c50759eb0455f907cd0ffe3ab5680411168af575a8eaaa4a5472f1bfa9f02d38

Sharing

Copy URL Twitter E-mail

General

Target

c50759eb0455f907cd0ffe3ab5680411168af575a8eaaa4a5472f1bfa9f02d38
Size

216KB
MD5

1e5de2d2897a331a0a2a008515c69a98
SHA1

770baca47569e12ce704d92d8f7f24fb417a3d3b
SHA256

c50759eb0455f907cd0ffe3ab5680411168af575a8eaaa4a5472f1bfa9f02d38
SHA512

e65bc1622b25f22a415787c1516f4a7f5fd0f23776a02380db9498efbb80f0103e648293b7216b421f1001bf95dbe5420277c8939d0e3c1d88afd30aa22d7555
SSDEEP

3072:alysAQ93Pxaipdp8RbScJHiHHkyYCmoK6ihpJMrI+XBJG3cuE:EysAcyAHEgihpJMGi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c50759eb0455f907cd0ffe3ab5680411168af575a8eaaa4a5472f1bfa9f02d38

Files

c50759eb0455f907cd0ffe3ab5680411168af575a8eaaa4a5472f1bfa9f02d38
.dll windows:6 windows x86 arch:x86

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olethk32.pdb

Imports

msvcrt

_lock
__dllonexit
_unlock
_amsg_exit
_onexit
free
malloc
_XcptFilter
memcpy
_except_handler4_common
_initterm
memset

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
TlsAlloc
CompareStringW
lstrlenW
GetModuleFileNameW
TlsSetValue
LocalAlloc
LocalFree
TlsGetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
Sleep
WideCharToMultiByte
AreFileApisANSI
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
MultiByteToWideChar
GetShortPathNameW
InterlockedExchange

gdi32

GetObjectType
DeleteMetaFile

user32

RegisterClipboardFormatW
CharPrevW
AttachThreadInput

ntvdm.exe

ExpLdt

wow32

WOWDirectedYield16
WOWYield16
WOWFreeMetafile
WOWGlobalUnlockFree16
WOWGlobalLock16
WOWGlobalAllocLock16
WOWGlobalFree16
WOWGlobalLockSize16
WOWGlobalUnlock16
CopyDropFilesFrom32
CopyDropFilesFrom16
WOWHandle16
WOWHandle32
WOWCallback16
WOWCallback16Ex
WOWGetVDMPointer

ole32

OleRegGetUserType
CoRevokeClassObject
CoRegisterClassObject
OleInitializeWOW
CoInitializeWOW
CoUninitialize
DllGetClassObjectWOW
ReadOleStg
WriteOleStg
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
CoDisconnectObject
CoLockObjectExternal
CoGetStandardMarshal
CoIsHandlerConnected
CoQueryReleaseObject
CoUnloadingWOW
OleSetMenuDescriptor
CoGetCallerTID
CoGetMalloc
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
UtConvertDvtd32toDvtd16
UtGetDvtd32Info
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleIsCurrentClipboard
SetConvertStg
GetConvertStg
OleSetAutoConvert
OleGetAutoConvert
OleDoAutoConvert
OleConvertOLESTREAMToIStorageEx
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
OleRegEnumVerbs
OleRegEnumFormatEtc
OleRegGetMiscStatus
OleCreateEmbeddingHelper
OleCreateDefaultHandler
CreateOleAdviseHolder
OleLockRunning
OleIsRunning
OleRun
OleDraw
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleNoteObjectVisible
OleSetContainedObject
OleSaveToStream
OleLoadFromStream
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateLink
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
OleQueryCreateFromData
OleQueryLinkFromData
OleUninitialize
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStm
ReadClassStm
WriteClassStg
ReadClassStg
GetRunningObjectTable
CreatePointerMoniker
CreateAntiMoniker
CreateItemMoniker
CreateFileMoniker
GetClassFile
CreateGenericComposite
CreateBindCtx
MonikerCommonPrefixWith
MonikerRelativePathTo
MkParseDisplayName
BindMoniker
CreateDataCache
CreateDataAdviseHolder
StgSetTimes
StgIsStorageILockBytes
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfileOnILockBytes
StgCreateDocfile
CoTreatAsClass
CoGetTreatAsClass
CoRegisterMessageFilter
CoFileTimeNow
CoDosDateTimeToFileTime
CoFileTimeToDosDateTime
CoCreateGuid
CLSIDFromProgID
ProgIDFromCLSID
CoIsOle1Class
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoFreeAllLibraries

Exports

Exports

CSm16ReleaseHandler_Release32
CallbackProcessing_3216
ConvertHr1632Thunk
ConvertHr3216Thunk
ConvertObjDescriptor
IUnknownObj32
IntOpInitialize
IntOpUninitialize
InvokeOn32
ThkAddAppCompatFlag
ThkMgrInitialize
ThkMgrUninitialize
TransformHRESULT_1632
TransformHRESULT_3216

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

ntvdm.exe

wow32

ole32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 67KB - Virtual size: 66KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB