0e5be21b2379f486f49ddc9442440d7c15b1ac85d8b6bdf376e9c6507c411094

Sharing

Copy URL Twitter E-mail

General

Target

0e5be21b2379f486f49ddc9442440d7c15b1ac85d8b6bdf376e9c6507c411094
Size

364KB
MD5

c134130d3ee29ffe549c915c1166cf0c
SHA1

0c8e18c5b23d1f2b3c67c960db05318de3262888
SHA256

0e5be21b2379f486f49ddc9442440d7c15b1ac85d8b6bdf376e9c6507c411094
SHA512

b5074830922e1b81a100f2492696a01565ad44aeb3ec63525d000551ae352f5950ecc48e7073e11509fbec687887e520b0f0960b3a149a12771c761604f732fa
SSDEEP

6144:sP6TwCCZgnJg3JELoHfChay5JGF2H29DFxe:i6TwCC2uJEUfC55JOo29y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e5be21b2379f486f49ddc9442440d7c15b1ac85d8b6bdf376e9c6507c411094

Files

0e5be21b2379f486f49ddc9442440d7c15b1ac85d8b6bdf376e9c6507c411094
.dll windows:4 windows x86 arch:x86

1131c44b030b9848bc7f44440386008e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dmsgobj

_bDllMOGetMsgObj@8
_lDllMOCreateMsgObj@0
_vDllMODelMsgObj@4
_bDllMOSetMsgObj@8
_lpsDllMOKeepBuf@12
_lpsDllMOGetBufPtr@12
_lpsDLLMOArgOffsetBufAlc@8
_lpsDLLGetArgBuf@8
_bDLLGetArgInfData@24
_wDLLMOArgInfSize@16

dras

_vMsgObjTrcInfGet@8
_vMsgObjTrace2@40
_vMsgObjTrace@24

dwndhand

_hwndDllWndHandGetWndHand@8
_nDllWndHandSetWndHand@8

ksbas

_F_RightShift@24
_F_ATMDateGet@24
_F_ATMTimeGet@16
_F_CommaEdit@24

mfc71

ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5165
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4265
ord3207
ord745
ord6090
ord2353
ord557
ord2955
ord635
ord5563
ord3997
ord2271
ord5630
ord2910
ord784
ord631
ord865
ord2902
ord3934
ord386
ord629
ord5625
ord5323
ord1439
ord2903
ord5089
ord781
ord305
ord384
ord744
ord1452
ord2469
ord4109
ord1482
ord5346
ord298
ord5097
ord556
ord578
ord876
ord2322
ord310
ord6006
ord1185
ord5715
ord5493
ord2703
ord3201
ord380
ord2387
ord1489
ord299
ord2933
ord6118
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2410
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord2990
ord4481
ord4261
ord3333
ord566
ord757
ord1440
ord5403
ord2468
ord2751
ord2748
ord3931
ord2288
ord2280
ord304
ord3255
ord395
ord1908
ord5713
ord443
ord676
ord444
ord5458
ord1001
ord5443
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord2385
ord765
ord315
ord1037
ord1206
ord1208
ord1098
ord371
ord1120
ord1201
ord1175
ord1177
ord1209
ord1084
ord1092
ord1167
ord581
ord2408
ord2413
ord297
ord2394
ord314
ord3648
ord764
ord762
ord2246
ord1913
ord2615
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4277
ord4722
ord3403
ord1306
ord2173
ord5205
ord4185
ord6275
ord5073
ord5148
ord4244
ord1402
ord3945
ord1617
ord1620
ord5915
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2063

msvcr71

__security_error_handler
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
strrchr
strncpy
_localtime64
_time64
__CxxFrameHandler
_except_handler3
memcpy
memset
malloc
free
strcpy
_CxxThrowException
atoi
sprintf
memcmp
strtok
strlen
strcmp
_stricmp

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
GlobalAlloc
Sleep
GlobalLock
GlobalUnlock
GlobalFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
CreateDirectoryA
DeleteFileA
CreateFileA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExA

user32

PostMessageA
SendMessageA

shlwapi

PathFileExistsA

Exports

Exports

F_CreateMainWnd
dllUSSND_F_Clear
dllUSSND_F_DataGet
dllUSSND_F_InfoGet
dllUSSND_F_Init
dllUSSND_F_MsgCreate
dllUSSND_F_VersionGet
dllUSSND_lTLLProc

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1131c44b030b9848bc7f44440386008e

Headers

File Characteristics

Imports

dmsgobj

dras

dwndhand

ksbas

mfc71

msvcr71

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 257KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 24KB - Virtual size: 20KB