4437a98ea3a031b117b10713d655f0a6

Sharing

Copy URL

Twitter E-mail

General

Target

4437a98ea3a031b117b10713d655f0a6
Size

381KB
MD5

4437a98ea3a031b117b10713d655f0a6
SHA1

0b0de2f9a611df1c5521c8f9307a38e78b709f31
SHA256

49ecf0612dcd08a087dfbfc5f9e2aed8ed691b008a31fcb15f32c60679f44294
SHA512

5b7bade7917b476eaec512ecdadf57a7aa86939896c8223f8d823d6b1129a03c4bf5c85b67b90d620033481fcd90ca6917a5c27f76d2ba6e4ef47feed1d07577
SSDEEP

6144:r01jO5YfX7OP+oZVmvByhbJqU5Tv0gsO0t8Sh7Aj09uAzxBRWN5WT8gT:YjOqfSPNVmpyhDd8gr0TtAj09LzbRE5K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4437a98ea3a031b117b10713d655f0a6

Files

4437a98ea3a031b117b10713d655f0a6
.dll windows:4 windows x86 arch:x86

c052fa8184dabee9536cd23f7ead9781

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegNotifyChangeKeyValue
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA

kernel32

GetSystemTimeAsFileTime
GetTickCount
GlobalReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
IsProcessorFeaturePresent
LoadLibraryA
LockResource
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReadFileScatter
RequestWakeupLatency
ResetWriteWatch
RtlUnwind
SetUnhandledExceptionFilter
SwitchToThread
TerminateProcess
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
_lclose
GetProcessPriorityBoost
GetProcessAffinityMask
GetProcAddress
GetModuleHandleA
GetLastError
GetFullPathNameW
GetFileSizeEx
GetFileSize
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FreeLibrary
FlushViewOfFile
FindResourceW
ExitProcess
EnterCriticalSection
DebugBreak
CreateMutexA
CreateFileA
CloseHandle
CancelWaitableTimer

gdi32

TranslateCharsetInfo
SetTextColor
SetMapMode
MoveToEx
GetTextMetricsW
GetTextMetricsA
GetObjectW
GetObjectA
GetFontLanguageInfo
GetCharacterPlacementW
GetCharacterPlacementA
GdiGetDC
ExtTextOutW
ExtTextOutA
EudcLoadLinkW
DeleteDC
CreatePolygonRgn
CreateFontIndirectW
CreateFontIndirectA
CreateDIBSection
CreateCompatibleDC

ole32

CreateStreamOnHGlobal

msvcrt

_lock
qsort
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIsin
_CIsqrt
_CxxThrowException
_XcptFilter
__p___argv
_amsg_exit
_controlfp
_finite
_fstati64
_initterm
_isnan
_onexit
_purecall
_stricmp
_unlock
_vsnprintf
_vsnwprintf
floor
iswalpha
iswdigit
iswpunct
iswspace
malloc
memcpy
memmove
memset

Exports

Exports

CreateDSObject
DeleteMarkerIndex
EnumAttributes
SetLoadResolution
SetProgress
SetSingleItemA
mpegInSleepFiles

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c052fa8184dabee9536cd23f7ead9781

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 70KB - Virtual size: 70KB

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 4KB - Virtual size: 4KB