ea2611a4885e2aae50838fec9e282c51f31071beda77366d54dc3620c9586901

Sharing

Copy URL Twitter E-mail

General

Target

ea2611a4885e2aae50838fec9e282c51f31071beda77366d54dc3620c9586901
Size

784KB
MD5

9881899ac5aca0218a2771957a3a7b25
SHA1

7a3499e2050a56eedeb4a2c94359f8cde1139f54
SHA256

ea2611a4885e2aae50838fec9e282c51f31071beda77366d54dc3620c9586901
SHA512

1fd31b1b6df7a1907a3398d2946324b1b29d57c96e7921f1a3612b3918b84008cd21669c33ed6648426ae678c52bb40a65079ee0e683739b87efce5391043752
SSDEEP

12288:TYD8JLTx2c4ShJ74QRR0IA+Emk3us+RgOY7vZdEzwo+Tg:sD8J3xESX0IA+EBv+2BBYkg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea2611a4885e2aae50838fec9e282c51f31071beda77366d54dc3620c9586901

Files

ea2611a4885e2aae50838fec9e282c51f31071beda77366d54dc3620c9586901
.exe windows:6 windows x86 arch:x86

63bd427b38e8102473b36d26e1103557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\audio_filter_agent-lync\chdtsr\objfre_wlh_x86\i386\CXAPOAgent.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
SetServiceStatus
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerW
RegSetValueExW
RegCreateKeyExW

kernel32

OutputDebugStringA
GetVersionExW
Sleep
ResetEvent
WaitForSingleObject
OutputDebugStringW
SetEvent
GetModuleFileNameW
CreateEventW
FreeLibrary
GetProcAddress
RaiseException
OpenProcess
TerminateProcess
DeleteCriticalSection
ExitProcess
GetLastError
WriteFile
SetFilePointer
lstrcpyW
CreateFileW
LeaveCriticalSection
GetCurrentThreadId
lstrlenW
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DeviceIoControl
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
GetCurrentProcess
GetCommandLineW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LoadLibraryA
LCMapStringW
CreateFileA
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetVersionExA
GetStartupInfoW
RtlUnwind
VirtualProtect

user32

UnregisterClassA
UnregisterDeviceNotification
RegisterWindowMessageW
PostMessageW
LoadIconW
LoadCursorW
RegisterClassExW
FindWindowW
DefWindowProcW
BeginPaint
EndPaint
KillTimer
PostQuitMessage
EnumDisplaySettingsW

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
PropVariantClear

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

winmm

timeGetTime

shlwapi

StrCmpNW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

Exports

Exports

?HDMI_GetCnxtPlaybackAudioDeviceInfo@@YGJPAK@Z
?HDMI_GetDefaultAudioDevice@@YGJPAKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_GetDefaultAudioDeviceFromRegistry@@YGJPAK@Z
?HDMI_SetDefaultAudioDevice@@YGJKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_SetDefaultAudioDeviceToRegistry@@YGJK@Z
?HDMI_SetThirdPartyDefaultAudioDevice@@YGJPAGKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_SetThirdPartySingleHDMIDefaultAudioDevice@@YGJXZ

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63bd427b38e8102473b36d26e1103557

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

ole32

setupapi

winmm

shlwapi

psapi

Exports

Exports

Sections

.text Size: 656KB - Virtual size: 656KB

.data Size: 12KB - Virtual size: 39KB

.rsrc Size: 107KB - Virtual size: 108KB

.text
Size: 656KB - Virtual size: 656KB

.data
Size: 12KB - Virtual size: 39KB

.rsrc
Size: 107KB - Virtual size: 108KB