5c629e2d247528de6b755f3c82c5163b

Sharing

Copy URL Twitter E-mail

General

Target

5c629e2d247528de6b755f3c82c5163b
Size

2.0MB
MD5

5c629e2d247528de6b755f3c82c5163b
SHA1

26b22db7e5a9df5805772fef9624251c62f2f5a6
SHA256

eefbcb5fc80beb597153008050522b812c758184f4e4acacbcdbb77bb67fd736
SHA512

7bc3d527eef2f0d94d8471408e665dd47769871907b45e6781ecb755691d81b834441d8074671c41690e874d2395c027fb4807a6bb6a3e527708c0a1e208a5ac
SSDEEP

49152:93hcsyLqzu2ZntF6yl64twch/5mEnaoFLG:93hcLqK2Zn/6yl64twch5aoF6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c629e2d247528de6b755f3c82c5163b

Files

5c629e2d247528de6b755f3c82c5163b
.dll windows:10 windows x86 arch:x86

c57787232ec945da083cae373aa2467c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ImagingEngine.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_controlfp
_control87
_clearfp
_initterm

api-ms-win-crt-private-l1-1-0

_o__fpclass
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__strdup
_o__stricmp
_o__CIsqrt
memmove
_o__waccess
_o__wcsicmp
_o__wcsnicmp
_o_atof
_o_atoi
_o_calloc
_o_ceil
_o_floor
_o_free
_o_isalnum
_o_isalpha
_o_isdigit
_o_isspace
_o_isxdigit
_o_malloc
_o_qsort
_o_setlocale
_o_terminate
_o_tolower
_o_toupper
_o_wmemcpy_s
__current_exception
__current_exception_context
_except_handler4_common
_o__CIsinh
_o__CIsin
_o__CIpow
_o__CIlog
_o__CIfmod
_o__CIexp
_o__CIcosh
_o__CIcos
_o__CIatan2
_o__CIatan
_o__CIasin
_o__CIacos
_o__cexit
_o__callnewh
_o__beginthreadex
wcsrchr
_CxxThrowException
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o__CItanh
_o__CItan
strchr
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcspbrk
memset

kernel32

GetSystemInfo
GetModuleHandleA
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
VirtualAlloc
VirtualFree
HeapFree
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
GetProcessHeap
FlushInstructionCache
GetProcAddress
InterlockedPushEntrySList
ResetEvent
InitializeCriticalSectionAndSpinCount
lstrcmpiA
WideCharToMultiByte
WaitForSingleObject
SetEvent
ResumeThread
CreateEventW
MapViewOfFile
UnmapViewOfFile
GetLastError
CreateFileMappingW
DeleteFileW
GetTempPath2W
GetTempFileNameW
CreateFileW
CloseHandle
SetLastError
RaiseException
QueryPerformanceFrequency
Sleep
FindResourceExW
LoadResource
LockResource
SizeofResource
EnterCriticalSection
LeaveCriticalSection
InterlockedPopEntrySList
GetFullPathNameA
LoadLibraryA
CreateFileA
CreateFileMappingA
GetFileSize
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
DisableThreadLibraryCalls
SystemTimeToFileTime
GetSystemTime
GetCurrentProcessId
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx

advapi32

RegQueryValueExA
RegQueryValueExW
TraceEvent
RegOpenKeyExW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExA

photobase

?BaseAtlThrow@ATL@@YGXJ@Z
?Initialize@Base@@YGXXZ
?Throw@Base@@YGXJ@Z
?New@BasePrivate@@YAPAXI_N@Z
??1Exception@Base@@UAE@XZ
?GetBaseStringManager@String@Base@@SGAAVCAtlStringMgr@ATL@@XZ
?GetAssertCallback@Base@@YGAAP6G_NPBDH0@ZXZ
?ThrowLastError@Base@@YGXXZ
?IsVistaOrGreater@OS@Base@@YG_NXZ
?Delete@BasePrivate@@YAXPAX@Z

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

api-ms-win-crt-math-l1-1-0

_isnan
_finite

shlwapi

PathRemoveFileSpecW
PathFileExistsW

gdi32

RectInRegion
CreateCompatibleDC
CreateDIBitmap
BitBlt
SelectObject
DeleteObject
CreateRectRgnIndirect
CreateRectRgn
CombineRgn
GetRgnBox
SetRectRgn
DeleteDC
CreateDCW
GetDeviceCaps
GetICMProfileW
GetRegionData

user32

SetWindowLongW
InvalidateRect
GetClientRect
GetWindowLongW
InvalidateRgn
EnumDisplayMonitors
UnregisterClassA
ScreenToClient
GetSysColor
ScrollWindowEx
BeginPaint
ReleaseDC
GetDC
IsWindow
GetMonitorInfoW
DestroyWindow
GetUpdateRgn
SetCapture
EndPaint
CreateWindowExW
GetClassInfoExW
ReleaseCapture
LoadCursorW
RegisterClassExW
GetSystemMetrics
DefWindowProcW
CallWindowProcW
GetWindowRect
GetCursorPos
SetCursor

ole32

CoCreateInstance
PropVariantClear

mscms

CreateMultiProfileTransform
GetColorProfileHeader
OpenColorProfileW
GetColorProfileFromHandle
IsColorProfileValid
TranslateBitmapBits
DeleteColorTransform
GetColorDirectoryW
CloseColorProfile
GetColorProfileElement

d3d9

Direct3DCreate9

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c57787232ec945da083cae373aa2467c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

advapi32

photobase

oleaut32

api-ms-win-crt-math-l1-1-0

shlwapi

gdi32

user32

ole32

mscms

d3d9

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 10KB - Virtual size: 22KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 10KB - Virtual size: 22KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 64KB - Virtual size: 64KB