518813e9124be78713576966bf7da1a7ff2363aa88bebb5ef422555ad829cf27

Sharing

Copy URL

Twitter E-mail

General

Target

518813e9124be78713576966bf7da1a7ff2363aa88bebb5ef422555ad829cf27
Size

367KB
MD5

bbbe86cfe67198525acaee599db9da58
SHA1

75f5f101942ce8a614825668cc6d32ff92d21a9e
SHA256

518813e9124be78713576966bf7da1a7ff2363aa88bebb5ef422555ad829cf27
SHA512

01153c5406fbac1e1fbcf4f2829b9e965b119f7582122029349f88e28f6859e9db984a8cc2719cd47747e6185bfc5d49394347ccc42be3d1c8896fe916f17743
SSDEEP

6144:hUdavfroIGYJNxJvdCTQu+zBNVdCaUdEarSeVO5MpnzaiHhcDQ0zRbs1NuKj8D5w:hU0frNJNxJ1zBNVEdrrSeVWs3CDrzENR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
518813e9124be78713576966bf7da1a7ff2363aa88bebb5ef422555ad829cf27

Files

518813e9124be78713576966bf7da1a7ff2363aa88bebb5ef422555ad829cf27
.dll regsvr32 windows:5 windows x86 arch:x86

85a4968ec082701f98a6e690f38cf414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResetEvent
CreateSemaphoreW
CreateEventW
GetSystemInfo
QueryPerformanceFrequency
DeleteCriticalSection
ReleaseMutex
CloseHandle
GetModuleFileNameW
WideCharToMultiByte
lstrlenW
GetTimeZoneInformation
SetEnvironmentVariableA
LeaveCriticalSection
GetProcessTimes
InitializeCriticalSection
SetEvent
WaitForSingleObject
EnterCriticalSection
GetCurrentProcess
TryEnterCriticalSection
K32GetProcessMemoryInfo
CreateMutexW
InterlockedDecrement
CompareStringW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
QueryPerformanceCounter
ReleaseSemaphore
InterlockedIncrement
VirtualQuery
VirtualFree
VirtualAlloc
CreateFileA
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
EncodePointer
HeapReAlloc
ExitThread
CreateThread
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeLibrary
LoadLibraryW
SetStdHandle
WriteConsoleW
MultiByteToWideChar
SetFilePointer
CreateFileW
LCMapStringW
GetStringTypeW
SetEndOfFile
GetProcessHeap
ReadFile
LocalFree
SwitchToThread
SetErrorMode
VirtualUnlock
LoadLibraryA
GetDriveTypeW

user32

WindowFromPoint

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegSetValueW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

oleaut32

VariantClear
VariantInit
SysStringByteLen

shlwapi

PathRemoveFileSpecW

mfplat

MFCreateAttributes
MFCreateEventQueue
MFCreateMediaEvent
MFCreateMediaType
MFTUnregister
MFTRegister
MFCreateMemoryBuffer
MFCreateDXGIDeviceManager

d3d9

Direct3DCreate9

propsys

PSCreateMemoryPropertyStore

d3d11

D3D11CreateDevice

evr

MFCreateVideoSampleFromSurface

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85a4968ec082701f98a6e690f38cf414

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

mfplat

d3d9

propsys

d3d11

evr

Exports

Exports

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text Size: 102KB - Virtual size: 104KB

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB

.text
Size: 102KB - Virtual size: 104KB