bd646b7176aa6b8866358f371ac4266749a44fffcaf5d625cf9e04f81c9fec19

Sharing

Copy URL Twitter E-mail

General

Target

bd646b7176aa6b8866358f371ac4266749a44fffcaf5d625cf9e04f81c9fec19
Size

92KB
MD5

76570432b9ebc56959b68d53cab7cec9
SHA1

911d02ac5d575af0ffe4c3fe28d6bd27f3080370
SHA256

bd646b7176aa6b8866358f371ac4266749a44fffcaf5d625cf9e04f81c9fec19
SHA512

931d93939cff8e12794b107ef54441e23a9058f505c00fa706090576efc9edc222fdd754648b3288cb1f7daa3f907390aadd380022466e51563c59ba01be9932
SSDEEP

1536:Yvb/e/9JA+nSHX5+ESMoTdbrDZRAulwJitkBnOaFRlzt:YD/eTS9ohzcpp/lzt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd646b7176aa6b8866358f371ac4266749a44fffcaf5d625cf9e04f81c9fec19

Files

bd646b7176aa6b8866358f371ac4266749a44fffcaf5d625cf9e04f81c9fec19
.dll windows:4 windows x86 arch:x86

b4557f4b64aa87f0ef8e915512a7f702

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

leiregexp

?regsubst@RegExp@LEIRegExp@@QAE_NPBDIPADIH@Z
??1RegExp@LEIRegExp@@QAE@XZ
?getErrorPos@RegExp@LEIRegExp@@QBEIXZ
?regcomp@RegExp@LEIRegExp@@QAE_NPBDH@Z
??0RegExp@LEIRegExp@@QAE@PBDH@Z
?regexec@RegExp@LEIRegExp@@QAE_NPBDIH@Z
?getMatchedRange@RegExp@LEIRegExp@@QAE?AUREMatchRange@2@I@Z

ffdraw

?FFDraw_SetTransparent@@YAHHK_N@Z
?FFDraw_FreeTexture@@YAHH@Z
?FFDraw_TextOut@@YAHHHHPBDKHHPAD@Z
?FFDraw_CreateTextureWithFrame@@YAHPAUHWND__@@PADHHHHH@Z
?FFDraw_UnshowTexture@@YAHH@Z
?FFDraw_ShowTexture@@YAHH@Z
?FFDraw_UpdateTexture@@YAHH@Z
?FFDraw_TextOut@@YAHHHHPBDKH@Z
?FFDraw_Rectangle@@YAHHHHHHH_N@Z
?FFDraw_CreateTexture@@YAHPAUHWND__@@PADHHHHH@Z

kernel32

lstrcpyA
lstrcmpA
CreateToolhelp32Snapshot
Module32Next
Module32First
ReadProcessMemory
GetPrivateProfileStringA
lstrlenA
IsBadReadPtr
SetFilePointer
GetOEMCP
GetACP
Process32Next
CloseHandle
IsBadCodePtr
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
Process32First
HeapFree
HeapAlloc
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
SetEnvironmentVariableA
EnterCriticalSection
VirtualAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
GetTimeZoneInformation
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
InitializeCriticalSection
InterlockedExchange
VirtualQuery
LoadLibraryA
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
SetWindowPos
GetWindowRect
GetClientRect
SendMessageA

gdi32

DeleteObject
GetTextExtentPoint32A
DeleteDC
CreateCompatibleDC
CreateFontA
SelectObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetPluginVersion
InitialPlugin
MainCommand
MainLog
MainTimer
UnloadPlugin

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4557f4b64aa87f0ef8e915512a7f702

Headers

File Characteristics

Imports

leiregexp

ffdraw

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB