c0f537398cad9d95949cec8d6dad6e72

Sharing

Copy URL

Twitter E-mail

General

Target

c0f537398cad9d95949cec8d6dad6e72
Size

342KB
MD5

c0f537398cad9d95949cec8d6dad6e72
SHA1

0a4c8f90af95d5f8817b6eab0bcaf6b0cb5c7c4a
SHA256

07112947cdd47b405204ad3efcf6c9d15b84359244573b71db342f34beb9b8c0
SHA512

82c0711833f810013480c11d45627acbc8c775009b2fdf000c7543d44aed21ed1993036c92c77a222f33acb56f1cda2923e2b85518d16242ea852c8a22b339e5
SSDEEP

6144:fq3yp7dczfDLwgzJbRvIpmHwv7KiIhahyTycThb/OZMfPSk0Yy/ul+ME82RzLTHS:fsyp7uPLkIhHTyZMfPSJYCul+MEPxLTy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0f537398cad9d95949cec8d6dad6e72

Files

c0f537398cad9d95949cec8d6dad6e72
.dll windows:6 windows x86 arch:x86

2e65581ca96485f2368b26545332e12b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAAsyncGetServByName
WSACancelAsyncRequest
WSAAsyncGetProtoByName

comctl32

UninitializeFlatSB
FlatSB_GetScrollPos
InitializeFlatSB
ImageList_DragMove

version

VerFindFileA
VerFindFileW

kernel32

EscapeCommFunction
MoveFileExA
GetCurrentActCtx
CreateFileA
GetSystemDirectoryA
DeleteFileA
GlobalAlloc
TransmitCommChar
FindFirstFileA
FillConsoleOutputAttribute
GetLastError
LocalFree
CreateJobObjectA
CreateConsoleScreenBuffer
ExitProcess
GetLongPathNameA
FreeLibrary
CreateDirectoryA
CreateEventA
HeapSize
WriteConsoleW
SetFilePointerEx
Sleep
SetCurrentDirectoryA
GetVolumeInformationA
CreateFileMappingA
QueryInformationJobObject
ReadFile
HeapReAlloc
CreateFileW
FindClose
FindNextFileA
VirtualAlloc
GetFileSize
VirtualFree
CloseHandle
TerminateProcess
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
DecodePointer
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetACP
ReadConsoleW
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA

user32

WindowFromPoint

comdlg32

FindTextA
FindTextW
GetFileTitleW

advapi32

GetTrusteeFormW
RegCloseKey
ObjectCloseAuditAlarmW
CredReadDomainCredentialsW
RegQueryValueExA
SetServiceStatus
RegCreateKeyExA
CredFree
GetUserNameA
LookupAccountNameA
RegSetValueExA
AccessCheckAndAuditAlarmW
GetSecurityInfo
GetTrusteeFormA

shell32

SHGetFolderPathA

ole32

IIDFromString
CreateFileMoniker
CoInvalidateRemoteMachineBindings
CLSIDFromProgIDEx

Exports

Exports

ServiceMain
add_block_motion
cleanup_txs
frame_I_encode_MB
getheader
init_block_cbp
ms_fs
write_h263_mv

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e65581ca96485f2368b26545332e12b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

comctl32

version

kernel32

user32

comdlg32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 270KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 271KB - Virtual size: 270KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 10KB - Virtual size: 9KB