3ef164f81b84c49937b5a7cd4e63b9e0

Sharing

Copy URL Twitter E-mail

General

Target

3ef164f81b84c49937b5a7cd4e63b9e0
Size

340KB
MD5

3ef164f81b84c49937b5a7cd4e63b9e0
SHA1

122fbca7231e30b2ef52cffa891b9d6a932a09d0
SHA256

2d3117c68c71f52a13bedfd2e4a149bbfa9417b7f0e30592f32d6e3fa82ea414
SHA512

ca095bc0b8ee8cc59b1123675234d40ad5650de07188788c0d1cb817a2a15b07131f8d5e4f2fcb7df4ffa69802364b0a7bab5508b4b9fcc6128585b4ccd62136
SSDEEP

6144:NX/RF0NQCUMaWWEHEOUCJ2t8nT4BYBTEkfUl1sHatUdp7Yy4vMQBXvF6nYrQglRt:VfC5C8wY9AcglRx3wn6Bby

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ef164f81b84c49937b5a7cd4e63b9e0

Files

3ef164f81b84c49937b5a7cd4e63b9e0
.dll windows:4 windows x86 arch:x86

b50cf8ccaa26b4b500b19d7c068a488b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetClassNameA
CharNextA
CreateWindowExA
DefWindowProcA
DestroyAcceleratorTable
DestroyWindow
DialogBoxIndirectParamA
EnableWindow
EndDialog
EndPaint
FillRect
GetActiveWindow
GetClassInfoExA
CallWindowProcA
wsprintfA
UnregisterClassA
SetWindowTextA
SetWindowPos
SetWindowLongA
SetWindowContextHelpId
SetFocus
SetCursor
SetCapture
SendMessageA
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClassExA
RedrawWindow
PtInRect
MessageBoxA
MapDialogRect
LoadStringA
LoadCursorA
IsWindow
IsChild
InvalidateRgn
InvalidateRect
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetWindow
GetSysColor
GetParent
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDC
GetCursorPos
GetClientRect
CreateAcceleratorTableA
BeginPaint

ole32

StringFromGUID2
OleUninitialize
OleLockRunning
OleInitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID

oleaut32

VariantClear
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
SysStringByteLen
VarUI4FromStr

advapi32

RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA

ddraw

DirectDrawEnumerateA
DSoundHelp

shell32

ShellHookProc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBindToParent
RegenerateUserEnvironment
DragQueryFileAorW
CommandLineToArgvW

kernel32

RaiseException
QueryPerformanceCounter
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
IsProcessorFeaturePresent
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalLock
SetLastError
SizeofResource
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA
lstrlenW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetACP
FreeLibrary
FlushInstructionCache
GetLastError
FindResourceA
ExitProcess
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
GlobalHandle
GlobalFree
GlobalAlloc
GetVersionExA
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetProcessPriorityBoost
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetLocaleInfoA
GetModuleFileNameA

gdi32

GetDeviceCaps
DeleteObject
DeleteDC
DPtoLP
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA
GetStockObject
ModifyWorldTransform
RestoreDC
SaveDC
SelectObject
SetBkMode
SetGraphicsMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx

comctl32

ord17

Exports

Exports

CreateEffectFromResourceExW
CreateFontIndirectA
SHEvalDirectionalLight
SHEvalHemisphereLight
SplitMesh
VecAddFontMapper
mpegInFree
mpegSplitOpenFile
mpegSplitSeekTimeTS

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b50cf8ccaa26b4b500b19d7c068a488b

Headers

File Characteristics

Imports

user32

ole32

oleaut32

advapi32

ddraw

shell32

kernel32

gdi32

comctl32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 190KB - Virtual size: 190KB

.data Size: 43KB - Virtual size: 43KB

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 190KB - Virtual size: 190KB

.data
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 3KB - Virtual size: 2KB