c9bb93ca6e58653ccd906bad72034142d49ac81e6f55b4ab6557b43ed626cd03

Sharing

Copy URL Twitter E-mail

General

Target

c9bb93ca6e58653ccd906bad72034142d49ac81e6f55b4ab6557b43ed626cd03
Size

860KB
MD5

150f2edba0cb7f5c7dcc3af1b8f9b0a4
SHA1

624cffa3e0f20f18787ef4bab2201f0ef02c9073
SHA256

c9bb93ca6e58653ccd906bad72034142d49ac81e6f55b4ab6557b43ed626cd03
SHA512

24e6967889928c7ad9047f6c25f310fc90ecceb582599d51a9c18bf5465873c393fb589cee7823235dc1c8465c9e4d543c366f0760dda291fcf776ed29e2fb6d
SSDEEP

12288:fWPRRd0EFC4Y0PFauOe3CC/oh0xQyYePACl+WMw8mD:uzWEFC8FF5Ah0xQywClh58e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9bb93ca6e58653ccd906bad72034142d49ac81e6f55b4ab6557b43ed626cd03

Files

c9bb93ca6e58653ccd906bad72034142d49ac81e6f55b4ab6557b43ed626cd03
.dll regsvr32 windows:5 windows x86 arch:x86

f552ff115eabcac2b3bd7cb5abe07cab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\code\Fun Player\Rel2.8.6\src\toolkits\bin\Release\Abigale.pdb

Imports

kernel32

MultiByteToWideChar
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
lstrlenW
OpenMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetNativeSystemInfo
GetModuleFileNameW
GetVersionExW
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
SetEndOfFile
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetModuleHandleA
CloseHandle
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetLocaleInfoW
HeapCreate
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsGetValue
InterlockedExchangeAdd
lstrlenA
WideCharToMultiByte
MoveFileExW
WriteFile
InitializeCriticalSection
CreateFileW
DeleteFileW
GetSystemTimeAsFileTime
CreateFileA
CreateDirectoryA
GetFileSizeEx
GetTickCount
SetFilePointer
GetCurrentThreadId
GetCurrentProcessId
ReadFile
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
Sleep
InterlockedExchange
ExitThread
GetCommandLineA
GetTimeFormatA
GetDateFormatA
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
CreateThread

user32

GetProcessWindowStation
CharNextW
MessageBoxA
GetUserObjectInformationW
wsprintfW
PostThreadMessageW
GetMessageW

advapi32

RegisterEventSourceA
DeregisterEventSource
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
ReportEventA

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
LoadTypeLi
LoadRegTypeLi

shlwapi

PathFileExistsA
PathIsDirectoryA
SHSetValueW

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpOpen
WinHttpConnect

Exports

Exports

??0WeakPtrBase@internal@base@@QAE@ABV012@@Z
??0WeakReference@internal@base@@QAE@ABV012@@Z
??0WeakReferenceOwner@internal@base@@QAE@ABV012@@Z
??4HttpEngine@util@@QAEAAV01@ABV01@@Z
??4WeakPtrBase@internal@base@@QAEAAV012@ABV012@@Z
??4WeakReference@internal@base@@QAEAAV012@ABV012@@Z
??4WeakReferenceOwner@internal@base@@QAEAAV012@ABV012@@Z
?HasOneRef@RefCountedBase@subtle@base@@QBE_NXZ
?HasRefs@WeakReferenceOwner@internal@base@@QBE_NXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 597KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f552ff115eabcac2b3bd7cb5abe07cab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

Exports

Exports

Sections

.text Size: 597KB - Virtual size: 596KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 13KB - Virtual size: 29KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 597KB - Virtual size: 596KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 43KB - Virtual size: 43KB