748e274b6350a3c71f57bd81fbf09fce32e4385f1d8b3936314c2cee73e46c9d

Sharing

Copy URL Twitter E-mail

General

Target

748e274b6350a3c71f57bd81fbf09fce32e4385f1d8b3936314c2cee73e46c9d
Size

845KB
MD5

e0a7c28fa9e1f93ed279e65e8cb4d266
SHA1

f6a4527f7d4b46a81d61192896edc22d72fdc620
SHA256

748e274b6350a3c71f57bd81fbf09fce32e4385f1d8b3936314c2cee73e46c9d
SHA512

b27b41587baf5d8179fc2d775b8e28dcda6c1801d7079eb6c9ff74de3f0c923c5d949e0a37b3431f362bc6262c49d76c797497fe55717c621b0c5f47cfbef760
SSDEEP

24576:pMmSXV9vCItoqd4R5ceyt5Hwg5g2PfXo1jk:poV9v1zHw6PPfX4j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
748e274b6350a3c71f57bd81fbf09fce32e4385f1d8b3936314c2cee73e46c9d

Files

748e274b6350a3c71f57bd81fbf09fce32e4385f1d8b3936314c2cee73e46c9d
.dll windows:10 windows x86 arch:x86

90bb1bb5318a1fa666558be2bebbcbc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3d8.pdb

Imports

msvcrt

wcscpy_s
memcpy
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
floor
_initterm
_amsg_exit
_XcptFilter
_vsnprintf
_purecall
__CxxFrameHandler3
sscanf_s
_ftol2_sse
_CxxThrowException
_except_handler4_common
strrchr
wcsrchr
atoi
strcpy_s
_wcslwr
_stricmp
malloc
free
_CIsqrt
_CIcos
_CIexp
_CIlog
_CIlog10
_CIpow
memset

user32

RegisterHotKey
GetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
GetWindowThreadProcessId
IsWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowRect
GetKeyState
GetWindowLongA
IsIconic
PostMessageA
SendMessageA
CallWindowProcA
SetWindowLongA
IsZoomed
ShowWindow
IsWindowVisible
GetForegroundWindow
SetWindowPos
SystemParametersInfoA
GetDC
EnumDisplaySettingsA
ReleaseDC
EnumDisplayDevicesA
GetSystemMetrics
OffsetRect
GetWindowInfo
ClientToScreen
DisplayConfigGetDeviceInfo
GetClientRect
SetRect
IntersectRect
GetMonitorInfoA
DefWindowProcA
SetRectEmpty
UnionRect
SetForegroundWindow
GetCursor
DestroyIcon
GetDesktopWindow
GetWindowDC
CreateIconIndirect
GetIconInfo
GetCursorPos
SetCursorPos
UnregisterHotKey
SetCursor

advapi32

RegOpenKeyExA
RegCreateKeyA
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
RegSetValueExA
RegGetValueA
RegCreateKeyExA
SetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
InitializeSid
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSidToSidA
GetLengthSid
AddAccessAllowedAce
RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyA

api-ms-win-core-versionansi-l1-1-0

VerQueryValueA
GetFileVersionInfoExA
GetFileVersionInfoSizeExA

ext-ms-win-rtcore-ntuser-dpi-l1-1-0

SetProcessDpiAwarenessInternal
GetProcessDpiAwarenessInternal

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

ntdll

RtlDllShutdownInProgress
VerSetConditionMask
EtwEventWriteNoRegistration

d3d8thk

OsThunkD3dContextCreate
OsThunkDdDeleteSurfaceObject
OsThunkDdGetDriverInfo
OsThunkD3dContextDestroyAll
OsThunkDdGetFlipStatus
OsThunkDdCanCreateD3DBuffer
OsThunkDdDestroySurface
OsThunkD3dDrawPrimitives2
OsThunkDdFlip
OsThunkDdGetDC
OsThunkDdDestroyD3DBuffer
OsThunkDdCreateSurface
OsThunkDdLock
OsThunkDdCreateD3DBuffer
OsThunkD3dValidateTextureStageState
OsThunkD3dContextDestroy
OsThunkDdGetDriverState
OsThunkDdReleaseDC
OsThunkDdWaitForVerticalBlank
OsThunkDdUnlock
OsThunkDdGetBltStatus
OsThunkDdGetAvailDriverMemory
OsThunkDdQueryDirectDrawObject
OsThunkDdResetVisrgn
OsThunkDdSetExclusiveMode
OsThunkDdLockD3D
OsThunkDdFlipToGDISurface
OsThunkDdAttachSurface
OsThunkDdDeleteDirectDrawObject
OsThunkDdReenableDirectDrawObject
OsThunkDdUnlockD3D
OsThunkDdCanCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdBlt
OsThunkDdGetScanLine
OsThunkDdSetGammaRamp
OsThunkDdCreateSurfaceObject

