841e804ee8334fb03ca41cf760237b8471e0184448ad36a1beeb06b1031f1e56

Sharing

Copy URL

Twitter E-mail

General

Target

841e804ee8334fb03ca41cf760237b8471e0184448ad36a1beeb06b1031f1e56
Size

3.2MB
MD5

fb756bf9161ca129a7952fe4e073d624
SHA1

d29e5b57c86a3208122819e5ec4b141d8de54f2d
SHA256

841e804ee8334fb03ca41cf760237b8471e0184448ad36a1beeb06b1031f1e56
SHA512

f9a7654a2a1fbb015a5e072ec945545fa8151a0818e685c21aa229f3b0be431a835f1c671dccc36b18a0d0cd699aff8e4a1cff7331c3d69285d1d259f51771cf
SSDEEP

98304:hePSLgdqU18mXaCXAs7cDc2PR96Ym/aL:hePVYYaCwsJ2PR961/A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
841e804ee8334fb03ca41cf760237b8471e0184448ad36a1beeb06b1031f1e56

Files

841e804ee8334fb03ca41cf760237b8471e0184448ad36a1beeb06b1031f1e56
.dll regsvr32 windows:4 windows x86 arch:x86

16bad2e3a748b77397c232976868fc19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer9_DotReleases\platform\win32\netscape\Release\NPSWF32.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winmm

waveOutGetPosition
waveOutWrite
waveOutPrepareHeader
waveOutGetDevCapsA
waveInGetDevCapsA
waveOutGetNumDevs
waveOutReset
waveInStart
waveInAddBuffer
waveInStop
waveInClose
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
waveInOpen
waveOutUnprepareHeader
waveOutClose
waveOutOpen
timeEndPeriod
timeBeginPeriod
timeSetEvent
timeGetTime
waveInGetNumDevs
timeKillEvent
timeGetDevCaps

wininet

HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

crypt32

CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore
CryptVerifyMessageSignature

rpcrt4

UuidToStringA
RpcStringFreeA

oleaut32

SysFreeString
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocString

kernel32

lstrlenW
FreeResource
_lclose
_lwrite
OpenFile
LockResource
LoadResource
SizeofResource
FindResourceA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetModuleHandleA
GetCurrentDirectoryA
CreateDirectoryA
GetEnvironmentVariableA
GlobalFree
WideCharToMultiByte
FreeLibrary
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
CreateWaitableTimerA
WaitForSingleObject
SetWaitableTimer
CreateThread
GetSystemDefaultLangID
MoveFileA
GetFileAttributesA
VirtualQuery
GetSystemInfo
GetUserDefaultLangID
ExitThread
GetModuleFileNameA
SetFilePointer
FindResourceExA
FindResourceExW
GlobalAlloc
SetUnhandledExceptionFilter
GetTempPathA
GetCurrentProcess
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
ReadFile
GetFileSize
CreateMutexA
GetFileAttributesExA
SetCurrentDirectoryA
RemoveDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
CreateProcessA
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
GetProcessTimes
CreateEventA
SetEvent
ResetEvent
WaitForMultipleObjects
ReleaseSemaphore
VirtualFree
CreateSemaphoreA
VirtualAlloc
GetThreadPriority
VirtualProtect
ExitProcess
HeapAlloc
RtlUnwind
lstrlenA
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
SetErrorMode
LoadLibraryA
GetProcAddress
GetCurrentThread
SetThreadAffinityMask
IsDBCSLeadByte
GetCPInfo
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapFree
GetProcessHeap
HeapReAlloc
TerminateProcess
HeapSize
SetLastError
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetOEMCP
GetStdHandle
SetStdHandle
FlushFileBuffers
GetFileAttributesW

user32

IsWindow
MapVirtualKeyA
WaitForInputIdle
GetForegroundWindow
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
EndDialog
GetWindowRect
GetDesktopWindow
LoadIconA
GetDlgItem
SetWindowTextA
GetMenuItemCount
GetMenuItemInfoA
InsertMenuItemA
MonitorFromWindow
GetCapture
SystemParametersInfoA
ScreenToClient
GetMenuItemID
DeleteMenu
TrackPopupMenu
ReleaseCapture
SetCapture
GetCursorPos
WindowFromPoint
GetParent
CreateWindowExA
SetWindowPos
ShowWindow
DestroyWindow
DispatchMessageA
FillRect
DefWindowProcA
RegisterClassA
SendMessageA
SendNotifyMessageA
SetWindowLongA
KillTimer
SetTimer
GetSystemMetrics
EnumDisplaySettingsA
MessageBoxA
PostMessageA
GetFocus
GetTopWindow
LoadStringA
GetKeyState
GetDC
ReleaseDC
BeginPaint
EndPaint
LoadMenuA
GetSubMenu
DestroyMenu
EnableMenuItem
CheckMenuItem
InvalidateRect
LoadCursorA
SetCursor
ClientToScreen
SetFocus
GetWindowInfo
CopyRect
SendInput
UnregisterClassA
GetDoubleClickTime
RegisterWindowMessageA
MsgWaitForMultipleObjects
PeekMessageA
GetQueueStatus
PostThreadMessageA
EmptyClipboard
SetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
RegisterClipboardFormatA
GetClientRect
GetWindowLongA
GetKeyboardLayout

