da2eab3ad50faa577b14a623381e9ed46c7a3fa62a28bef36347ff7f2227a93c

Sharing

Copy URL

Twitter E-mail

General

Target

da2eab3ad50faa577b14a623381e9ed46c7a3fa62a28bef36347ff7f2227a93c
Size

459KB
MD5

cf501bd7ae3fb1b497d4a8df4fd10484
SHA1

81eaf05cbae9fec121c5ffd7bd630ff67181c7d8
SHA256

da2eab3ad50faa577b14a623381e9ed46c7a3fa62a28bef36347ff7f2227a93c
SHA512

38c723d85d11aea9ba685b10b592c8094af7cb81212a210c39ccfdf7f5d79089da87611539ba8975b51d331c3d1c1bd7db25b67a5f3467a1a12525107f08015a
SSDEEP

12288:zkWmU5T0rWRhhccFaHEl7zG0OaqNiyQ9T852:zVFV0rohccFbnORmT852

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da2eab3ad50faa577b14a623381e9ed46c7a3fa62a28bef36347ff7f2227a93c

Files

da2eab3ad50faa577b14a623381e9ed46c7a3fa62a28bef36347ff7f2227a93c
.dll windows:6 windows x86 arch:x86

94fa78841cec704c19bdedc40b00eaac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WindowsMedia.pdb

Imports

shlwapi

PathCreateFromUrlA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpA
SetErrorMode
GetUserDefaultLangID
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpiA
FindResourceA
IsDBCSLeadByte
VerSetConditionMask
CreateEventA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetCurrentProcessId
DeviceIoControl
LoadLibraryA
GetVersionExA
GetSystemInfo
LocalAlloc
LocalFree
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
WaitForSingleObject
SetEvent
CloseHandle
GetCurrentThreadId
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
DecodePointer
OutputDebugStringA
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
EncodePointer
VerifyVersionInfoW
GetSystemTimeAsFileTime

user32

RedrawWindow
UnregisterClassA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
KillTimer
BringWindowToTop
ShowWindow
wsprintfA
LoadStringA
LoadCursorA
GetWindow
GetClassNameA
GetParent
GetDesktopWindow
SetWindowLongA
GetWindowLongA
FillRect
GetSysColor
ScreenToClient
ClientToScreen
SetCursor
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SetTimer
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextA
GetDlgItem
SetWindowPos
MoveWindow
DestroyWindow

gdi32

GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteDC
CreateSolidBrush
CreateDIBSection
DeleteObject
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC

advapi32

RegOpenKeyExA
GetUserNameA
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

ole32

CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
OleUninitialize
OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoCreateInstance
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
SysAllocString
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
SysFreeString
VariantClear
VariantInit
SysStringLen
SysAllocStringLen

msvcp120

?_Xbad_alloc@std@@YAXXZ
_Inf
?_Xlength_error@std@@YAXPBD@Z

msvcr120

strcmp
sprintf_s
wcslen
memcpy_s
_resetstkoflw
_recalloc
calloc
wcsncmp
strlen
memcpy
memcmp
malloc
_purecall
__CxxFrameHandler3
_CxxThrowException
??2@YAPAXI@Z
memset
wcscmp
??_V@YAXPAX@Z
free
_mbsnbcpy_s
_mbsstr
?terminate@@YAXXZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_except_handler4_common
_except1
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
??3@YAXPAX@Z
__clean_type_info_names_internal

Exports

Exports

GetAcrobatMPPInterface
WMCreateStreamForURL

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94fa78841cec704c19bdedc40b00eaac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 139KB - Virtual size: 138KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 28KB - Virtual size: 30KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 255KB - Virtual size: 256KB

.text
Size: 139KB - Virtual size: 138KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 255KB - Virtual size: 256KB