554933b0bbb09b72c82f66e0d681c36aefb7ac34d3517f207a26826238b4612b

Sharing

Copy URL Twitter E-mail

General

Target

554933b0bbb09b72c82f66e0d681c36aefb7ac34d3517f207a26826238b4612b
Size

378KB
MD5

e77607562528da2f2edfc8c914d85e59
SHA1

a4bf8ce30ab6e80f852be9992700073074c93ebd
SHA256

554933b0bbb09b72c82f66e0d681c36aefb7ac34d3517f207a26826238b4612b
SHA512

b410b02fde86a317710b03a3be5b5c72a2e5625664b5adc4115737ae71d3967f5d402146d20a171cb9dfcb443da7f1dbb6893023692549f991d06463f53fe80d
SSDEEP

6144:9zTQ3+WLDiGw9rpBdWTqMCnMj+XI0964jihp4SnQn1:V8uWi9dWTRWXr96+SQn1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
554933b0bbb09b72c82f66e0d681c36aefb7ac34d3517f207a26826238b4612b

Files

554933b0bbb09b72c82f66e0d681c36aefb7ac34d3517f207a26826238b4612b
.dll regsvr32 windows:6 windows x86 arch:x86

a627d6ff78a291fafd684718d77d6204

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audiodev.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wtoi
memcpy
_vsnwprintf
memset

kernel32

FileTimeToLocalFileTime
DosDateTimeToFileTime
GetModuleHandleA
lstrlenA
GetVersionExA
DeviceIoControl
GlobalFree
GlobalReAlloc
GlobalAlloc
InterlockedIncrement
LocalAlloc
LocalFree
GetLastError
lstrlenW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
Sleep
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetExitCodeThread
CreateThread
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
SetFilePointer
DeleteFileW
UnmapViewOfFile
CreateFileW
GetTempPathW
ReadFile
lstrcmpiW
lstrcmpW
GlobalUnlock
GlobalSize
GetCurrentProcessId
ActivateActCtx
CreateActCtxW
GetModuleFileNameW
ReleaseActCtx
DeactivateActCtx
GetModuleHandleW
FileTimeToSystemTime
FormatMessageW
HeapAlloc
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
SetEvent
WaitForMultipleObjects
CreateEventW
GetNumberFormatW
GetLocaleInfoW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalLock
GetCurrentThreadId
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RegSetValueExA
RegCreateKeyExA
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA

advapi32

RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA

user32

DialogBoxParamW
RegisterClipboardFormatW
GetShellWindow
LoadMenuW
GetMenuItemCount
GetMenuItemInfoW
CreatePopupMenu
GetMenuDefaultItem
DestroyWindow
GetLastActivePopup
SwitchToThisWindow
GetClassNameW
GetWindowThreadProcessId
SendMessageTimeoutW
GetWindow
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
WinHelpW
SendDlgItemMessageW
SetTimer
KillTimer
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
GetWindowLongW
SetWindowLongW
EndDialog
LoadIconW
LoadStringW
SetDlgItemTextW
ShowWindow
SetFocus
DefWindowProcW
GetDlgItem
PostMessageW
CopyImage
RemoveMenu
GetSubMenu
CharNextA
CharNextW
GetSystemMetrics
DestroyIcon
SendMessageW
FindWindowW

shell32

ord750
SHGetPathFromIDListW
SHBindToParent
ord23
ord743
SHGetSettings
SHParseDisplayName
ExtractIconExW
ord152
ord19
ord67
ord74
ord18
ord16
SHGetFileInfoW
ord25
ord6
ord256
ord701
SHChangeNotify
ord21
ord155
ord17
SHGetDesktopFolder

shlwapi

ord10
ord8
ord9
StrRetToBufW
SHStrDupW
ord487
SHQueryValueExW
ord174
SHGetThreadRef
StrToIntW
StrDupW
ord7
PathRemoveFileSpecW
PathCombineW
PathAppendW
ord219
ord158
StrRChrW
ord199
AssocCreate
StrCmpLogicalW
ord16
StrFormatByteSizeW
ord168
ord176
ord388
PathFindExtensionW
ord354
PathFindFileNameW
ord172
StrCmpIW
PathRemoveBlanksW
StrFormatKBSizeW
StrCmpW

wmvcore

WMCreateEditor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_CDefFolderMenu_MergeMenu@16
_CIDLData_CreateFromIDArray@16
_GUIDFromStringW@8
_GetUIVersion@0
_ParseURLW@8
_SHAnsiToUnicode@12
_SHCoCreateInstanceAC@20
_SHGetMenuFromID@8
_SHGetObjectCompatFlags@8
_SHInvokeCommandOnContextMenu@20
_SHLoadRegUIStringW@16
_SHStringFromGUIDW@12
_SHUnicodeToAnsi@12

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a627d6ff78a291fafd684718d77d6204

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

shell32

shlwapi

wmvcore

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 146KB - Virtual size: 145KB

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 146KB - Virtual size: 145KB