gdi32

StretchDIBits
LPtoDP
DeleteDC
CreateDCA
DeleteObject
CreateSolidBrush
RealizePalette
SelectPalette
BitBlt
CreateCompatibleDC
GetStockObject
GdiFlush
ExtTextOutA
SetBkColor
StretchBlt
SetStretchBltMode
GetStretchBltMode
CreateDIBSection
GetDIBits
CreateCompatibleBitmap
CreateFontIndirectA
SelectObject
Rectangle
GetDeviceCaps
GetSystemPaletteEntries
GetClipBox
GetObjectA
SaveDC
RestoreDC
SelectClipPath
PolyBezierTo
LineTo
MoveToEx
SetPolyFillMode
EndPath
BeginPath
GetPixel
StartPage
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
ExtTextOutW
SetTextColor
GetTextMetricsA
GetTextAlign
GetBkMode
GetTextColor
EnumFontFamiliesA
SetTextCharacterExtra
GetClipRgn
CreateRectRgn
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
GetBkColor
CreatePen
GetTextExtentPoint32A
CreatePalette
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
EndPage

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderA

ole32

CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

ws2_32

WSACleanup
closesocket
WSAGetLastError
WSAIoctl
WSAAsyncSelect
ntohl
ioctlsocket
select
gethostname
WSAAddressToStringA
recvfrom
connect
getsockname
setsockopt
sendto
send
recv
WSASetLastError
getservbyport
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
WSAStartup
WSASocketA
socket

Exports

Exports

DllRegisterServer
DllUnregisterServer
Flash_DisableLocalSecurity
Flash_EnforceLocalSecurity
Java_ShockwaveFlash_CurrentFrame_stub
Java_ShockwaveFlash_FlashVersion_stub
Java_ShockwaveFlash_FrameLoaded_stub
Java_ShockwaveFlash_GetVariable_stub
Java_ShockwaveFlash_GotoFrame_stub
Java_ShockwaveFlash_IsPlaying_stub
Java_ShockwaveFlash_LoadMovie_stub
Java_ShockwaveFlash_Pan_stub
Java_ShockwaveFlash_PercentLoaded_stub
Java_ShockwaveFlash_Play_stub
Java_ShockwaveFlash_SetVariable_stub
Java_ShockwaveFlash_SetZoomRect_stub
Java_ShockwaveFlash_StopPlay_stub
Java_ShockwaveFlash_TCallFrame_stub
Java_ShockwaveFlash_TCallLabel_stub
Java_ShockwaveFlash_TCurrentFrame_stub
Java_ShockwaveFlash_TCurrentLabel_stub
Java_ShockwaveFlash_TGetProperty_stub
Java_ShockwaveFlash_TGotoFrame_stub
Java_ShockwaveFlash_TGotoLabel_stub
Java_ShockwaveFlash_TPlay_stub
Java_ShockwaveFlash_TSetProperty_stub
Java_ShockwaveFlash_TStopPlay_stub
Java_ShockwaveFlash_TotalFrames_stub
Java_ShockwaveFlash_Zoom_stub
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
native_ShockwaveFlash_CurrentFrame
native_ShockwaveFlash_FlashVersion
native_ShockwaveFlash_FrameLoaded
native_ShockwaveFlash_GetVariable
native_ShockwaveFlash_GotoFrame
native_ShockwaveFlash_IsPlaying
native_ShockwaveFlash_LoadMovie
native_ShockwaveFlash_Pan
native_ShockwaveFlash_PercentLoaded
native_ShockwaveFlash_Play
native_ShockwaveFlash_SetVariable
native_ShockwaveFlash_SetZoomRect
native_ShockwaveFlash_StopPlay
native_ShockwaveFlash_TCallFrame
native_ShockwaveFlash_TCallLabel
native_ShockwaveFlash_TCurrentFrame
native_ShockwaveFlash_TCurrentLabel
native_ShockwaveFlash_TGetProperty
native_ShockwaveFlash_TGotoFrame
native_ShockwaveFlash_TGotoLabel
native_ShockwaveFlash_TPlay
native_ShockwaveFlash_TSetProperty
native_ShockwaveFlash_TStopPlay
native_ShockwaveFlash_TotalFrames
native_ShockwaveFlash_Zoom
pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_fullinfo
pcre_malloc
pcre_stack_free
pcre_stack_malloc
register_ShockwaveFlash
unregister_ShockwaveFlash
unuse_ShockwaveFlash
unuse_netscape_plugin_Plugin
use_ShockwaveFlash
use_netscape_plugin_Plugin

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16bad2e3a748b77397c232976868fc19

Headers

File Characteristics

PDB Paths

Imports

version

winmm

wininet

crypt32

rpcrt4

oleaut32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 268KB - Virtual size: 266KB

.data Size: 196KB - Virtual size: 1.0MB

.rodata Size: 4KB - Virtual size: 192B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 500KB - Virtual size: 500KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 268KB - Virtual size: 266KB

.data
Size: 196KB - Virtual size: 1.0MB

.rodata
Size: 4KB - Virtual size: 192B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 500KB - Virtual size: 500KB