1d14571fc58f06f6a3af56f58bd27d540fc35f7eb45310580ebcf809f7578fd9

Sharing

Copy URL Twitter E-mail

General

Target

1d14571fc58f06f6a3af56f58bd27d540fc35f7eb45310580ebcf809f7578fd9
Size

1.3MB
MD5

4d1280e9ec87c321b0bad0e93de31465
SHA1

c6a8233921dc2d128f6b164306dd181ff6d2ff70
SHA256

1d14571fc58f06f6a3af56f58bd27d540fc35f7eb45310580ebcf809f7578fd9
SHA512

1959576aa711f4eb450ebc84f30f6f39e5e2b28404d7e43e0fb82cdc77f649852ebe59de8ba4646c0b3fbfeef91fa8e03efb5fbbd4fc9f34f222b45e04929dc1
SSDEEP

12288:JPkIv8KiRmtdeFm4XaZJ0LdYotDTaoUGQCa93V7Ja/y/AaV:JPvjiYtshDTTtQCc3VdauV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d14571fc58f06f6a3af56f58bd27d540fc35f7eb45310580ebcf809f7578fd9

Files

1d14571fc58f06f6a3af56f58bd27d540fc35f7eb45310580ebcf809f7578fd9
.exe windows:6 windows x86 arch:x86

e3f620f888814cad1c75da61f0cb514a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libmp3lame

lame_init
lame_encode_flush
lame_encode_buffer_interleaved_ieee_float
lame_close
lame_encode_buffer_interleaved
lame_init_params
lame_set_in_samplerate
lame_set_num_channels

kernel32

CloseHandle
OpenFileMappingA
MapViewOfFile
LoadLibraryA
GetProcAddress
FreeLibrary
SetThreadPriority
Sleep
GetCurrentThread
WideCharToMultiByte
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateMutexA
ReleaseMutex
GetModuleFileNameA
Process32First
SetPriorityClass
GetCurrentProcess
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
GetModuleHandleExA
Process32Next
SetUnhandledExceptionFilter
MultiByteToWideChar
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
ResetEvent
WaitForSingleObject
UnmapViewOfFile
SignalObjectAndWait
WaitForMultipleObjects
GetThreadPriority
GetPriorityClass
GetModuleHandleA
GlobalAlloc
LocalFree
FormatMessageW
GetEnvironmentVariableA
GetVersionExW
WaitForSingleObjectEx
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
LocalAlloc
CreateFileW
DeviceIoControl
WaitForMultipleObjectsEx
TerminateThread
GetExitCodeThread
ResumeThread
LoadLibraryW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
InitOnceComplete
InitOnceBeginInitialize
GetCurrentDirectoryW
GetFileAttributesExW
GetLastError
FormatMessageA
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
GlobalFree
GetFileInformationByHandleEx
AreFileApisANSI

user32

RegisterClassA
SetTimer
ShowWindow
LoadCursorA
DispatchMessageA
GetMessageA
GetDesktopWindow
CreateWindowExA
TranslateMessage
SendMessageA
LoadIconA
KillTimer
PostQuitMessage
FindWindowA
UpdateWindow
DefWindowProcA

gdi32

GetStockObject

advapi32

RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
PropVariantClear
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoTaskMemFree

oleaut32

VariantClear

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z

winmm

waveInGetDevCapsW
waveOutPrepareHeader
waveOutGetDevCapsW
waveInGetNumDevs
waveInMessage
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetErrorTextW
waveOutMessage
waveOutGetPosition
waveOutReset
waveOutRestart
waveOutPause
waveOutWrite
waveOutGetNumDevs
timeGetTime
waveOutUnprepareHeader
timeGetDevCaps
waveOutClose
waveOutOpen
waveOutGetErrorTextW
timeEndPeriod
timeBeginPeriod

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfaceAlias
SetupDiOpenDeviceInterfaceRegKey

vcruntime140

memchr
__current_exception_context
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_exception_copy
strrchr
wcsstr
strstr
memcpy
memset
memmove
_except_handler4_common
_CxxThrowException
__current_exception

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
calloc
realloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
strerror
terminate
_invalid_parameter_noinfo_noreturn
abort
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
exit
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_controlfp_s
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

fflush
_set_fmode
__acrt_iob_func
_ftelli64
__p__commode
fopen
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf
rewind
__stdio_common_vsprintf_s
fgetc
fwrite
fgetpos
__stdio_common_vswprintf
setvbuf
fseek
ftell
_wfopen
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fputc

api-ms-win-crt-time-l1-1-0

_ftime64
clock
_time64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

srand
rand
bsearch

api-ms-win-crt-filesystem-l1-1-0

_access
_wchdir
_unlock_file
_lock_file
_mkdir
_wfullpath

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-string-l1-1-0

_wcsnicmp
wcsncpy
iswctype
strncpy
_wcsicmp
tolower
wcsncmp

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3f620f888814cad1c75da61f0cb514a

Headers

DLL Characteristics

File Characteristics

Imports

libmp3lame

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp140

winmm

setupapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB