ee2daac060fc7a3477d1bf86c4e8eb60f11c8780ef0e14e803d4cf473244325f

Sharing

Copy URL

Twitter E-mail

General

Target

ee2daac060fc7a3477d1bf86c4e8eb60f11c8780ef0e14e803d4cf473244325f
Size

165KB
MD5

1d130920776c3d164b6e2f4cc01fd902
SHA1

e3f9bf2d2c35f70b67f33754326cf4a211a24bef
SHA256

ee2daac060fc7a3477d1bf86c4e8eb60f11c8780ef0e14e803d4cf473244325f
SHA512

3466341b0add75349f34ef9ee3e98c10caf870276c0d822d57907f143713312a8f0fc19ed176c31a1456b744e2bf5aaccf25ba67ad73b53da0ec41e280df6df8
SSDEEP

1536:Xk1Ut/srv4D1mkRy0aFU5rZsOzBOZxHr4V9Z+v0aguVVU+SKAB/K9OsZt2P70lJ4:XkvaAO5rExHrdVguXSOGPAHmYg6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee2daac060fc7a3477d1bf86c4e8eb60f11c8780ef0e14e803d4cf473244325f

Files

ee2daac060fc7a3477d1bf86c4e8eb60f11c8780ef0e14e803d4cf473244325f
.dll regsvr32 windows:5 windows x86 arch:x86

f379abbfe96b5e8448a957e95b3914d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dsound

DirectSoundEnumerateW

msdmo

DMOEnum
DMOGetName

ntdll

vDbgPrintExWithPrefix

advapi32

RegCloseKey
RegCreateKeyW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

advapi32_vista

RegDeleteTreeW

avicap32

capGetDriverDescriptionW

kernel32

DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
EnumResourceNamesW
FindResourceW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_vsnprintf
abort
bsearch
calloc
free
fwrite
malloc
memcmp
memmove
sprintf
strchr
strcmp
strcpy
strcspn
strncmp
vfprintf
wcschr
wcsncmp

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CreateBindCtx
StringFromGUID2

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
VariantClear
VariantInit

winmm

midiOutGetDevCapsW
midiOutGetNumDevs
waveInGetDevCapsW
waveInGetNumDevs
waveOutGetDevCapsW
waveOutGetNumDevs

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f379abbfe96b5e8448a957e95b3914d8

Headers

File Characteristics

Imports

dsound

msdmo

ntdll

advapi32

advapi32_vista

avicap32

kernel32

msvcrt

ole32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 180B

.rdata Size: 24KB - Virtual size: 24KB

/4 Size: 512B - Virtual size: 20B

.bss Size: - Virtual size: 5KB

.edata Size: 512B - Virtual size: 164B

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

.rossym Size: 92KB - Virtual size: 91KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 180B

.rdata
Size: 24KB - Virtual size: 24KB

/4
Size: 512B - Virtual size: 20B

.bss
Size: - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 164B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB

.rossym
Size: 92KB - Virtual size: 91KB