1374944ef7bf088051801fc11a68ee78eb4c0ff9a0d56c903e358a4ee9808f3c

Sharing

Copy URL Twitter E-mail

General

Target

1374944ef7bf088051801fc11a68ee78eb4c0ff9a0d56c903e358a4ee9808f3c
Size

2.6MB
MD5

d39df4203414bd6a69647c2498bd30d3
SHA1

60a3a2c1ddafb3a8ebce40a2d7103b661a59a29a
SHA256

1374944ef7bf088051801fc11a68ee78eb4c0ff9a0d56c903e358a4ee9808f3c
SHA512

897d26db785e406db483d273615e041fe306f691c69f3904c9aae2329281efcbaa293d5dd808a7f786717cbc1f22e80714172afb328899fb2d0db88af26308e9
SSDEEP

49152:J9fWO3yQAsN/MryeqBPUx9QTkOT0r0epWGq4qFVdPL+tJyCtoq1DTfOf0T:Gj/O4irCu+mfM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1374944ef7bf088051801fc11a68ee78eb4c0ff9a0d56c903e358a4ee9808f3c

Files

1374944ef7bf088051801fc11a68ee78eb4c0ff9a0d56c903e358a4ee9808f3c
.dll windows:6 windows x86 arch:x86

80a4560f4bd5538584974b50badbf146

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\medialib\Win32_saas\Release\ffms2.pdb

Imports

kernel32

LoadLibraryW
GetProcAddress
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
Sleep
GetNativeSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetStdHandle
WriteFile
GetLastError
CreateFileA
LockFile
UnlockFile
GetLocalTime
GetComputerNameA
FindFirstFileA
FindNextFileA
lstrlenA
FindClose
lstrcmpA
lstrcatA
lstrcpyA
lstrcpynA
FreeLibrary
SetLastError
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
DuplicateHandle
SetEvent
GetCurrentThread
GetSystemDirectoryA
LoadLibraryA
TlsAlloc
GetThreadPriority
RaiseException
ResetEvent
GetThreadContext
TlsGetValue
TlsFree
CreateSemaphoreA
CreateEventA
SetThreadContext
RtlUnwind
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ReadFile
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateDirectoryW
GetFileAttributesExW
HeapReAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
DeleteFileW
MoveFileExW
FlushFileBuffers
GetConsoleOutputCP
HeapSize
SetEndOfFile
WriteConsoleW
GetSystemInfo
VirtualProtect
LoadLibraryExA
GetFullPathNameA
SetCurrentDirectoryA
lstrcmpiA
GlobalMemoryStatus
MulDiv
GetCurrentDirectoryA
SearchPathA
GetFileSize
GetFileAttributesA
SetDllDirectoryA
GetModuleFileNameA
VirtualQuery
WideCharToMultiByte
TlsSetValue
MultiByteToWideChar

ws2_32

WSACleanup
bind
closesocket
gethostbyname
socket
getsockopt
htonl
htons
sendto
gethostname
WSAStartup

user32

DrawTextA
GetDC
wsprintfA
ReleaseDC
FillRect

gdi32

DeleteObject
SetTextColor
DeleteDC
TextOutA
SetMapMode
SetTextAlign
SetBkColor
SetTextCharacterExtra
GetStockObject
CreateFontA
SelectObject
CreateDIBSection
CreateCompatibleDC
GdiFlush

ole32

CoInitializeEx
CoUninitialize

Exports

Exports

ARGBAttenuate
ARGBBlend
ARGBScale
ARGBToI420
ARGBToRGB24
AVS_linkage_get
AVS_linkage_set
CreateScriptEnvironment
FFMS_AssureIndex
FFMS_ClearSource
FFMS_DestroyIndex
FFMS_KeyPTS
FFMS_MediaInformation
FFMS_ProcessIndex
I420Scale
J420ToARGB
RGB24ToARGB
ScalePlane
_AvisynthPluginInit3@8
avs_bit_blt
avs_bits_per_pixel
avs_clip_get_error
avs_create_script_environment
avs_gc
avs_get_audio
avs_get_envplus
avs_get_error
avs_get_frame
avs_get_height_p
avs_get_pitch_p
avs_get_read_ptr_p
avs_get_row_size_p
avs_get_version
avs_get_video_info
avs_release_clip
avs_release_value
avs_release_video_frame
avs_set_to_clip
avs_take_clip
avs_wrapper_clip
deinit_filter_3dlut
dzlog
dzlog_init
init_filter_3dlut

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80a4560f4bd5538584974b50badbf146

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 450KB - Virtual size: 450KB

.data Size: 44KB - Virtual size: 188KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 129KB - Virtual size: 129KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 450KB - Virtual size: 450KB

.data
Size: 44KB - Virtual size: 188KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 129KB - Virtual size: 129KB