203ed9fc0abacee67337ff87fc342fac80797f5dfcd2a652c4337c1582028444

Sharing

Copy URL Twitter E-mail

General

Target

203ed9fc0abacee67337ff87fc342fac80797f5dfcd2a652c4337c1582028444
Size

35KB
MD5

7444ee44d3f637da489f3f658907a42b
SHA1

980ad6a42e17d44fc6b43a2247f87b53f15f0123
SHA256

203ed9fc0abacee67337ff87fc342fac80797f5dfcd2a652c4337c1582028444
SHA512

2a8fcad4fc40bb6fa9dac520283c4feb75685e1c251ba435a729829f27886f5f2d66fb66b6c6d2bff7bd0d373a65b56c16a072407f7b2cd446953ebd1e8a9222
SSDEEP

768:YOWBRAsKzxp3B1YVfXknKENF+KviitTrs7:ZwRD8xv14snKENF3TA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
203ed9fc0abacee67337ff87fc342fac80797f5dfcd2a652c4337c1582028444

Files

203ed9fc0abacee67337ff87fc342fac80797f5dfcd2a652c4337c1582028444
.dll windows:5 windows x86 arch:x86

59dbd9c63a11b713d9c0ae334e7b2e8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\ImageMagick\VisualMagick\bin\IM_MOD_RL_dds_.pdb

Imports

core_rl_magickcore_

GetExceptionMessage
ThrowMagickException
TransformImageColorspace
DestroyBlob
LocaleCompare
LocaleNCompare
DestroyString
IsStringTrue
CopyMagickString
ResizeImage
AcquireImage
DestroyImage
SetImageExtent
AcquireNextImage
SetImageType
ReferenceBlob
EOFBlob
ReadBlobByte
CloseBlob
OpenBlob
SeekBlob
WriteBlob
WriteBlobByte
WriteBlobLSBLong
ReadBlobLSBLong
ReadBlobShort
ReadBlobLSBShort
GetVirtualPixels
SyncAuthenticPixels
QueueAuthenticPixels
LogMagickEvent
RegisterMagickInfo
UnregisterMagickInfo
AcquireMagickInfo
DestroyImageList
GetFirstImageInList
GetNextImageInList
SyncNextImageInList
ResetMagickMemory
GetImageOption
GetMagickResourceLimit

msvcr120

free
_malloc_crt
_initterm
_initterm_e
_amsg_exit
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
__CppXcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
floor
ceil
_libm_sse2_sqrt_precise
strtoul
_lock
_errno

vcomp120

_vcomp_leave_critsect
_vcomp_fork
_vcomp_for_dynamic_next
_vcomp_for_dynamic_init
_vcomp_enter_critsect
_vcomp_set_num_threads

kernel32

IsDebuggerPresent
EncodePointer
DecodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsProcessorFeaturePresent

Exports

Exports

RegisterDDSImage
UnregisterDDSImage

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59dbd9c63a11b713d9c0ae334e7b2e8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

core_rl_magickcore_

msvcr120

vcomp120

kernel32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 892B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 892B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB