6d84541158554917647369556a797bcc1b59b92aed2e614ac0e5f83994d65b27

Sharing

Copy URL Twitter E-mail

General

Target

6d84541158554917647369556a797bcc1b59b92aed2e614ac0e5f83994d65b27
Size

980KB
MD5

6b2919aa7dffe3aebabf5d3f1432ddf8
SHA1

9021baa6840d7ce406f099638a5b8f026fc82754
SHA256

6d84541158554917647369556a797bcc1b59b92aed2e614ac0e5f83994d65b27
SHA512

2260bf0a1af8b1eb77336088789d5f6a6eff0c5843e82388184d478abfed07a5f4323822b08f4acd4d9e9fdaa25db969c12e1d81f2e4346aba37735464dfad22
SSDEEP

24576:WZCI5vggkLQn1mQJWuRrBobfBCNxAk3RegnT4dkIjJ4:gCI5vgLL4Wb8Le8T4dxjS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d84541158554917647369556a797bcc1b59b92aed2e614ac0e5f83994d65b27

Files

6d84541158554917647369556a797bcc1b59b92aed2e614ac0e5f83994d65b27
.dll windows:4 windows x86 arch:x86

b973a57a519d862a1a795d990e7be3fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\ace\x86\ship\0\aceexcl.pdb

Imports

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoCreateInstance
CoInitialize
StgCreateDocfile
StgOpenStorage
OleInitialize
OleUninitialize

msvcr80

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
fopen_s
fwprintf_s
fclose
vsprintf_s
wcscpy_s
vswprintf_s
_wassert
_stricmp
_wfullpath
__RTDynamicCast
_recalloc
wcsncpy_s
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
memcpy_s
towlower
wcsstr
iswctype
memcmp
wcsrchr
toupper
_wcslwr_s
fabs
floor
_ecvt_s
atoi
_wsplitpath_s
_CxxThrowException
__CxxFrameHandler3
strlen
memmove
wcstoul
tolower
malloc
free
memset
memcpy
wcstok_s
labs
_wtoi
wcspbrk
wcscmp
_wcsnicmp
wcschr
abs
_vsnwprintf
wcslen

msvcp80

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

advapi32

RegQueryValueExA
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA

kernel32

HeapFree
GetTempPathA
GetTempFileNameA
CreateProcessA
GetProcessHeap
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
LoadLibraryA
GetSystemDirectoryW
LoadLibraryW
SetCurrentDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
GetFileAttributesW
GetFullPathNameW
GetTempPathW
DeleteFileW
CreateFileW
HeapAlloc
RaiseException
lstrcmpiW
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
DeleteCriticalSection
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalSize
GetSystemTimeAsFileTime
lstrlenW
lstrlenA
GetProcAddress
FreeLibrary
GetCurrentProcessId
SetFilePointer
WriteFile
CloseHandle
GetLastError
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
GlobalFree
GlobalUnlock
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetThreadLocale
LocalAlloc
ReadFile
DisableThreadLibraryCalls
GetACP
IsValidCodePage
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GlobalLock
GlobalAlloc

oleaut32

VarBstrCmp
VarI2FromStr
SysFreeString
SafeArrayDestroy
VarR8FromCy
SafeArrayGetElement
VariantInit
VariantClear
SafeArrayPutElement
SafeArrayCreate
SysAllocString
VarCyFromR8
VarUdateFromDate
VarR8FromDec
VarR8FromStr
VarDecFromR8
VarBstrFromR8
SysStringLen
VariantChangeType
GetActiveObject
SysAllocStringLen

user32

CharUpperW
CharNextW
OpenClipboard
UnregisterClassA
SendMessageW
GetClassNameW
EnumWindows
CloseClipboard
GetClipboardData
RegisterClipboardFormatW

Exports

Exports

DllGetClassObject

Sections

.text
Size: 540KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b973a57a519d862a1a795d990e7be3fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

msvcr80

msvcp80

advapi32

kernel32

oleaut32

user32

Exports

Exports

Sections

.text Size: 540KB - Virtual size: 538KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 20KB - Virtual size: 16KB

.reloc Size: 400KB - Virtual size: 400KB

.text
Size: 540KB - Virtual size: 538KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 400KB - Virtual size: 400KB