53b3a379965b786f0f52568e715ec4c7d2957699800b567990e990a0e4e1f025

Sharing

Copy URL Twitter E-mail

General

Target

53b3a379965b786f0f52568e715ec4c7d2957699800b567990e990a0e4e1f025
Size

3.9MB
MD5

3f91e04b9589b71bdbde187c6e81c447
SHA1

8a84fc301f6e13788e2d3d592f34cb2c4bbb9919
SHA256

53b3a379965b786f0f52568e715ec4c7d2957699800b567990e990a0e4e1f025
SHA512

35333e2da6a688dc108bcc98bd423173094288f430d1864bc1d3a385288427c491529ee0d0417cbd72bf71aca1dd550765e0d48d62efd55d418495067b22fa96
SSDEEP

49152:jV9eeTJ/AI60VTe3XsnVKHJyNJJetJGTDfiFuyT1PtE5xawXOW8Ws4Zg8AavVMdb:/WINVKHcNXvjbxacLx9Jo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53b3a379965b786f0f52568e715ec4c7d2957699800b567990e990a0e4e1f025

Files

53b3a379965b786f0f52568e715ec4c7d2957699800b567990e990a0e4e1f025
.dll regsvr32 windows:6 windows x64 arch:x64

b7c0b42d030587a27636a0c1446cd45a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mf.pdb

Imports

msvcrt

_gcvt_s
_ultoa
_vsnprintf
swscanf_s
_strcmpi
wcstol
iswprint
wcsstr
_wcsicmp
iswdigit
iswalpha
towlower
wcschr
_wtoi
strncmp
strcpy_s
calloc
free
_lock
strtoul
strchr
sprintf_s
strcat_s
wcsrchr
strrchr
_ltow
iswalnum
memchr
strpbrk
_unlock
__dllonexit
wcstok
towupper
_ultow
memcmp
memmove
_onexit
memcpy
_wcsnicmp
wcsncmp
memcpy_s
_purecall
__C_specific_handler
ceil
toupper
isdigit
isxdigit
wcstoul
_ultow_s
logf
sqrtf
malloc
sqrt
pow
atol
_time64
_ui64toa
_itoa
iswxdigit
wcscspn
qsort
wcslen
rand
isalpha
wcsftime
gmtime
time
wcspbrk
_i64tow
_ltoa
_XcptFilter
_initterm
_amsg_exit
_strnicmp
atoi
_stricmp
iswspace
wcscat_s
wcscpy_s
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memmove_s
_vsnwprintf
floor
sinf
cosf
_ui64tow
memset
strncpy_s
cos

