d758c5c84761dcbb96e17051175b02968f1963159057618500045ef9af4811cf

Sharing

Copy URL

Twitter E-mail

General

Target

d758c5c84761dcbb96e17051175b02968f1963159057618500045ef9af4811cf
Size

3.7MB
MD5

e7c94271009fe90c2d729519772a5aad
SHA1

6202a251e91a816e60290f73a4b77781da37dc3a
SHA256

d758c5c84761dcbb96e17051175b02968f1963159057618500045ef9af4811cf
SHA512

2b278ff0d182064979e09d1e552e73490127681abea32d86bd5a4a0fa23022649142faf1205be0f0928c1b1c29030853114ade95013d553e2b5016aa7656de7f
SSDEEP

12288:F32wTsOtabRahpCO7290uonjILWN8kO7Tf7aqDl0DTRGyAqf6B0O3l/2uYpif2:hT/6whpCO729DLhtTf7aJZG+O0qRGi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d758c5c84761dcbb96e17051175b02968f1963159057618500045ef9af4811cf

Files

d758c5c84761dcbb96e17051175b02968f1963159057618500045ef9af4811cf
.exe windows:4 windows x86 arch:x86

795fd36c46c0d87d794bbbcefc76bbef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\CLIENT\Dproject\Tool\Launcher\release\D-Player.pdb

Imports

wininet

HttpQueryInfoW
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
InternetOpenW
InternetOpenUrlW

mfc80u

ord2725
ord1542
ord602
ord2531
ord1661
ord5196
ord1662
ord1590
ord2011
ord1270
ord1646
ord4884
ord1647
ord4729
ord1955
ord4206
ord5171
ord5178
ord3198
ord1353
ord5633
ord4961
ord1920
ord3296
ord283
ord2361
ord310
ord578
ord3383
ord265
ord266
ord784
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4523
ord4474
ord4965
ord4510
ord4667
ord4267
ord4194
ord2711
ord4942
ord1553
ord4788
ord5162
ord4281
ord1351
ord4370
ord3338
ord4371
ord2414
ord4957
ord4790
ord4704
ord2413
ord4799
ord5047
ord4958
ord2415
ord4643
ord4940
ord4501
ord2412
ord4955
ord4668
ord4125
ord2411
ord1293
ord1999
ord4126
ord5202
ord5147
ord1393
ord1610
ord5910
ord347
ord6763
ord3968
ord4854
ord410
ord4857
ord648
ord4373
ord4378
ord4375
ord3644
ord4393
ord4395
ord4380
ord4770
ord4581
ord4514
ord4172
ord4358
ord4165
ord4974
ord4383
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord4908
ord4513
ord4914
ord4553
ord384
ord629
ord5083
ord6284
ord3990
ord2261
ord774
ord899
ord5723
ord6274
ord3795
ord6272
ord4008
ord4032
ord3824
ord5971
ord334
ord593
ord5113
ord2239
ord3327
ord4255
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord4535
ord3826
ord3677
ord5378
ord6215
ord5096
ord1007
ord3800
ord566
ord5579
ord757
ord2009
ord2829
ord4320
ord4026
ord1079
ord6233
ord6063
ord2365
ord3176
ord900
ord501
ord709
ord3735
ord4743
ord2789
ord4121
ord4112
ord2366
ord4301
ord6720
ord2708
ord5908
ord2856
ord1611
ord2534
ord1608
ord2640
ord3940
ord2527
ord1392
ord3712
ord4238
ord3713
ord5148
ord3703
ord1899
ord2638
ord5067
ord3943
ord6271
ord4480
ord589
ord4179
ord4256
ord330
ord5199
ord1894
ord762
ord3397
ord4716
ord4276
ord1591
ord5956
ord6061
ord5231
ord605
ord5229
ord354
ord920
ord4574
ord925
ord929
ord927
ord3435
ord931
ord2384
ord3635
ord2404
ord6086
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord6033
ord2163
ord5727
ord1513
ord5638
ord6273
ord3796
ord6275
ord3339
ord1925
ord1271
ord293
ord1058
ord577
ord2311
ord3155
ord1118
ord3204
ord764
ord1198
ord3471
ord2054

msvcr80

__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
rand
_chmod
_close
calloc
_read
_sopen_s
_strlwr_s
_write
_lseeki64
realloc
_lock
_vsnwprintf_s
vsprintf_s
memset
memcpy
_itow_s
_wcsicmp
_wtoi
wcstok_s
memmove_s
_waccess_s
free
malloc
_wtol
??0exception@std@@QAE@XZ
_access_s
strcat_s
strrchr
_onexit
_decode_pointer
_CRT_RTC_INITW
?terminate@@YAXXZ
_purecall
sprintf_s
strcpy_s
swprintf_s
??0exception@std@@QAE@ABQBD@Z
wcscat_s
wcsncpy_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_except_handler4_common
_invoke_watson
??0exception@std@@QAE@ABV01@@Z
wcscpy_s
_CxxThrowException
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3

kernel32

CloseHandle
GetProcessHeap
HeapAlloc
ReadFile
HeapFree
GetFileSize
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetCurrentThreadId
RaiseException
FindClose
DeleteFileA
GetLastError
Sleep
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
CreateDirectoryW
CreateFileW
WaitForSingleObject
DeleteFileW
FindFirstFileW
FindNextFileW
CreateToolhelp32Snapshot
Process32FirstW
SetFilePointer
GetWindowsDirectoryW
WaitForMultipleObjects
CreateEventW
SetEvent
SetFileAttributesA
GetFileAttributesA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
DebugBreak
LoadLibraryA
GetModuleFileNameW
VirtualQuery
CreateFileA
FreeLibrary
GetFileAttributesW
SetFileAttributesW
LoadLibraryW
GetProcAddress
WideCharToMultiByte
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
Process32NextW
WriteFile

user32

IsIconic
GetSystemMenu
SetWindowLongW
GetWindowLongW
LoadIconW
AppendMenuW
ReleaseCapture
SendMessageW
FindWindowW
GetWindowRect
SetRect
DrawIcon
SetWindowRgn
GetClientRect
EnableWindow
GetSystemMetrics
PostMessageW
SetCapture
MessageBoxW
DrawTextW
GetCursorPos
IsWindowVisible
GetDC
LoadBitmapW
MessageBoxA
PtInRect

gdi32

CreateRoundRectRgn
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
CreateFontW
BitBlt
GetTextExtentPoint32W

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
StrStrIA
PathIsDirectoryW

urlmon

URLDownloadToFileW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

795fd36c46c0d87d794bbbcefc76bbef

Headers

File Characteristics

PDB Paths

Imports

wininet

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

urlmon

msvcp80

version

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB