dplaysvr[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dplaysvr.exe
Size

22KB
MD5

5e3e464f48f3f3de66cd84f62d9a0284
SHA1

2534fb5cbe3f1c72cc5ffd708fdb5f6a31dca2ea
SHA256

f6c06c1dfbf0d864080c3c81c4ed6ae6fafc74b0fe0bb7fa72e2d6ca9d83a6ea
SHA512

10a73e34b19fee29ade7d8f2d02329fdb95f597f5249f5d4f55367780f655dfba3b9f338ef494a768e4854451700d19ba690a972577dad0b6bd56f8c2f170274
SSDEEP

384:dAvI1V6H3xmg4vRsh0d5PmEYJWwLrHJOEJxQgbh8j8lafxomWYSSWvah:dmAIxmjP5PmEmnjJOEHQgbQiTO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dplaysvr.exe

Files

dplaysvr.exe
.exe windows:10 windows x86 arch:x86

65216d4f8d181cb3a28bf3dce203e7c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dplaysvr.pdb

Imports

advapi32

AddAccessAllowedAce
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GetCurrentProcess
TerminateProcess
LeaveCriticalSection
InitializeCriticalSection
CreateMutexA
WaitForSingleObject
UnmapViewOfFile
ExitThread
OpenProcess
EnterCriticalSection
SetCurrentDirectoryA
GetLastError
SetEvent
GetSystemDirectoryA
LoadLibraryA
GetVersionExA
HeapReAlloc
CloseHandle
CreateThread
HeapSetInformation
HeapAlloc
GetProcAddress
CreateFileMappingA
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
FreeLibrary
CreateEventA
MapViewOfFile
RegisterApplicationRestart
SetUnhandledExceptionFilter
HeapFree
IsProcessorFeaturePresent
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
GetStartupInfoW

gdi32

GetStockObject

user32

GetMessageA
DispatchMessageA
RegisterClassA
CreateWindowExA
DefWindowProcA
TranslateMessage

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__strnicmp
_o_exit
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
memcpy

api-ms-win-crt-string-l1-1-0

memset

winmm

timeGetTime

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65216d4f8d181cb3a28bf3dce203e7c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

winmm

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB