d0ac5071bb9ecac268042b24c48f2839078d8b77964becf95264932ab3756e0c

Sharing

Copy URL

Twitter E-mail

General

Target

d0ac5071bb9ecac268042b24c48f2839078d8b77964becf95264932ab3756e0c
Size

564KB
MD5

2f5b8e484045c89acb5be81e2d5a5a8d
SHA1

0aaa2b1fa66e1949725986f8ba0958f35e0acce3
SHA256

d0ac5071bb9ecac268042b24c48f2839078d8b77964becf95264932ab3756e0c
SHA512

b32a5d64c5a6bb35bfbb17a6ecf65f9257fcd45018e9478baf99ef3dc010cf076b3ca948d02b510f53458ea2756afb4c7bf011acc0917815f285ef937f74bcc6
SSDEEP

12288:gRiKW0QyMtfP+WxylHOkWXtTaGbA64YXDbY2wa43YXd64YXDbY2w:uNWxylHOrtT3A64YzbaMd64Yzb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0ac5071bb9ecac268042b24c48f2839078d8b77964becf95264932ab3756e0c

Files

d0ac5071bb9ecac268042b24c48f2839078d8b77964becf95264932ab3756e0c
.dll windows:6 windows x86 arch:x86

9c6aa6cbde9a99f32529e25b9d07b475

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.AV\77660\Release_WDZIP_34\WX\WinRTx86\Release\wd200ZIP.pdb

Imports

kernel32

GetLastError
InterlockedIncrement
InterlockedDecrement
InterlockedExchangeAdd
GetTickCount64
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetProcAddress
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExW
GetFileAttributesExW
LockFileEx
ReadFile
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
UnlockFileEx
WriteFile
CreateFile2
CloseHandle
SetLastError
MoveFileExW
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
GetTimeZoneInformation
GetCurrentThreadId
FormatMessageW
CompareStringEx
LCIDToLocaleName
GetLocalTime
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DecodePointer
GetSystemTimeAsFileTime

vccorlib110

?__abi_WinRTraiseObjectDisposedException@@YGXXZ
?__abi_WinRTraiseDisconnectedException@@YGXXZ
?__abi_WinRTraiseWrongThreadException@@YGXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YGXXZ
?__abi_WinRTraiseChangedStateException@@YGXXZ
?__abi_WinRTraiseOutOfBoundsException@@YGXXZ
?GetActivationFactoryByPCWSTR@@YGJPAXAAVGuid@Platform@@PAPAX@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_WinRTraiseCOMException@@YGXJ@Z
?__abi_WinRTraiseOutOfMemoryException@@YGXXZ
?__abi_WinRTraiseAccessDeniedException@@YGXXZ
?__abi_WinRTraiseFailureException@@YGXXZ
?__abi_WinRTraiseOperationCanceledException@@YGXXZ
?__abi_WinRTraiseNullReferenceException@@YGXXZ
?__abi_WinRTraiseInvalidCastException@@YGXXZ
?__abi_WinRTraiseNotImplementedException@@YGXXZ
?__abi_WinRTraiseInvalidArgumentException@@YGXXZ

msvcr110

__clean_type_info_names_internal
_except_handler4_common
?terminate@@YAXXZ
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
wcschr
wcsncpy
wcsrchr
_wcsicmp
free
malloc
_vsnwprintf
_swprintf
_vsnprintf
memcpy
towupper
_wcsnicmp
rand
srand
realloc
_localtime32
_time32
memset
_snprintf
wcstombs
_lseeki64
_open
_wopen
_errno
memchr
strerror
??_U@YAPAXI@Z
_read
_write
strncmp
wcstok_s
bsearch
qsort
ceil
memmove
wcsncmp
wcsstr
_itow
_wstat32i64
__CxxFrameHandler3
_purecall
strncpy
iswspace
_wtoi
_vswprintf
_close
atof
_lfind
_fcvt
_CxxThrowException
??_V@YAXPAX@Z

msvcp110

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer

Exports

Exports

CommandeComposante
DLLRES_pLoadResourceModule
DeclareProxy
Execution
InfoComposante
TermLibrary
bInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c6aa6cbde9a99f32529e25b9d07b475

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vccorlib110

msvcr110

msvcp110

api-ms-win-core-winrt-string-l1-1-0

Exports

Exports

Sections

.text Size: 285KB - Virtual size: 284KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 14KB - Virtual size: 14KB

minATL Size: 512B - Virtual size: 12B

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 285KB - Virtual size: 284KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 14KB - Virtual size: 14KB

minATL
Size: 512B - Virtual size: 12B

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 23KB - Virtual size: 22KB