d3a73bebc24378817c82e36f7e007c8bc7a53564088be73bc11bbdd43ad825a1

Sharing

Copy URL

Twitter E-mail

General

Target

d3a73bebc24378817c82e36f7e007c8bc7a53564088be73bc11bbdd43ad825a1
Size

216KB
MD5

b70bd1bef85f2650afa47f8c66fb2931
SHA1

0bd82564e595e6231a9ff84d3f89eca4ccc12426
SHA256

d3a73bebc24378817c82e36f7e007c8bc7a53564088be73bc11bbdd43ad825a1
SHA512

6fc3c5da8c825dcc4af56852a4959d50a2109fb353a7d7fda66be601c8a7d8ae7ecb26d06a32bc68d81d38d232b9b35a6134e2dbd5a9709a219907d01dbd5b6d
SSDEEP

3072:alNOEQd0Pxaipp7RbSk8N9soUYCmodQihpuqF1MICXBJ3/chw+fzn:ENOErpW/nihpu0U3y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3a73bebc24378817c82e36f7e007c8bc7a53564088be73bc11bbdd43ad825a1

Files

d3a73bebc24378817c82e36f7e007c8bc7a53564088be73bc11bbdd43ad825a1
.dll windows:6 windows x86 arch:x86

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olethk32.pdb

Imports

msvcrt

_lock
__dllonexit
_unlock
_amsg_exit
_onexit
free
malloc
_XcptFilter
memcpy
_except_handler4_common
_initterm
memset

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
TlsAlloc
CompareStringW
lstrlenW
GetModuleFileNameW
TlsSetValue
LocalAlloc
LocalFree
TlsGetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
Sleep
WideCharToMultiByte
AreFileApisANSI
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
MultiByteToWideChar
GetShortPathNameW
InterlockedExchange

gdi32

GetObjectType
DeleteMetaFile

user32

RegisterClipboardFormatW
CharPrevW
AttachThreadInput

ntvdm.exe

ExpLdt

wow32

WOWDirectedYield16
WOWYield16
WOWFreeMetafile
WOWGlobalUnlockFree16
WOWGlobalLock16
WOWGlobalAllocLock16
WOWGlobalFree16
WOWGlobalLockSize16
WOWGlobalUnlock16
CopyDropFilesFrom32
CopyDropFilesFrom16
WOWHandle16
WOWHandle32
WOWCallback16
WOWCallback16Ex
WOWGetVDMPointer

ole32

OleRegGetUserType
CoRevokeClassObject
CoRegisterClassObject
OleInitializeWOW
CoInitializeWOW
CoUninitialize
DllGetClassObjectWOW
ReadOleStg
WriteOleStg
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
CoDisconnectObject
CoLockObjectExternal
CoGetStandardMarshal
CoIsHandlerConnected
CoQueryReleaseObject
CoUnloadingWOW
OleSetMenuDescriptor
CoGetCallerTID
CoGetMalloc
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
UtConvertDvtd32toDvtd16
UtGetDvtd32Info
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleIsCurrentClipboard
SetConvertStg
GetConvertStg
OleSetAutoConvert
OleGetAutoConvert
OleDoAutoConvert
OleConvertOLESTREAMToIStorageEx
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
OleRegEnumVerbs
OleRegEnumFormatEtc
OleRegGetMiscStatus
OleCreateEmbeddingHelper
OleCreateDefaultHandler
CreateOleAdviseHolder
OleLockRunning
OleIsRunning
OleRun
OleDraw
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleNoteObjectVisible
OleSetContainedObject
OleSaveToStream
OleLoadFromStream
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateLink
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
OleQueryCreateFromData
OleQueryLinkFromData
OleUninitialize
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStm
ReadClassStm
WriteClassStg
ReadClassStg
GetRunningObjectTable
CreatePointerMoniker
CreateAntiMoniker
CreateItemMoniker
CreateFileMoniker
GetClassFile
CreateGenericComposite
CreateBindCtx
MonikerCommonPrefixWith
MonikerRelativePathTo
MkParseDisplayName
BindMoniker
CreateDataCache
CreateDataAdviseHolder
StgSetTimes
StgIsStorageILockBytes
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfileOnILockBytes
StgCreateDocfile
CoTreatAsClass
CoGetTreatAsClass
CoRegisterMessageFilter
CoFileTimeNow
CoDosDateTimeToFileTime
CoFileTimeToDosDateTime
CoCreateGuid
CLSIDFromProgID
ProgIDFromCLSID
CoIsOle1Class
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoFreeAllLibraries

Exports

Exports

CSm16ReleaseHandler_Release32
CallbackProcessing_3216
ConvertHr1632Thunk
ConvertHr3216Thunk
ConvertObjDescriptor
IUnknownObj32
IntOpInitialize
IntOpUninitialize
InvokeOn32
ThkAddAppCompatFlag
ThkMgrInitialize
ThkMgrUninitialize
TransformHRESULT_1632
TransformHRESULT_3216

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

ntvdm.exe

wow32

ole32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 67KB - Virtual size: 66KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB