2c44de14434203aeaaadf2acdd7398bb

Sharing

Copy URL Twitter E-mail

General

Target

2c44de14434203aeaaadf2acdd7398bb
Size

630KB
MD5

2c44de14434203aeaaadf2acdd7398bb
SHA1

e54c5b4555fa67a61b007280464c59da9b4c18de
SHA256

94c761c35429d8b881dd5ec25a942db5e638946c889cea078b1c7457ce32b6f0
SHA512

414c4af0cf8950febfa51e343a37d0a6fb6a106208792ab42c670ba23aff8ed1fd1c54932acd8975ffa86e454a0ac13000cd74d997c5c0d84c7cc4e8b3487703
SSDEEP

12288:eG0AtXE47Ql2s6UcZVOmTLO0jLU3c0p4:70A6l2TU2JC0jLU3c0p4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c44de14434203aeaaadf2acdd7398bb

Files

2c44de14434203aeaaadf2acdd7398bb
.dll windows:6 windows x86 arch:x86

06d4bfa72eff4e3d043fe9b3c1d49cbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CreateThread
GetTickCount
GetWindowsDirectoryA
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GetCurrentProcess
K32GetModuleInformation
FlushInstructionCache
QueryPerformanceCounter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
FindFirstFileA
CreateDirectoryA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceFrequency
SetLastError
VirtualProtect

user32

wvsprintfA
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
ClientToScreen
SetCursor
SetCursorPos
GetClientRect
GetKeyState
FindWindowA
CallWindowProcA
GetAsyncKeyState
SetWindowLongA

advapi32

RegEnumValueA
RegOpenKeyExA
RegCloseKey

msvcp140

?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1_Lockit@std@@QAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ

d3dx9_43

D3DXCreateFontA

imm32

ImmGetContext
ImmSetCompositionWindow

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
strchr
memset
memmove
memcpy
_purecall
memcmp
memchr
_CxxThrowException
__std_exception_destroy
__std_exception_copy
strstr
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
_wfopen
__stdio_common_vsscanf
_fseeki64
ungetc
__acrt_iob_func
setvbuf
_get_stream_buffer_pointers
__stdio_common_vsprintf_s
fflush
fgetc
fwrite
ftell
fgetpos
__stdio_common_vsprintf
fseek
fsetpos
fread
fputc
fopen
fclose

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
terminate
_crt_atexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table

api-ms-win-crt-string-l1-1-0

isprint
strncpy
_strnicmp
towlower
_stricmp

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_asin_precise
_except1
_libm_sse2_atan_precise
floor
_CIatan2
_CIfmod
ceil

Sections

.text
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06d4bfa72eff4e3d043fe9b3c1d49cbc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

d3dx9_43

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 556KB - Virtual size: 555KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 1KB - Virtual size: 82KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 556KB - Virtual size: 555KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 1KB - Virtual size: 82KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 15KB - Virtual size: 15KB