1dd8f9b2e7ba470e53dc8b729f0004bad137c9c6ab94a29425d8b11836901057

Sharing

Copy URL Twitter E-mail

General

Target

1dd8f9b2e7ba470e53dc8b729f0004bad137c9c6ab94a29425d8b11836901057
Size

1.4MB
MD5

4a7d1a8fb83a1f2536693c2de53975ba
SHA1

44c3e7dad224806b1f3e892b6a761885eda1655e
SHA256

1dd8f9b2e7ba470e53dc8b729f0004bad137c9c6ab94a29425d8b11836901057
SHA512

32566ba3d737daaa3965d83e1511683acd4daed31e98a72dc852cb5697533dcc2fc709f1e19450a7a537ec448f2a2b2a909c7d0261699a4b782548990b2de4f5
SSDEEP

24576:uDgRbE5nbYs/88qrBROTLAofZhK5Atlwum+hE4GWKGsva8zted+I3fR:uURcck88qrBROT3xhAIPGWKGsvaqoEcR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1dd8f9b2e7ba470e53dc8b729f0004bad137c9c6ab94a29425d8b11836901057

Files

1dd8f9b2e7ba470e53dc8b729f0004bad137c9c6ab94a29425d8b11836901057
.dll windows:5 windows x86 arch:x86

87e17f5888bd168b71163cb9a7b924b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvfw32

DrawDibOpen
DrawDibDraw
DrawDibClose

winmm

DefDriverProc

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

FlushFileBuffers
SetEndOfFile
CreateFileA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapFree
GetCommandLineA
ExitProcess
HeapAlloc
HeapReAlloc
WriteConsoleW
SetFilePointer
GetStdHandle
ExitThread
VirtualAlloc
HeapSize
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
VirtualFree
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetStdHandle
LoadLibraryW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
GetProcessHeap
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenA
SetLastError
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
IsDBCSLeadByteEx
GetACP
GetLastError
GetCurrentThreadId
WritePrivateProfileStringA
OpenMutexA
CreateMutexA
ReleaseMutex
GetModuleHandleA
GetSystemInfo
GetVersion
CreateEventA
CreateThread
GetPrivateProfileIntA
GetVersionExA
WaitForSingleObject
WaitForMultipleObjects
SetEvent
Beep
MulDiv
Sleep
MultiByteToWideChar
GetCurrentProcessId
OpenProcess
GlobalMemoryStatusEx
CloseHandle
GetWindowsDirectoryA
GetModuleFileNameA
GetTickCount
OutputDebugStringA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GetFileType

user32

GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetSysColor
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
FillRect
FrameRect
InflateRect
CopyRect
GetDC
ReleaseDC
GetSystemMetrics
KillTimer
SetTimer
GetDesktopWindow
RegisterWindowMessageA
PostMessageA
LoadBitmapA
SetWindowPos
LoadIconA
SendMessageA
EnableWindow
GetDlgCtrlID
DestroyMenu
LoadCursorA
GetSysColorBrush
UnregisterClassA
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ShowWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps

gdi32

CreatePalette
CreateCompatibleDC
GetDeviceCaps
GetTextMetricsA
GetTextExtentPoint32A
GetDIBits
GetSystemPaletteEntries
BitBlt
CreateSolidBrush
CreateBitmap
PatBlt
CreateDIBSection
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
SetTextAlign
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateFontIndirectA
CreateFontA
SelectObject
GetCharacterPlacementA
DeleteObject
CombineRgn
GetRegionData
ExtCreateRegion
GetBitmapBits
GetObjectA
GetStockObject

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
SetSecurityDescriptorDacl
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

shell32

SHGetFolderPathA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

dsound

ord1

Exports

Exports

CodecLib
DriverProc
UserProc
UserProcLib

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GvCodecL
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87e17f5888bd168b71163cb9a7b924b3

Headers

File Characteristics

Imports

msvfw32

winmm

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

dsound

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 158KB - Virtual size: 157KB

.data Size: 134KB - Virtual size: 326KB

GvCodecL Size: 512B - Virtual size: 8B

.rodata Size: 1KB - Virtual size: 1KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 158KB - Virtual size: 157KB

.data
Size: 134KB - Virtual size: 326KB

GvCodecL
Size: 512B - Virtual size: 8B

.rodata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 53KB - Virtual size: 52KB