ec5a277fb7372181c9a22dcdcbdf6241fe4516623630feeeda6f081b26c6044f

Sharing

Copy URL Twitter E-mail

General

Target

ec5a277fb7372181c9a22dcdcbdf6241fe4516623630feeeda6f081b26c6044f
Size

331KB
MD5

102694e172c18e50126d0bbd2199e282
SHA1

9629a705c3c86c11047e2bed5e909ea541c908a3
SHA256

ec5a277fb7372181c9a22dcdcbdf6241fe4516623630feeeda6f081b26c6044f
SHA512

d77d75ac6953a5091b7e925763184953c0657fcd885306f2e59d3dfa1b6a9a140c498629462ba54f5481f71e236ccdef4a842f788326a1247bc258da83a2241d
SSDEEP

6144:uhwHhAZx8kBIWODUESHO6XfKAaqOlb76:uhwB8x896E8O6Xfd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec5a277fb7372181c9a22dcdcbdf6241fe4516623630feeeda6f081b26c6044f

Files

ec5a277fb7372181c9a22dcdcbdf6241fe4516623630feeeda6f081b26c6044f
.dll regsvr32 windows:5 windows x64 arch:x64

fe172520ac41d4877d68c21145624ec6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

commonmathfunctions

ord33
ord24
ord23
ord1
ord32
ord11

mfc100u

ord11362
ord11480
ord7222
ord2023
ord2029
ord321
ord13226
ord10891
ord10922
ord7094
ord10910
ord5049
ord3295
ord266
ord3292
ord1862
ord2025
ord5894
ord878
ord13189
ord13192
ord13190
ord13193
ord13188
ord13191
ord6898
ord11150
ord12889
ord10658
ord13782
ord1457
ord1454
ord7227
ord1291
ord1288
ord280
ord296
ord11175
ord4348
ord1953
ord11658
ord923
ord890
ord6853
ord11542
ord3484
ord3543
ord8221
ord13008
ord6836
ord13002
ord11158
ord11157
ord2117
ord4570
ord13475
ord6895
ord3942
ord11463
ord11523
ord9189
ord10918
ord7246
ord1270
ord6609
ord7321
ord265
ord1278
ord4473
ord4737
ord4907
ord8174
ord4715
ord7657
ord11860
ord11674
ord3306
ord362
ord2137
ord4195
ord5560
ord3320
ord8037
ord9019
ord7096
ord4610
ord286
ord4131
ord1716
ord1276
ord2138
ord5616
ord784
ord5834
ord2076
ord2533
ord2527
ord1290
ord1877
ord1900
ord6293
ord3988
ord6660
ord6670
ord6669
ord4457
ord895
ord2052
ord2017
ord2015
ord2041
ord1950
ord2007
ord396
ord1919
ord2051
ord2049
ord1911
ord1850
ord322
ord1279
ord4612
ord4476
ord4910
ord268

msvcr100

_CxxThrowException
acos
memset
cos
sin
sqrt
pow
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
__CxxFrameHandler3
_purecall
memmove
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
wcscpy_s
wcscat_s
memcpy_s
_recalloc
wcsstr
malloc
free
wcsncpy_s
memcmp

kernel32

LoadLibraryExW
LoadResource
FreeLibrary
Sleep
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FindResourceW
DecodePointer
EncodePointer
LocalAlloc
LocalFree
GetPrivateProfileStringW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress

user32

GetClientRect
SetCapture
LoadCursorW
DestroyCursor
ReleaseCapture
GetWindowRect
GetDC
ReleaseDC
SendMessageW
SetCursor
InvalidateRect
CharNextW

gdi32

BitBlt
GetDeviceCaps
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

ole32

CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysStringLen
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
SysFreeString
LoadRegTypeLi
SysAllocString

msvcp100

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

opengl32

glGetDoublev
glGetIntegerv
glMatrixMode
glMultMatrixd
glPopMatrix
glPushMatrix

glu32

gluProject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe172520ac41d4877d68c21145624ec6

Headers

DLL Characteristics

File Characteristics

Imports

commonmathfunctions

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp100

version

opengl32

glu32

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 175KB - Virtual size: 175KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 175KB - Virtual size: 175KB

.reloc
Size: 2KB - Virtual size: 2KB