atl

ord16
ord21
ord18
ord57
ord23
ord15
ord32
ord30

ntdll

RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

mfplat

MFCreateAlignedMemoryBuffer
ValidateWaveFormat
MFInitMediaTypeFromAMMediaType
MFLockPlatform
MFUnlockPlatform
MFAllocateWorkQueueEx
MFJoinIoPort
MFCreateMemoryStream
MFCreateGuid
MFBlockThread
MFUnblockThread
MFGetNumericNameFromSockaddr
MFSetSockaddrAny
MFCompareSockaddrAddresses
MFGetSockaddrFromNumericName
MFGetConfigurationPolicy
MFGetConfigurationStore
MFGetRandomNumber
MFGetPlatformVersion
MFBeginUnregisterWorkQueueWithMMCSS
MFBeginRegisterWorkQueueWithMMCSS
MFAllocateWorkQueue
MFGetWorkQueueMMCSSTaskId
MFGetWorkQueueMMCSSClass
MFEndRegisterWorkQueueWithMMCSS
MFEndUnregisterWorkQueueWithMMCSS
MFCreateSystemTimeSource
MFIsFeatureEnabled
MFGetConfigurationDWORD
MFAppendCollection
MFGetStrideForBitmapInfoHeader
MFWrapMediaType
MFPutWorkItem
MFCreateEventQueue
MFPutWorkItemEx
MFTEnumEx
MFGetConfigurationString
MFCreateSocket
MFCreateCollection
MFCreateMediaBufferWrapper
MFUnwrapMediaType
MFCreateMediaEvent
CreatePropVariant
MFTEnum
MFCreateURLFromPath
MFCancelCreateFile
MFEndCreateFile
MFCreatePathFromURL
MFBeginCreateFile
MFCompareFullToPartialMediaType
MFCreateFile
MFCreateMemoryBuffer
MFCreateAsyncResult
MFInvokeCallback
MFScheduleWorkItem
FormatTagFromWfx
MFCancelWorkItem
MFScheduleWorkItemEx
MFllMulDiv
MFUnlockWorkQueue
MFLockWorkQueue
MFCreateAttributes
MFCalculateImageSize
MFInitAttributesFromBlob
MFDeserializeAttributesFromStream
MFGetAttributesAsBlobSize
MFGetAttributesAsBlob
MFSerializeAttributesToStream
MFCreateMediaTypeFromRepresentation
MFAddPeriodicCallback
MFGetTimerPeriodicity
MFRemovePeriodicCallback
MFGetSystemTime
MFCalculateBitmapImageSize
MFCreateTempFile
MFCreateStreamDescriptor
MFValidateMediaTypeSize
MFCreateAudioMediaType
MFCreateVideoMediaTypeFromVideoInfoHeader
MFCreateMediaType
MFCreatePresentationDescriptor
MFFrameRateToAverageTimePerFrame
MFCreateSample
CreatePropertyStore
DestroyPropVariant
MFCreateSourceResolver
MFHeapFree
MFHeapAlloc
MFBeginGetHostByName
MFCreateVideoMediaTypeFromVideoInfoHeader2
MFGetMFTMerit
MFStreamDescriptorProtectMediaType
MFTRegisterLocalByCLSID
MFAverageTimePerFrameToFrameRate
MFIsQueueThread
MFInitMediaTypeFromWaveFormatEx
MFInitAMMediaTypeFromMFMediaType
MFCopyImage
MFStartup
MFShutdown
MFFreeAdaptersAddresses
MFGetAdaptersAddresses
MFCreateVideoMediaTypeFromBitMapInfoHeaderEx
MFPlatformBigEndian
MFPlatformLittleEndian
MFCreateUdpSockets
MFGetPlatform
MFEndGetHostByName

kernel32

TzSpecificLocalTimeToSystemTime
LoadLibraryExW
OpenProcess
GetModuleFileNameW
GetComputerNameW
RtlDeleteFunctionTable
InitializeCriticalSectionAndSpinCount
RtlInstallFunctionTableCallback
VirtualProtect
GetOverlappedResult
GetHandleInformation
GetSystemTimeAsFileTime
SetLastError
GetVersion
FreeEnvironmentStringsW
DeviceIoControl
GetDiskFreeSpaceA
GetLocalTime
lstrlenW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetEnvironmentStringsW
GlobalMemoryStatus
DuplicateHandle
GetCurrentThread
SetThreadAffinityMask
GetLogicalProcessorInformation
IsProcessorFeaturePresent
lstrcmpW
QueryPerformanceFrequency
ReleaseMutex
CreateMutexW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateThread
OpenEventW
OpenSemaphoreW
WaitForMultipleObjectsEx
Sleep
GetCurrentThreadId
ReleaseSemaphore
CreateSemaphoreW
HeapSize
WaitForSingleObjectEx
SetUnhandledExceptionFilter
TerminateProcess
GetDiskFreeSpaceW
GetFileSizeEx
GetFullPathNameW
SetFilePointerEx
SetEndOfFile
SetFileValidData
VirtualAlloc
VirtualFree
GetSystemInfo
CompareStringOrdinal
GetTickCount
GetDiskFreeSpaceExW
CompareFileTime
GetWindowsDirectoryW
GetSystemTime
SystemTimeToFileTime
DeleteFileA
GetTempFileNameW
GetFileSize
WriteFile
DeleteFileW
SearchPathW
GetTempPathW
GetFileAttributesW
CopyFileW
CreateDirectoryW
GetVersionExW
GetModuleHandleW
FileTimeToSystemTime
GlobalAlloc
GetSystemDirectoryA
LocalAlloc
LocalFree
CreateFileA
WaitForMultipleObjects
IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateProcessW
GetExitCodeProcess
LoadLibraryW
DebugBreak
GetSystemPowerStatus
GetModuleHandleA
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GetUserDefaultLCID
ResetEvent
SetEvent
WaitForSingleObject
CreateEventW
CloseHandle
MulDiv
QueryPerformanceCounter
GetCurrentProcessId
CompareStringA
lstrlenA
lstrcmpiA
lstrcmpA
ReadFile
CreateFileW
CopyFileExW
LCIDToLocaleName
LocaleNameToLCID
GetLocaleInfoA
GetVersionExA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

