62a230d37a398b466e7bd590afc09f3d5c921180b74d592bd792b5125cd4649d

Sharing

Copy URL Twitter E-mail

General

Target

62a230d37a398b466e7bd590afc09f3d5c921180b74d592bd792b5125cd4649d
Size

1.5MB
MD5

1ad53ec8389e19d99c8efc8d6171bf6f
SHA1

e04148d597ee0ac43c65b1f3c16cf16f2cd6dc95
SHA256

62a230d37a398b466e7bd590afc09f3d5c921180b74d592bd792b5125cd4649d
SHA512

0f47600c99f7fa7bf416e6179ae530fd84ac7d3d5a098ede64b3f04bd6f3db992ae7e2c197fc558d00896549c223cc892cf31b09273abd5f852294e52a767842
SSDEEP

24576:w5ZwR+N6zoM9GxDCdAmtnO3OLcx4lOaj:IwR+Ngo3xDaMeLcxi9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62a230d37a398b466e7bd590afc09f3d5c921180b74d592bd792b5125cd4649d

Files

62a230d37a398b466e7bd590afc09f3d5c921180b74d592bd792b5125cd4649d
.exe windows:10 windows x86 arch:x86

40bfe466bbf7e50ab2aa99cbf6ffc575

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TopoEdit.pdb

Imports

kernel32

SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetCurrentThreadId
FindResourceExW
FreeLibrary
LeaveCriticalSection
LoadLibraryExW
LoadResource
LockResource
SizeofResource
LocalFree
FormatMessageW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DelayLoadFailureHook
EnterCriticalSection
HeapSetInformation
SetLastError
GetLastError
RaiseException
CloseHandle
GetFileTime
GetModuleFileNameW
CreateFileW
ResolveDelayLoadedAPI

gdi32

MoveToEx
SelectObject
LineTo
CreateSolidBrush
CreatePen
DeleteObject
CreateFontIndirectW
Rectangle

user32

UpdateWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
LoadCursorW
LoadIconW
GetParent
GetFocus
SetCapture
ReleaseCapture
BeginPaint
EndPaint
LoadMenuW
FillRect
SetClassLongW
LockWindowUpdate
DispatchMessageW
SendMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
DialogBoxParamW
EndDialog
EnableMenuItem
TranslateMessage
GetSysColor
GetDlgItem
SetDlgItemTextW
SendDlgItemMessageW
GetActiveWindow
SetTimer
KillTimer
LoadAcceleratorsW
TranslateAcceleratorW
LoadStringW
DestroyAcceleratorTable
GetMessageW

msvcrt

__wgetmainargs
__set_app_type
__dllonexit
_unlock
_controlfp
_wtol
_lock
_amsg_exit
exit
__p__commode
_XcptFilter
_onexit
realloc
_errno
_callnewh
_wtoi
wcstoul
_ftol2_sse
_wcmdln
?terminate@@YAXXZ
_except_handler4_common
_initterm
_vscwprintf
__setusermatherr
vswprintf_s
__p__fmode
memset
_ftol2
swscanf_s
swprintf_s
_wcsicmp
wcscpy_s
wcschr
memmove_s
memcpy_s
malloc
free
calloc
_cexit
_exit

tedutil

TEDGetAttributeType
TEDGetAttributeName
TEDGetAttributeListLength
TEDGetMTKnownGUIDStrings
TEDGetMTKnownAttributes
TEDGetAttributeTypeFromGUID
TEDMTStringFromGUID
TEDCreateMediaTypeViewer
TEDCreateDataLoader
TEDCreateTopoViewer
TEDGetAttributeCategory

api-ms-win-core-com-l1-1-0

PropVariantClear
CoInitializeEx
CoUninitialize
IIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemFree

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapSize

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetProcAddress
GetModuleHandleW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

mf

MFEnumDeviceSources
MFTranscodeGetAudioOutputAvailableTypes
MFCreateTranscodeTopology
MFCreateTranscodeProfile
MFCreateTopoLoader
MFCreateVideoRendererActivate
MFCreateAudioRendererActivate
MFRequireProtectedEnvironment
MFGetService
MFCreateTopologyNode
MFCreateTopology
MFCreatePMPMediaSession
MFCreateMediaSession

mfplat

MFShutdown
MFCreateAsyncResult
MFInvokeCallback
MFCreateAttributes
MFCreateMediaType
MFStartup
MFTEnumEx
MFCreateSourceResolver

wmvcore

WMCreateReader

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

40bfe466bbf7e50ab2aa99cbf6ffc575

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

msvcrt

tedutil

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

mf

mfplat

wmvcore

Sections

.text Size: 79KB - Virtual size: 78KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 79KB - Virtual size: 78KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB