be13f030e509ab938b5e5353bb563cb5

General

Target

be13f030e509ab938b5e5353bb563cb5
Size

64KB
MD5

be13f030e509ab938b5e5353bb563cb5
SHA1

df78baea4169977d32543849afb7303f627893e5
SHA256

e31ba1be8532dee5404e87e4ed2a1d9d2db0b0dd9f5ff585fad58e62e2502aba
SHA512

706a5837992da7f58972f12db19fd9b1d2f95883aad48bb141dcb6f9d4a04efd33c6bdd30aadd6e3703d2ce7da9dee69b5ed1ec24f7e2a3878b084872ace4404
SSDEEP

768:EsBjdAbJ/FgpCbLIcKaDzR+YsG1BaBPflwOuwrCCpsHqe/ScgP6Cclx+oEv4:EgibJ/FcimaWGVOuw1pMGalfU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be13f030e509ab938b5e5353bb563cb5

Files

be13f030e509ab938b5e5353bb563cb5
.dll windows:4 windows x86 arch:x86

6fdd7c6f4aae5f5aa047bf25fc5afb01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wmvcore

WMCreateReader
WMCreateWriter

kernel32

GetModuleHandleA
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetCurrentProcessId
GetSystemInfo
VirtualProtect
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
HeapFree
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetModuleFileNameA
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetProcAddress
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LoadLibraryA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA

user32

GetMessageA
DispatchMessageA
TranslateMessage

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fdd7c6f4aae5f5aa047bf25fc5afb01

Headers

File Characteristics

Imports

wmvcore

kernel32

user32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 4KB