417039fdedb8cab549af99ece9cd5ad3

Sharing

Copy URL

Twitter E-mail

General

Target

417039fdedb8cab549af99ece9cd5ad3
Size

252KB
MD5

417039fdedb8cab549af99ece9cd5ad3
SHA1

42316d4f75f12355e2848b96d976b7a52ebb6d2e
SHA256

e0c3392a666b6c09f80b00a1b04e89f8d752f1dc86c4ef80628071c66d0da5f1
SHA512

4e52bd42ae3ae9292501ad71da31d1685026d4c4204cbcd9da9e8729edb805d84bfe9a74b3c3cbd1d671e2aea2a49ccc0f88562c92b185fad3a0b1f43f4abfd3
SSDEEP

6144:pmp/Bfg/Gii+WxjHjS01r+nvhNrK0GTQL4IQA5aUk/H:sp/BfgAr9MjNGQ+APk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
417039fdedb8cab549af99ece9cd5ad3

Files

417039fdedb8cab549af99ece9cd5ad3
.dll windows:4 windows x86 arch:x86

4ffe2a41df9e9575da00f3314d79359d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

kernel32

TerminateProcess
lstrlenW
AddAtomW
CreateEventW
CreateFileW
DeleteAtom
ExitProcess
GetCommandLineA
SetUnhandledExceptionFilter
SetThreadPriority
MultiByteToWideChar
MulDiv
LoadLibraryW
LoadLibraryExW
LoadLibraryExA
InterlockedIncrement
HeapCreate
HeapAlloc
GlobalGetAtomNameW
GlobalFree
GlobalAlloc
GlobalAddAtomW
GetVersionExA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetModuleHandleA
GetLastError
GetDateFormatW
GetCurrentThreadId
lstrcmpW

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

ole32

StringFromCLSID
CreateILockBytesOnHGlobal
CLSIDFromString
IsEqualGUID
OleInitialize
OleRegGetUserType
OleUninitialize
ReleaseStgMedium
StgCreateDocfileOnILockBytes

user32

UpdateWindow
SetRect
SetFocus
SetCursor
SendMessageW
SendMessageTimeoutW
PeekMessageW
OffsetRect
LoadMenuW
GetNextDlgTabItem
GetMonitorInfoW
GetDC
GetActiveWindow
FindWindowW
EnableWindow
DefWindowProcW
CharToOemBuffA
CallNextHookEx
LoadIconW
WinHelpW
SendDlgItemMessageW

gdi32

CreateDCW
CreateFontIndirectW
CreateICW
CreatePen
CreateSolidBrush
DPtoLP
DeleteObject
Escape
ExtTextOutW
GetBkColor
GetDeviceCaps
GetObjectW
GetPaletteEntries
GetStockObject
GetTextColor
GetTextExtentPoint32W
GetTextMetricsW
PtVisible
RectVisible
Rectangle
ScaleWindowExtEx
SelectObject
SetBkMode
SetDCBrushColor
SetTextColor
TextOutW
CreateCompatibleDC

shlwapi

PathFindFileNameW

msvcrt

wcstod
wcscoll
_XcptFilter
__CxxFrameHandler
__dllonexit
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_c_exit
_cexit
_controlfp
_initterm
_onexit
_wcsdup
exit
memmove
setlocale
wcscmp

shell32

DragQueryFileW
SHGetSettings
SHGetSpecialFolderPathW
ShellAboutW
ShellExecuteExW
DragFinish

Exports

Exports

ActViewfinderAutoFunctions
ConvertToExifTiffeX2
ConvertToValidFileSystemName
FinishSDK
FlashImageItemProperty
GetMaximumZoomPos
GetSupportParamValueNext
GetThinImageSizeOfRAW_ByModelName
Memcpy2DArrayToArray
Memcpy3D
SetDeviceFlags
SetRoboFlag

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ffe2a41df9e9575da00f3314d79359d

Headers

File Characteristics

Imports

advapi32

kernel32

comdlg32

ole32

user32

gdi32

shlwapi

msvcrt

shell32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 168KB

.data Size: 72KB - Virtual size: 108KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 168KB - Virtual size: 168KB

.data
Size: 72KB - Virtual size: 108KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB