694873ed491727ea7cfb712e97e86370N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

694873ed491727ea7cfb712e97e86370N.exe
Size

1.3MB
MD5

694873ed491727ea7cfb712e97e86370
SHA1

fb44050c44b796d9cd1128fac82ed1d485810e64
SHA256

5f0681fb28adee38136e44780e11b818354851b7767ddeb4f936bd5cee8feb5c
SHA512

efa4b8d6b56fd375b05333709615272ea73167e92b588e1838bbc6c705b2ec319abb43254f585dd97a360750988fe4d15d74f41925f63969fecdd8338434a7ce
SSDEEP

6144:cPTQ31WLDJGOpgQBdt0qMCnMj+XIt0T+dihpCqDFwP:C8lW3+ct0RWXhTIq54

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
694873ed491727ea7cfb712e97e86370N.exe

Files

694873ed491727ea7cfb712e97e86370N.exe
.dll regsvr32 windows:6 windows x86 arch:x86

a627d6ff78a291fafd684718d77d6204

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audiodev.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wtoi
memcpy
_vsnwprintf
memset

kernel32

FileTimeToLocalFileTime
DosDateTimeToFileTime
GetModuleHandleA
lstrlenA
GetVersionExA
DeviceIoControl
GlobalFree
GlobalReAlloc
GlobalAlloc
InterlockedIncrement
LocalAlloc
LocalFree
GetLastError
lstrlenW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
Sleep
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetExitCodeThread
CreateThread
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
SetFilePointer
DeleteFileW
UnmapViewOfFile
CreateFileW
GetTempPathW
ReadFile
lstrcmpiW
lstrcmpW
GlobalUnlock
GlobalSize
GetCurrentProcessId
ActivateActCtx
CreateActCtxW
GetModuleFileNameW
ReleaseActCtx
DeactivateActCtx
GetModuleHandleW
FileTimeToSystemTime
FormatMessageW
HeapAlloc
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
SetEvent
WaitForMultipleObjects
CreateEventW
GetNumberFormatW
GetLocaleInfoW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalLock
GetCurrentThreadId
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RegSetValueExA
RegCreateKeyExA
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA

advapi32

RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA

user32

DialogBoxParamW
RegisterClipboardFormatW
GetShellWindow
LoadMenuW
GetMenuItemCount
GetMenuItemInfoW
CreatePopupMenu
GetMenuDefaultItem
DestroyWindow
GetLastActivePopup
SwitchToThisWindow
GetClassNameW
GetWindowThreadProcessId
SendMessageTimeoutW
GetWindow
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
WinHelpW
SendDlgItemMessageW
SetTimer
KillTimer
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
GetWindowLongW
SetWindowLongW
EndDialog
LoadIconW
LoadStringW
SetDlgItemTextW
ShowWindow
SetFocus
DefWindowProcW
GetDlgItem
PostMessageW
CopyImage
RemoveMenu
GetSubMenu
CharNextA
CharNextW
GetSystemMetrics
DestroyIcon
SendMessageW
FindWindowW

shell32

ord750
SHGetPathFromIDListW
SHBindToParent
ord23
ord743
SHGetSettings
SHParseDisplayName
ExtractIconExW
ord152
ord19
ord67
ord74
ord18
ord16
SHGetFileInfoW
ord25
ord6
ord256
ord701
SHChangeNotify
ord21
ord155
ord17
SHGetDesktopFolder

shlwapi

ord10
ord8
ord9
StrRetToBufW
SHStrDupW
ord487
SHQueryValueExW
ord174
SHGetThreadRef
StrToIntW
StrDupW
ord7
PathRemoveFileSpecW
PathCombineW
PathAppendW
ord219
ord158
StrRChrW
ord199
AssocCreate
StrCmpLogicalW
ord16
StrFormatByteSizeW
ord168
ord176
ord388
PathFindExtensionW
ord354
PathFindFileNameW
ord172
StrCmpIW
PathRemoveBlanksW
StrFormatKBSizeW
StrCmpW

wmvcore

WMCreateEditor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_CDefFolderMenu_MergeMenu@16
_CIDLData_CreateFromIDArray@16
_GUIDFromStringW@8
_GetUIVersion@0
_ParseURLW@8
_SHAnsiToUnicode@12
_SHCoCreateInstanceAC@20
_SHGetMenuFromID@8
_SHGetObjectCompatFlags@8
_SHInvokeCommandOnContextMenu@20
_SHLoadRegUIStringW@16
_SHStringFromGUIDW@12
_SHUnicodeToAnsi@12

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a627d6ff78a291fafd684718d77d6204

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

shell32

shlwapi

wmvcore

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 146KB - Virtual size: 145KB

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 146KB - Virtual size: 145KB