c8ddc8e2e1ca849b76cef4e56c9211754ac8f55187e8c3b6406dbd2a8c99080d

Sharing

Copy URL Twitter E-mail

General

Target

c8ddc8e2e1ca849b76cef4e56c9211754ac8f55187e8c3b6406dbd2a8c99080d
Size

361KB
MD5

d7144fafee66d78b853aa44183f62a15
SHA1

1b379570b2b19e7df960987166bb92eb071e2323
SHA256

c8ddc8e2e1ca849b76cef4e56c9211754ac8f55187e8c3b6406dbd2a8c99080d
SHA512

f538e351a475b00511fcb18fc2662fdefd3bf79b504d4b8515a3c11a27d4446777531803954987c0c05b07f368b8e52215f788fa985e276972fc2bb9542e763c
SSDEEP

6144:YRTOiz44BXDYMdeqmgmzRNRM7j7WO9eZ9gqU57xU3M7ldZcDDwCb96FVoOnb8n6w:LC4kzYdN66O9es63+RfaI8n51Ua5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8ddc8e2e1ca849b76cef4e56c9211754ac8f55187e8c3b6406dbd2a8c99080d

Files

c8ddc8e2e1ca849b76cef4e56c9211754ac8f55187e8c3b6406dbd2a8c99080d
.dll windows:6 windows x86 arch:x86

c94fc0ee0fdaf7f86776d1eddadc4ac6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Flash.pdb

Imports

shlwapi

PathFindExtensionW
PathCreateFromUrlW

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

InternetCrackUrlA
InternetCrackUrlW

kernel32

GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpA
MultiByteToWideChar
CreateFileW
ReadFile
CloseHandle
GetUserDefaultLangID
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExA
LoadResource
FlushInstructionCache
lstrcmpiA
FindResourceA
IsDBCSLeadByte
CreateFileA
SetFilePointer
WriteFile
GetTempPathA
GetTempFileNameA
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
GetCurrentThreadId
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
DecodePointer
OutputDebugStringA
InitializeSListHead
InterlockedPopEntrySList
GetSystemTimeAsFileTime
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
EncodePointer
QueryPerformanceCounter
GetCurrentProcessId
SizeofResource

user32

RedrawWindow
GetSysColor
FillRect
UnregisterClassA
RegisterWindowMessageA
SendMessageA
DefWindowProcA
CallWindowProcA
OffsetRect
GetWindowLongA
SetWindowLongA
GetDesktopWindow
GetParent
GetClassNameA
GetWindow
LoadCursorA
LoadStringA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
MoveWindow
SetWindowPos
GetDlgItem
CharNextA
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
ScreenToClient
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetClientRect
ClientToScreen
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
BringWindowToTop
ShowWindow
RegisterClassA
PostMessageA
wsprintfA

gdi32

CreateDIBSection
GetObjectA
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt

advapi32

RegQueryValueExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
OleLockRunning
CoUninitialize
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
OleCreateFontIndirect
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocStringLen

urlmon

CoInternetGetSession

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcr120

__clean_type_info_names_internal
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_except_handler4_common
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
memcpy
_time64
swprintf_s
_mbsnbicmp
_wcsicmp
wcscpy
strrchr
_stricmp
srand
rand
??3@YAXPAX@Z
_mbsnbcpy_s
??2@YAPAXI@Z
__CxxFrameHandler3
_CxxThrowException
sprintf_s
wcslen
strlen
memcpy_s
memcmp
_resetstkoflw
_recalloc
calloc
_purecall
memset
??_V@YAXPAX@Z
malloc
free
_mbsstr

Exports

Exports

GetAcrobatMPPInterface

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c94fc0ee0fdaf7f86776d1eddadc4ac6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

urlmon

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 252KB - Virtual size: 252KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 252KB - Virtual size: 252KB