59acfadcf3f2e320262f9880e74c8035

Sharing

Copy URL Twitter E-mail

General

Target

59acfadcf3f2e320262f9880e74c8035
Size

680KB
MD5

59acfadcf3f2e320262f9880e74c8035
SHA1

c132a36db45dc7f51c038bf4a0c73bd477efab07
SHA256

3490038bc2b65bc5e01028d5b269df1fef1bbe236971f167beb4b3f1cd8f2044
SHA512

33a27bf3114dc879b689840c4621be2d46490495fa19cef308c4efac4a4c0fc56e2aa64680be4abaa1e116f51a05499ca09693b71e6cf92fd7da575fe9f395f8
SSDEEP

12288:QY+3V89UY6x73xRwVV6MVZMaRd8GDuCBqb8ZVuOZEESWyrSop:cma73/gV6MVZMab5u/8ZE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59acfadcf3f2e320262f9880e74c8035

Files

59acfadcf3f2e320262f9880e74c8035
.dll windows:5 windows x86 arch:x86

04ce002278accef656bb0476bae8acf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetModuleHandleA
IsBadWritePtr
Beep
IsBadReadPtr
ExitProcess
VirtualProtect
VirtualAlloc
Sleep
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
GetSystemInfo
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
LoadLibraryA
GetProcAddress
OutputDebugStringA
WideCharToMultiByte

user32

mouse_event
GetCursorPos
GetDesktopWindow
DefWindowProcA
ReleaseDC
CreateWindowExA
GetAsyncKeyState
GetForegroundWindow
GetDC
RegisterClassExA
DestroyWindow
SetRect

gdi32

GetGlyphOutlineA
CreateDIBSection
DeleteDC
SelectObject
GetCharacterPlacementA
GetTextMetricsA
SetTextColor
SetBkColor
SetBkMode
GetPixel
GetObjectW
GetObjectA
GetCharacterPlacementW
CreateCompatibleDC
ExtTextOutW
MoveToEx
ExtTextOutA
DeleteObject
SetMapMode
SetTextAlign
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW

msvcr90

_setjmp3
memcpy
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
??2@YAPAXI@Z
_time64
_localtime64
strftime
??3@YAXPAX@Z
clock
sprintf
malloc
tmpfile
fclose
fwrite
fseek
fread
_CIpow
_ftol
strncpy
longjmp
memset
isdigit
isspace
sscanf
ldexp
_strdup
setlocale
floor
_CIacos
_finite
iswpunct
iswdigit
iswalpha
iswspace
__CxxFrameHandler
exit

d3d9

Direct3DCreate9

winmm

sndPlaySoundA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04ce002278accef656bb0476bae8acf1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcr90

d3d9

winmm

advapi32

Sections

.text Size: 279KB - Virtual size: 279KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 97KB - Virtual size: 108KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 279KB - Virtual size: 279KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 97KB - Virtual size: 108KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 21KB - Virtual size: 21KB