gdi32

DeleteObject
GetRandomRgn
D3DKMTMakeResident
D3DKMTPresent
D3DKMTEvict
D3DKMTDestroyAllocation2
D3DKMTLock2
D3DKMTCreateAllocation
D3DKMTMapGpuVirtualAddress
D3DKMTDestroyContext
D3DKMTDestroyAllocation
D3DKMTFreeGpuVirtualAddress
D3DKMTCloseAdapter
D3DKMTCreateHwQueue
D3DKMTSharedPrimaryUnLockNotification
D3DKMTRegisterTrimNotification
D3DKMTWaitForSynchronizationObjectFromCpu
D3DKMTUnregisterTrimNotification
D3DKMTGetSharedPrimaryHandle
D3DKMTEscape
D3DKMTSubmitPresentToHwQueue
D3DKMTUnlock2
D3DKMTUpdateAllocationProperty
D3DKMTWaitForSynchronizationObject
D3DKMTDestroySynchronizationObject
D3DKMTSetGammaRamp
D3DKMTCreateSynchronizationObject2
SetStretchBltMode
D3DKMTReclaimAllocations
D3DKMTCreateSynchronizationObject
D3DKMTUpdateGpuVirtualAddress
D3DKMTOpenAdapterFromHdc
D3DKMTDestroyDCFromMemory
D3DKMTOpenResource
D3DKMTDestroyPagingQueue
D3DKMTCreateAllocation2
D3DKMTQueryAllocationResidency
D3DKMTSharedPrimaryLockNotification
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetVidPnSourceOwner
D3DKMTCreateDevice
D3DKMTSubmitCommand
D3DKMTRender
D3DKMTDestroyHwQueue
D3DKMTInvalidateCache
D3DKMTSignalSynchronizationObjectFromGpu
D3DKMTWaitForSynchronizationObjectFromGpu
DeleteDC
D3DKMTSetDisplayMode
D3DKMTSubmitSignalSyncObjectsToHwQueue
D3DKMTSignalSynchronizationObject
D3DKMTReclaimAllocations2
D3DKMTCreateContext
D3DKMTSubmitCommandToHwQueue
D3DKMTCreatePagingQueue
D3DKMTSubmitWaitForSyncObjectsToHwQueue
D3DKMTCreateDCFromMemory
D3DKMTDestroyDevice
D3DKMTReserveGpuVirtualAddress
D3DKMTGetMultisampleMethodList
D3DKMTSignalSynchronizationObjectFromGpu2
D3DKMTSetAllocationPriority
GdiEntry1
GetRegionData
CreateRectRgn
GetDIBits
GetDeviceGammaRamp
GdiEntry13
StretchBlt
CreateCompatibleBitmap
GetDeviceCaps
GetNearestColor
CreateCompatibleDC
SelectObject
CreateDIBitmap
GetObjectA
GetSystemPaletteEntries
D3DKMTGetDisplayModeList
D3DKMTQueryResourceInfo
D3DKMTCreateContextVirtual
D3DKMTSignalSynchronizationObject2
D3DKMTGetScanLine
D3DKMTMarkDeviceAsError
D3DKMTUnlock
D3DKMTLock
D3DKMTOpenResource2
D3DKMTWaitForSynchronizationObject2
D3DKMTSignalSynchronizationObjectFromCpu
CreateDCA
D3DKMTOfferAllocations
D3DKMTGetResourcePresentPrivateDriverData
D3DKMTGetDeviceState
D3DKMTQueryAdapterInfo
BitBlt

kernel32

GetVersionExA
IsProcessorFeaturePresent
WaitForSingleObject
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FormatMessageW
WriteFile
PeekNamedPipe
ReadFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
SetNamedPipeHandleState
GetModuleFileNameA
OutputDebugStringA
ResetEvent
OpenEventW
ReleaseSemaphore
CreateSemaphoreA
GlobalAddAtomA
GetSystemDirectoryA
CreateFileA
MultiByteToWideChar
SetErrorMode
GetCurrentProcess
VerifyVersionInfoA
LoadLibraryExW
GetTickCount
DebugBreak
WideCharToMultiByte
GetModuleHandleW
LoadLibraryW
OutputDebugStringW
Sleep
lstrcmpA
LocalAlloc
GetProcessHeap
GetCurrentProcessId
LocalFree
HeapAlloc
CloseHandle
DisableThreadLibraryCalls
OpenMutexA
GetModuleHandleA
CreateMutexA
HeapFree
ReleaseMutex
GetLastError
GetNativeSystemInfo
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
LeaveCriticalSection
GetCurrentThreadId
InitializeCriticalSection

dwmapi

ord100
DwmIsCompositionEnabled

Exports

Exports

DebugSetMute
Direct3D8EnableMaximizedWindowedModeShim
Direct3DCreate8
ValidatePixelShader
ValidateVertexShader

Sections

.text
Size: 665KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90bb1bb5318a1fa666558be2bebbcbc6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

advapi32

api-ms-win-core-versionansi-l1-1-0

ext-ms-win-rtcore-ntuser-dpi-l1-1-0

api-ms-win-gdi-dpiinfo-l1-1-0

api-ms-win-appmodel-unlock-l1-1-0

ntdll

d3d8thk

gdi32

kernel32

dwmapi

Exports

Exports

Sections

.text Size: 665KB - Virtual size: 664KB

.data Size: 4KB - Virtual size: 20KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 163KB - Virtual size: 163KB

.text
Size: 665KB - Virtual size: 664KB

.data
Size: 4KB - Virtual size: 20KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 163KB - Virtual size: 163KB