user32

GetSystemMetrics
LoadStringW
SetRect
GetClientRect
InSendMessage
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects

advapi32

RegCreateKeyExA
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegEnumKeyW
RegGetValueW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
EventRegister
EventUnregister
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
CryptDestroyKey
CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptImportKey
CryptReleaseContext
CryptAcquireContextW
EventEnabled
CryptGetHashParam
RegisterTraceGuidsW
UnregisterTraceGuids
EventWrite
RegSetValueExW
RegQueryValueExA
RegSetValueExA
RegDeleteValueW
RegDeleteKeyA
RegEnumKeyA
TraceMessage

ole32

GetRunningObjectTable
StringFromCLSID
CoTaskMemRealloc
CoGetMalloc
CoCreateGuid
StringFromGUID2
CoUnmarshalInterface
CreateItemMoniker
CoMarshalInterface
GetHGlobalFromStream
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoFileTimeNow
CoCreateInstance
PropVariantCopy
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CoInitialize
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SystemTimeToVariantTime
SysAllocString
VariantChangeType
SysStringByteLen
SysAllocStringLen
VariantInit
VariantClear
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysStringLen
SysFreeString

rpcrt4

UuidCreate

shlwapi

SHCreateStreamOnFileW
SHStrDupW

ksuser

KsCreatePin
KsCreateClock

avrt

AvSetMmThreadCharacteristicsW

Exports

Exports

AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExtractPropVariant
MFCreate3GPMediaSink
MFCreateASFByteStreamPlugin
MFCreateASFContentInfo
MFCreateASFIndexer
MFCreateASFIndexerByteStream
MFCreateASFMediaSink
MFCreateASFMediaSinkActivate
MFCreateASFMultiplexer
MFCreateASFProfile
MFCreateASFProfileFromPresentationDescriptor
MFCreateASFSplitter
MFCreateASFStreamSelector
MFCreateASFStreamingMediaSink
MFCreateASFStreamingMediaSinkActivate
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateCredentialCache
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateDrmNetNDSchemePlugin
MFCreateFileBlockMap
MFCreateFileSchemePlugin
MFCreateHttpSchemePlugin
MFCreateLPCMByteStreamPlugin
MFCreateMP3ByteStreamPlugin
MFCreateMP3MediaSink
MFCreateMPEG4MediaSink
MFCreateMediaProcessor
MFCreateMediaSession
MFCreateNSCByteStreamPlugin
MFCreateNetSchemePlugin
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationDescriptorFromASFProfile
MFCreateProxyLocator
MFCreateRemoteDesktopPlugin
MFCreateSAMIByteStreamPlugin
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSecureHttpSchemePlugin
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSourceResolver
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateUrlmonSchemePlugin
MFCreateVideoRenderer
MFCreateVideoRendererActivate
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetMultipleServiceProviders
MFGetService
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetTopoNodeCurrentType
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MFTranscodeGetAudioOutputAvailableTypes
MergePropertyStore

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7c0b42d030587a27636a0c1446cd45a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

ntdll

mfplat

kernel32

version

user32

advapi32

ole32

oleaut32

rpcrt4

shlwapi

ksuser

avrt

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.data Size: 93KB - Virtual size: 92KB

.pdata Size: 154KB - Virtual size: 154KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 93KB - Virtual size: 92KB

.pdata
Size: 154KB - Virtual size: 154KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 44KB - Virtual size: 43KB