38c01c941b8a0fc91957049e7ba7220ee73aaca5675edae9942bc329bd62372c

Sharing

Copy URL Twitter E-mail

General

Target

38c01c941b8a0fc91957049e7ba7220ee73aaca5675edae9942bc329bd62372c
Size

236KB
MD5

d5897c27e47ee01e07228cd776b279b8
SHA1

7d6ebb0a8db5cb8e03044e33352ad50fc05517e6
SHA256

38c01c941b8a0fc91957049e7ba7220ee73aaca5675edae9942bc329bd62372c
SHA512

55c1ca5e777ed49225cb6069c2d17448b9599c4d3487ab661b7ef10bfd391f1c8e0fb07e03383eb745bf2f7a0f66bc6ce502c54a21e38321a55f0c44c1df857b
SSDEEP

6144:nmrWygam3n/z15kMKQyoi/JfOMBfc6OEW1:nmfgaaxqoW9OyS1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38c01c941b8a0fc91957049e7ba7220ee73aaca5675edae9942bc329bd62372c

Files

38c01c941b8a0fc91957049e7ba7220ee73aaca5675edae9942bc329bd62372c
.dll windows:5 windows x86 arch:x86

382d30e50ed890f5e6025503a8591867

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libgpac

gf_m4a_get_config
gf_m4a_write_config
gf_f64_tell
gf_bs_read_data
gf_service_disconnect_ack
gf_service_download_new
gf_dm_sess_process
gf_service_download_update_stats
gf_dm_sess_get_stats
gf_dm_sess_get_cache_name
gf_f64_open
gf_dm_sess_abort
gf_service_download_del
gf_service_connect_ack
gf_service_send_packet
gf_modules_get_option
gf_log_tool_level_on
gf_log_lt
gf_log
gf_service_command
gf_sleep
gf_bs_from_file
gf_f64_seek
gf_bs_get_position
gf_bs_available
gf_bs_read_u8
gf_bs_read_int
gf_bs_read_u16
gf_bs_seek
gf_bs_skip_bytes
gf_odf_desc_new
gf_list_add
gf_service_declare_media
gf_odf_desc_esd_new
gf_bs_new
gf_bs_write_int
gf_bs_align
gf_bs_get_content
gf_bs_del
gf_service_check_mime_register
gf_service_register_mime

msvcr100

atof
_strnicmp
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
qsort
_CIlog
_CIcos
_CIsin
_CIsqrt
memmove
_CIpow
sscanf
_gmtime64
_time64
strrchr
memset
free
malloc
_strdup
realloc
memcpy
fclose
strchr
strstr

kernel32

IsDebuggerPresent
DecodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsProcessorFeaturePresent
EncodePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

LoadInterface
QueryInterfaces
ShutdownInterface

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

382d30e50ed890f5e6025503a8591867

Headers

DLL Characteristics

File Characteristics

Imports

libgpac

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 10KB - Virtual size: 10KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 10KB - Virtual size: 10KB

.reloc
Size: 3KB - Virtual size: 3KB