c3cf960a027a216ab19a67d2d6d2dbc6

Sharing

Copy URL

Twitter E-mail

General

Target

c3cf960a027a216ab19a67d2d6d2dbc6
Size

298KB
MD5

c3cf960a027a216ab19a67d2d6d2dbc6
SHA1

6388db27aba1050f7e6ab26661f0153aae9558d4
SHA256

ac1b30faab0536ed55a5211effe1d78dc868689c84e7fdc1fc8da4a7dbc8ffb1
SHA512

cb9163cea53890758bab9831627d16391709044d810380d6cb44e8ab0588d2b50ebfbfa9c569effd153283a638d19c6ab5ce7f25f1e2d6d1000f74cb4bc0908d
SSDEEP

6144:OSUrkRPeCYbX44Sc3ZMAwh9p0nsYWECoOeTgqO5i4hTChhhh5abgrwaSjWECoOeh:OS28hYbo7cpjwvpRa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3cf960a027a216ab19a67d2d6d2dbc6

Files

c3cf960a027a216ab19a67d2d6d2dbc6
.exe windows:6 windows x86 arch:x86

b9ae32f9e5404c5c0a9753ef7f6eea5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WMPNSCFG.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
GetAclInformation
GetAce
SetSecurityInfo
InitializeAcl
AddAce
CopySid
IsValidSid
GetLengthSid
EqualSid
ConvertStringSidToSidW
LookupAccountNameW
ConvertSidToStringSidW
GetSecurityInfo

kernel32

GlobalAlloc
WaitForMultipleObjects
CreateEventW
lstrcmpW
MulDiv
SetLastError
GetVersionExW
GlobalLock
lstrcpynW
CompareStringW
Sleep
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
GlobalUnlock
FormatMessageW
CreateThread
LocalFree
OpenEventW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
lstrcpynA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
RtlUnwind
OutputDebugStringA
GetStartupInfoW
VirtualAlloc
VirtualFree
GetVersion
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DelayLoadFailureHook
FindResourceW
FindResourceExW
CloseHandle
lstrlenW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
WaitForSingleObject
RaiseException
SetEvent

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetStockObject

user32

DestroyAcceleratorTable
SetFocus
GetFocus
IsWindow
CreatePopupMenu
TrackPopupMenuEx
AppendMenuW
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
LoadStringA
MessageBeep
PtInRect
CreateAcceleratorTableW
GetSystemMetrics
SetForegroundWindow
GetCursorPos
GetWindowLongW
ShowWindow
SetWindowPos
GetDlgItem
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
DispatchMessageW
EndPaint
GetDesktopWindow
PeekMessageW
CharNextW
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadImageW
wsprintfW
LoadCursorW
IsChild
GetClassInfoExW
LoadAcceleratorsW
LoadMenuW
LoadStringW
PostMessageW
SetTimer
KillTimer
RegisterWindowMessageW
EnableMenuItem
SetMenuDefaultItem
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
SendMessageW
TrackPopupMenu
GetSubMenu
DefWindowProcW
SetWindowTextW
GetWindowTextW
CallWindowProcW
FillRect
ReleaseCapture
GetMessageW
BeginPaint
TranslateMessage
GetClassNameW
GetWindowTextLengthW
PostQuitMessage
GetSysColor
MoveWindow
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
UnregisterClassA
SetWindowLongW

msvcrt

_controlfp
_onexit
_lock
__dllonexit
_unlock
realloc
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
calloc
_errno
__CxxFrameHandler
_purecall
memset
??_U@YAPAXI@Z
wcsncpy
malloc
??2@YAPAXI@Z
free
memcpy
??_V@YAXPAX@Z
??3@YAXPAX@Z
memmove
_CxxThrowException

ole32

StringFromIID
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

gdiplus

GdiplusShutdown
GdipCloneImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipSetPropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusStartup

shlwapi

SHCreateStreamOnFileW

secur32

GetUserNameExW

netapi32

NetApiBufferFree
NetGetJoinInformation

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9ae32f9e5404c5c0a9753ef7f6eea5a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

gdiplus

shlwapi

secur32

netapi32

Sections

.text Size: 94KB - Virtual size: 94KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 193KB - Virtual size: 193KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 94KB - Virtual size: 94KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 193KB - Virtual size: 193KB

.reloc
Size: 7KB - Virtual size: 7KB