50f2eb48a76641fe4bf58c672c7915dd41db066c5248483b3a777a732b46b094

Sharing

Copy URL Twitter E-mail

General

Target

50f2eb48a76641fe4bf58c672c7915dd41db066c5248483b3a777a732b46b094
Size

1.0MB
MD5

904099698175e20cd946a27b2a7ecb15
SHA1

0cd2ff98640feae62dbd7c42e79839c6936291ff
SHA256

50f2eb48a76641fe4bf58c672c7915dd41db066c5248483b3a777a732b46b094
SHA512

354c3780ddbd6c4a0849bde2ef89e2bed08ed1f8c2b8f45a14a5f4ac0d8ceda855897c974ed3ccf909ebb10ff67b9ebc4e24010bd83bc2da16c11789102eae87
SSDEEP

24576:tPSWTFdMptMW2iJSifi+7eu3THjPL8Ote0msm:tP1TPW1q+z3TP9tj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50f2eb48a76641fe4bf58c672c7915dd41db066c5248483b3a777a732b46b094

Files

50f2eb48a76641fe4bf58c672c7915dd41db066c5248483b3a777a732b46b094
.dll windows:6 windows x86 arch:x86

a93e2f2b153182c308bf12d1b51a124e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\Target\x86\ship\search_filters\x-none\odffilt.pdb

Imports

msvcr100

_wcsnicmp
wcsncmp
iswspace
wcsstr
strncpy_s
malloc
??0exception@std@@QAE@ABQBDH@Z
wcstol
_snprintf_s
srand
rand
_vsnprintf_s
memcpy_s
_snwprintf_s
_mbschr
wcschr
wcscmp
realloc
__lconv_init
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
vswprintf_s
strstr
memcmp
wcsrchr
_wtoi
wcscpy_s
memset
memcpy
__RTDynamicCast
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??_U@YAPAXI@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsncpy_s
memmove
_invalid_parameter_noinfo_noreturn
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler3
??_V@YAXPAX@Z
wcsncat_s
_vscwprintf
??3@YAXPAX@Z

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource

kernel32

CompareStringW
GetShortPathNameW
GetLongPathNameW
GetTempPathW
GetTempFileNameW
DeleteFileW
GetFileType
GetFileSizeEx
CreateFileW
RaiseException
SwitchToThread
lstrlenA
lstrlenW
LocalAlloc
FreeLibrary
LoadLibraryA
IsProcessorFeaturePresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileAttributesW
SetLastError
WideCharToMultiByte
SystemTimeToFileTime
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcmpiW
lstrcmpW
GetProcessHeap
HeapSetInformation
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
VirtualProtect
WerRegisterMemoryBlock
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FileTimeToLocalFileTime
GetNativeSystemInfo
IsWow64Process
CancelIoEx
SetFileTime
GetFileTime
FlushFileBuffers
CreateEventExW
WaitForMultipleObjectsEx
ResetEvent
WriteFile
SetFilePointerEx
SetEndOfFile
CreateEventW
DeviceIoControl
GetOverlappedResult
GetStringTypeExW
IsValidCodePage
MultiByteToWideChar
FileTimeToSystemTime
GetSystemTime
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSemaphore
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionEx
CloseHandle
GetTickCount64
CreateDirectoryW
GetFileAttributesExW
ReadFile
RemoveDirectoryW

query

BindIFilterFromStorage
BindIFilterFromStream

ole32

CoCreateGuid
WriteFmtUserTypeStg
StgOpenStorageOnILockBytes
ReadClassStg
StringFromGUID2
CLSIDFromString
StgCreateDocfileOnILockBytes
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
GetConvertStg

oleaut32

SysStringLen
VariantInit
SysAllocString
SysFreeString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 361KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a93e2f2b153182c308bf12d1b51a124e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

msvcp100

advapi32

kernel32

query

ole32

oleaut32

Exports

Exports

Sections

.text Size: 656KB - Virtual size: 656KB

.data Size: 27KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 361KB - Virtual size: 364KB

.text
Size: 656KB - Virtual size: 656KB

.data
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 361KB - Virtual size: 364KB