a30c5db8c319b80f48403e726e288441830fd4987cda049ee75c3b711dc4a4ae

Sharing

Copy URL

Twitter E-mail

General

Target

a30c5db8c319b80f48403e726e288441830fd4987cda049ee75c3b711dc4a4ae
Size

342KB
MD5

70ed42e0138e5275658a83b85845869b
SHA1

da1756edc323181f588774b7e59655b915b69c7b
SHA256

a30c5db8c319b80f48403e726e288441830fd4987cda049ee75c3b711dc4a4ae
SHA512

1e956d4f532c2ffada9369f26f9c6481d720900754d1a1a27bdc50394cb6560f2552f9c2bca6cbaa11f2ce758d055571b21b5ea325d3e063d927dfe36bc4da14
SSDEEP

6144:sOy99WQqrgp8QBzrMOwv7/4rDuyvGnmtD6BtBV+UdvrEFp7hKbkj:sOy99WQCUrnLMBtBjvrEH7kkj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a30c5db8c319b80f48403e726e288441830fd4987cda049ee75c3b711dc4a4ae

Files

a30c5db8c319b80f48403e726e288441830fd4987cda049ee75c3b711dc4a4ae
.dll regsvr32 windows:5 windows x86 arch:x86

6e8e2dd13793a9d54b70de76aa097a10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

inkdiv.pdb

Imports

msvcrt

realloc
free
swprintf
__CxxFrameHandler
??2@YAPAXI@Z
_onexit
__dllonexit
memmove
qsort
_vsnwprintf
wcscmp
wcstod
_purecall
wcslen
_CIfmod
_CIexp
??3@YAXPAX@Z
_snprintf
_vsnprintf
strncpy
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
_initterm
malloc
_ftol
_beginthreadex
_wtoi
_CIpow

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

atl

ord11
ord10
ord58
ord32
ord30
ord15
ord23
ord57
ord18
ord21
ord16

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
TerminateProcess
UnhandledExceptionFilter
CompareFileTime
IsBadStringPtrW
OutputDebugStringA
lstrcatA
lstrlenA
GetLocalTime
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
CreateMutexW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
lstrlenW
MultiByteToWideChar
ResetEvent
SetEvent
IsBadReadPtr
WaitForSingleObject
CreateEventW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TryEnterCriticalSection
IsBadWritePtr
ReleaseMutex
QueryPerformanceCounter
SetUnhandledExceptionFilter

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoFileTimeNow
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoCreateInstance

oleaut32

DispCallFunc
VariantCopy
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocString
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantClear
SysFreeString
LoadRegTypeLi
SysStringLen
SysAllocStringLen

user32

SetRectEmpty
UnionRect

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

rtutils

TracePutsExA
TraceRegisterExA
TraceDeregisterW

Exports

Exports

AddOneStroke
CallDivide
CallDivideResults
CallDivideResultsStrokeIds
CreateInkDivider
DeleteInkDivider
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RecognizerContextSet
RemoveStrokes
SetLineHeight
SetLineRecoCallback

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e8e2dd13793a9d54b70de76aa097a10

Headers

File Characteristics

PDB Paths

Imports

msvcrt

msvcp60

atl

kernel32

ole32

oleaut32

user32

advapi32

rtutils

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 175KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 7KB - Virtual size: 7KB