781c768f50921d42748bbc512cc37d89

Sharing

Copy URL

Twitter E-mail

General

Target

781c768f50921d42748bbc512cc37d89
Size

373KB
MD5

781c768f50921d42748bbc512cc37d89
SHA1

5508d78ff265826e1192abb9c00cabaf1c716d45
SHA256

a2d3bbf66af30534b099dcd40a95f7e2495319efd0decdcfaca8e0c332a8e436
SHA512

47063e4d49809cc03b5e95686afed4ff8234b0e41d52c3edfa3c53946b2ab43c0522c58dbf980f29585011bc579a42cc41fc54bb3c776e3d31b63c77db3b469c
SSDEEP

6144:vmiEauOFWOc0N22xM0QrbtLmPMV0SusobWks/JKh09p7gCWXpz+:eEck2kQrbVItW/JKh0nkpa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
781c768f50921d42748bbc512cc37d89

Files

781c768f50921d42748bbc512cc37d89
.dll windows:5 windows x86 arch:x86

dbd2893ee4dfe4fbd9f8fdc098d6b66b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\build\products\windows\sophtlib\vc9build\Win32\Release\sophtlib.pdb

Imports

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

kernel32

GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
FlushConsoleInputBuffer
LoadLibraryA
GetVersionExA
SetConsoleMode
ReadConsoleInputA
GetProcessHeap
SetEndOfFile
GetStdHandle
GetFileType
GetVersion
GetLastError
GetCurrentThreadId
CloseHandle
CreateFileW
ReadFile
SetFilePointer
GetFileSize
GetProcAddress
HeapFree
HeapAlloc
GetCommandLineA
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxIndirectA

Exports

Exports

GetSophtainerSection
ISophtArchInfo
ISophtArchList
ISophtExtList
ISophtInfo
ISophtStream
ISophtUnknown
ISophtainer
ISophtainer2
_CreateSophtainArchList@16
_CreateSophtainExtList@16
_CreateSophtainInfo@16
_CreateSophtainer@24
_SophtainerDeinit@0
_SophtainerInit@0
spa_cbcdec
spa_cbcenc
spa_crypt
spa_init
spa_isweak
spa_sanitise
spa_setk
spmaa_buffer
spmaa_byte
spmaa_finalise2
spmaa_finalise32
spmaa_finalise64
spmaa_init

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbd2893ee4dfe4fbd9f8fdc098d6b66b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 258KB - Virtual size: 258KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 39KB - Virtual size: 53KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 39KB - Virtual size: 53KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB