66acd8d1bd1f6dcafdf032bb6a65e22c3d86b187a465b4adcade0e9e5ba45ad5

Sharing

Copy URL Twitter E-mail

General

Target

66acd8d1bd1f6dcafdf032bb6a65e22c3d86b187a465b4adcade0e9e5ba45ad5
Size

316KB
MD5

9e716ecae7a5bcd603b94713328e8ad4
SHA1

84148b7c015f2ba8d57a5c4a005ede911de1cc5a
SHA256

66acd8d1bd1f6dcafdf032bb6a65e22c3d86b187a465b4adcade0e9e5ba45ad5
SHA512

3ccbd7f57bd39d56ced19b79bf734fc114f12b99a91442621d8150cacc3dc19ac2276ab624f9f98d79ddf024a5e79d36cb3c81bcab090c3e1844e1007c854794
SSDEEP

6144:xmthhEKKpkuBKzi1OhXzBCAyf4l9eD5RBmM5nDAOzy6faz:xmt7BK3X1OfKDD5RBFD6z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66acd8d1bd1f6dcafdf032bb6a65e22c3d86b187a465b4adcade0e9e5ba45ad5

Files

66acd8d1bd1f6dcafdf032bb6a65e22c3d86b187a465b4adcade0e9e5ba45ad5
.dll windows:5 windows x86 arch:x86

dc71f222d31848ec59d556caf7ceabde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\SVN\TrTextExtractor\Release\TrComOleFilter.pdb

Imports

kernel32

GetFileAttributesExW
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetProcAddress
DecodePointer
InitializeCriticalSectionAndSpinCount
GetLastError
FreeLibrary
LoadLibraryExA
ExpandEnvironmentStringsA
GetModuleFileNameA
WriteConsoleW
FindClose
DeleteCriticalSection
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
HeapSize
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
GetStringTypeW
SetLastError
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
CloseHandle
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwind
CreateFileW
GetFileType
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetStdHandle
GetProcessHeap
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CLSIDFromString

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen

Exports

Exports

DealFileFilter
GetType
Init
Release

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc71f222d31848ec59d556caf7ceabde

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 212KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 8KB - Virtual size: 12KB

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 212KB - Virtual size: 212KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 8KB - Virtual size: 12KB

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB