f1cc68d84d0db113f6dbbe3ba7acc8a406f74f536de8dc0ab0ed29367d577fdb

General

Target

f1cc68d84d0db113f6dbbe3ba7acc8a406f74f536de8dc0ab0ed29367d577fdb
Size

114KB
MD5

1fb597e4f43d99d28ccdd947b2d43ef3
SHA1

a1307c9efbd84d3f5dac4b6e928c1ee2cfe3883e
SHA256

f1cc68d84d0db113f6dbbe3ba7acc8a406f74f536de8dc0ab0ed29367d577fdb
SHA512

a64b2212a3c391c908f534aa5736d8b282d51a7209f5e71d3640833cd356b6159ef62d81e409fe58bafb9594f8d3e25b99ddc17e397573e50cf5032c0055e789
SSDEEP

96:MiQ/jUNd+ru3zNdJvEuILxJWdQAVLEWpx8vgWwGuH:MiQbUd7ZdJvrIL3WSAVQW/8vgWk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1cc68d84d0db113f6dbbe3ba7acc8a406f74f536de8dc0ab0ed29367d577fdb

Files

f1cc68d84d0db113f6dbbe3ba7acc8a406f74f536de8dc0ab0ed29367d577fdb
.dll regsvr32 windows:6 windows x86 arch:x86

e66922fdf1da6cd2a5da15bae435aeff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmadmod.pdb

Imports

msvcrt

calloc
wcscmp
memmove
malloc
free
iswspace

kernel32

InterlockedExchange
LocalFree
TlsGetValue
GetCurrentThreadId
GetVersionExA
GetModuleHandleW
GetProcAddress
LoadLibraryA
DeviceIoControl
GetProcessHeap
HeapAlloc
LocalAlloc
TlsSetValue
GetSystemInfo
TlsAlloc
InterlockedIncrement
GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLocalTime
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
HeapFree
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
Sleep
InterlockedDecrement
GetCurrentProcess

advapi32

RegCreateKeyExA
GetUserNameA
RegSetValueA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA

ole32

ord101
ord102

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e66922fdf1da6cd2a5da15bae435aeff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 110KB

.data Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 522B

.text
Size: 110KB - Virtual size: 110KB

.data
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 522B