ee07d671a5db98170e8f6c4f484aff1b41ef018cbf91a6160127754e216c59cd

Sharing

Copy URL Twitter E-mail

General

Target

ee07d671a5db98170e8f6c4f484aff1b41ef018cbf91a6160127754e216c59cd
Size

216KB
MD5

17d6f371cc8e4b6b96265f6de62d5057
SHA1

84554bfb9c5ff362939e883dc15452db69757d64
SHA256

ee07d671a5db98170e8f6c4f484aff1b41ef018cbf91a6160127754e216c59cd
SHA512

9f1892e23b4ca707bcb792269ff0d0e5645fee4cc189b42931af606eda262130f8cfd46a12760fcb5e8bd37531cac232991c4a0cdc050b2b9747e9ade7e59e6e
SSDEEP

6144:XesHk7JX1YNdwLhxYk5nsHIBOzDo4p1KKra:qJ6wLhxDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee07d671a5db98170e8f6c4f484aff1b41ef018cbf91a6160127754e216c59cd

Files

ee07d671a5db98170e8f6c4f484aff1b41ef018cbf91a6160127754e216c59cd
.dll regsvr32 windows:4 windows x86 arch:x86

4bce04558233ac82d851bb2ab762ace3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

setsockopt
inet_ntoa
recvfrom
WSACleanup
WSAStartup
send
recv
socket
ioctlsocket
closesocket
sendto
htons
inet_addr
connect
gethostbyname
WSAGetLastError
select
__WSAFDIsSet

winmm

waveOutPrepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInClose
waveInStop
waveInUnprepareHeader
waveInOpen
waveOutOpen
waveOutClose
waveOutUnprepareHeader
waveOutReset
timeGetTime
waveOutSetVolume
waveOutWrite

avifil32

AVIStreamWrite
AVIFileCreateStreamW
AVIStreamSetFormat
AVIStreamRelease
AVIFileRelease
AVIFileExit
AVIFileInit
AVIFileOpenW

iphlpapi

GetIpAddrTable

mfc42u

ord803
ord823
ord800
ord858
ord535
ord540
ord6640
ord537
ord922
ord2756
ord2810
ord538
ord3688
ord5261
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord641
ord1634
ord324
ord3621
ord3658
ord2406
ord4229
ord4847
ord4370
ord5276
ord6193
ord6376
ord4704
ord6451
ord755
ord4128
ord4292
ord5784
ord470
ord2371
ord1143
ord1165
ord815
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord4418
ord3665
ord561
ord3947
ord2716
ord6350
ord1213
ord6466
ord1224
ord1869
ord4244
ord2478
ord2679
ord6360
ord543
ord6361
ord4466
ord5494
ord3273
ord3348
ord3676
ord446
ord743
ord1174
ord1223
ord1207
ord2431
ord1686
ord5614
ord994
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord1128
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord2949
ord6051
ord1768
ord2376
ord6366
ord5286
ord2978
ord3143
ord3255
ord4460
ord3264
ord2981
ord3075
ord4076
ord4618
ord5821
ord723
ord3941
ord423
ord2855
ord2533
ord4943
ord4453
ord4496
ord2787
ord1594
ord6026
ord4750
ord4908
ord4907
ord5027
ord4754
ord4782
ord4759
ord4976
ord1884
ord4247
ord1209
ord4564
ord4666
ord4837
ord5005
ord4707
ord6367
ord5282
ord4432
ord3274
ord4619
ord449
ord746
ord2270
ord860
ord940
ord4124
ord5679
ord861
ord6279
ord6278
ord5568
ord2910
ord2806
ord3805
ord4273
ord668
ord2762
ord356
ord925
ord3579
ord825
ord269
ord826
ord600
ord1571
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1568
ord1173
ord1115
ord1129
ord3321
ord5002

msvcrt

printf
memchr
atoi
wcslen
wcscat
_wfopen
sprintf
wcstombs
fclose
wcscmp
strtok
strstr
memmove
__CxxFrameHandler
_vsnprintf
wcsncpy
_CxxThrowException
time
_beginthreadex
_itoa
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_iob
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
free
malloc
getenv
sscanf
fprintf
exit
fread
perror
_errno
strerror
fwrite

kernel32

CreateSemaphoreW
Sleep
WaitForSingleObject
CreateThread
ReleaseSemaphore
CreateDirectoryW
FindFirstFileW
GetTickCount
WideCharToMultiByte
CloseHandle
MultiByteToWideChar
LocalAlloc
LocalFree
GetDiskFreeSpaceExA
CreateEventW
ResetEvent
FindClose
GetModuleFileNameW
GetLocalTime
LeaveCriticalSection
GetLastError
EnterCriticalSection
InitializeCriticalSection
SetEvent
GetPrivateProfileStringW
WritePrivateProfileStringW
DeleteCriticalSection

user32

SendMessageW
FindWindowW
GetSystemMetrics
GetClientRect
SetRect
PostMessageW
InvalidateRect
FillRect
EnableWindow
SetCursor
LoadCursorW
CopyRect
PtInRect
GetCursorPos
ScreenToClient

gdi32

CreatePen
GetStockObject
DeleteObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListA

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantClear
LoadRegTypeLi

msvcp60

?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

dxvideoshow

DXVIDEOSHOW_OpenChannel
DXVIDEOSHOW_InitObject
DXVIDEOSHOW_ReleaseObject
DXVIDEOSHOW_CloseChannel
DXVIDEOSHOW_ShowImage
DXVIDEOSHOW_CreateSubDX
DXVIDEOSHOW_DestroySubDX
DXVIDEOSHOW_StartVideoSubDX
DXVIDEOSHOW_StopVideoSubDX

mjpegcodefunc

MJPEGCODEFUNC_ReleaseDecode
MJPEGCODEFUNC_DecodeVideo
MJPEGCODEFUNC_SetOverlayText
MJPEGCODEFUNC_EncodeVideo
MJPEGCODEFUNC_InitDecode

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bce04558233ac82d851bb2ab762ace3

Headers

File Characteristics

Imports

ws2_32

winmm

avifil32

iphlpapi

mfc42u

msvcrt

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcp60

dxvideoshow

mjpegcodefunc

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 44KB - Virtual size: 41KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 44KB - Virtual size: 41KB

.reloc
Size: 12KB - Virtual size: 8KB