_FromLong
_Py_NoneStruct
Py_InitModule4
PyDict_GetItem

msvcp120

??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ

Exports

Exports

CreateComponent
DestroyComponent
initMsgProxMgr

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8702fb07268e50e30eea524228369473

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr120

python27

msvcp120

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 10KB