17c669441ba286e992f701f9c7bae315beda86776e830d1a127c5b14c672d2c4

Sharing

Copy URL Twitter E-mail

General

Target

17c669441ba286e992f701f9c7bae315beda86776e830d1a127c5b14c672d2c4
Size

166KB
MD5

a4d5e1aa6d2c93217e8a0d011e594e7a
SHA1

b10e32deec51ee303439d5dab5ba866c9ad9c70c
SHA256

17c669441ba286e992f701f9c7bae315beda86776e830d1a127c5b14c672d2c4
SHA512

ff825d144d47ef161a6d4dc6ba9e88a097cdbc463f581ef831f1965f2b55f4db29db00bf573da54f8874d7523eb1b38e40d2e21ff2f1f1d2f4971427f76d72e4
SSDEEP

3072:xzfb2tRM0LK8w7j7s+pHZwp3WG7tGQg/ujakNlixbsPPTNVNypuBdKOKTviKnm+c:Vfb2tRM0m8w7j7sqHZwRWG7tcGjFeyVx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c669441ba286e992f701f9c7bae315beda86776e830d1a127c5b14c672d2c4

Files

17c669441ba286e992f701f9c7bae315beda86776e830d1a127c5b14c672d2c4
.dll windows:5 windows x86 arch:x86

6c800f28942fbb53acc5bc3067d18813

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
CloseHandle
InterlockedDecrement
SetEvent
ResetEvent
CreateEventW
GetLastError
CreateFileW
GetDriveTypeW
Sleep
DeviceIoControl
DeleteFileW
CopyFileExW
lstrlenW
lstrcpynW
lstrcmpiW
WideCharToMultiByte
MultiByteToWideChar
LockFile
CreateFileA
UnlockFile
GetDiskFreeSpaceExW
FindClose
FindFirstFileW
SetVolumeLabelW
WriteFile
SetFilePointer
CreateDirectoryA
GetPrivateProfileIntW
CreateDirectoryW
GetFileAttributesW
WritePrivateProfileStringW
GetTickCount
CompareStringW
GetVolumeInformationW
GetFileAttributesA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
DisableThreadLibraryCalls
InterlockedCompareExchange
InterlockedExchange
OutputDebugStringW
QueryPerformanceCounter
GetCurrentThreadId
QueryPerformanceFrequency
GetStringTypeExW

user32

wsprintfA
SendMessageA
SendNotifyMessageA
EnableWindow
GetWindowLongW
BringWindowToTop
SetWindowLongW
GetDlgItemTextW
IsDlgButtonChecked
GetDlgItem
CheckDlgButton
KillTimer
SetDlgItemTextW
SendDlgItemMessageW
ShowWindow
SetWindowPos
SetTimer
EndDialog
MessageBoxW
CharNextW
wsprintfW
SendMessageW

ole32

CoCreateGuid

tataki

??0SkinBitmap@@QAE@PAKHH_N@Z
?getBits@SkinBitmap@@UAEPAXXZ
??1SkinBitmap@@QAE@XZ
??1DCCanvas@@UAE@XZ
?stretch@SkinBitmap@@QAEXPAVifc_canvas@@HHHH@Z
??0DCCanvas@@QAE@PAUHDC__@@PAVBaseWnd@@@Z
??1BltCanvas@@UAE@XZ
?getBits@BltCanvas@@QAEPAXXZ
??0BltCanvas@@QAE@HHPAUHWND__@@H@Z
Init
Quit

msvcr90

_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
printf
_vsnwprintf
memset
free
memcpy
malloc
wcslen
_strnicmp
fclose
fwrite
_wfopen
??_V@YAXPAX@Z
memmove_s
??_U@YAPAXI@Z
__CxxFrameHandler3
_wcsdup
_wcsicmp
_time64
rand
towupper
_purecall
wcsncpy
_wtoi
strlen
__timezone
_tzset
strstr
wcsrchr
_difftime64
fread
ftell
fseek
fopen
strtoul
_wtoi64
wcscmp
calloc
_unlink
rename
pow
_wtof
wcscpy
wcscat
_wmkdir
srand
wcschr
_wcsnicmp
fprintf
fgetws
log10
realloc
_wunlink
memmove
_i64tow
_gmtime64
wcsftime
_mkgmtime64
_wtof_l
_create_locale
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm

Exports

Exports

winampGetPMPDevicePlugin
winampUninstallPlugin

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c800f28942fbb53acc5bc3067d18813

Headers

File Characteristics

Imports

kernel32

user32

ole32

tataki

msvcr90

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 8KB - Virtual size: 7KB