394af049e3170e30a018b97de3ecbdd24584a3c5324d0f270f8da0490f799522

Sharing

Copy URL

Twitter E-mail

General

Target

394af049e3170e30a018b97de3ecbdd24584a3c5324d0f270f8da0490f799522
Size

381KB
MD5

c60e49c9be6a86e3320a43778410ffc1
SHA1

794055a2b4b045edc52ff5d411a97e5c6eaa46a1
SHA256

394af049e3170e30a018b97de3ecbdd24584a3c5324d0f270f8da0490f799522
SHA512

eaf36f45c6baff3d00a1f667ac72fed5bf07751d5c8a9801dc737353f2e15d3aaec14cd254bd04785ab88fa94a787681f1ecefe26377910e61d3949780bb665c
SSDEEP

6144:0Ii3GXyTXyDibCXoHPsxV7GqAiCnMj+fpG8+ihp86tycIZ:5inTXyDRoHLq9WfpGjZc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
394af049e3170e30a018b97de3ecbdd24584a3c5324d0f270f8da0490f799522

Files

394af049e3170e30a018b97de3ecbdd24584a3c5324d0f270f8da0490f799522
.dll regsvr32 windows:10 windows x86 arch:x86

f20f87d2987f61aa73320d8a93b06bb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audiodev.pdb

Imports

msvcrt

memcpy
_except_handler4_common
_vsnwprintf
malloc
free
_amsg_exit
wcsnlen
strnlen
memcmp
_XcptFilter
_wtoi
_initterm
memset

kernel32

RegSetValueExW
FreeEnvironmentStringsA
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetLocalTime
FreeEnvironmentStringsW
GetVersionExW
DeviceIoControl
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
GlobalReAlloc
LocalFree
GetLastError
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateThread
GetExitCodeThread
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
DeleteFileW
GetTempPath2W
CreateFileW
CreateFileMappingW
MapViewOfFile
ReadFile
SetFilePointer
lstrcmpW
RegCreateKeyExW
GlobalSize
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetModuleFileNameW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx
GetModuleHandleW
GetLocaleInfoEx
GetUserPreferredUILanguages
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
SetEvent
CreateEventW
WaitForMultipleObjects
FormatMessageW
GetLocaleInfoW
GetNumberFormatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
ResolveDelayLoadedAPI
lstrcmpiW
DelayLoadFailureHook

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

user32

GetShellWindow
GetSubMenu
LoadMenuW
DialogBoxParamW
GetDlgItem
GetMenuItemCount
GetMenuItemInfoW
RegisterClipboardFormatW
DestroyWindow
GetLastActivePopup
SwitchToThisWindow
SendMessageTimeoutW
GetWindowThreadProcessId
GetClassNameW
GetWindow
FindWindowW
CreateWindowExW
RegisterClassW
LoadCursorW
GetClassInfoW
SetWindowTextW
KillTimer
SetTimer
WinHelpW
SendDlgItemMessageW
DestroyMenu
TrackPopupMenu
SetMenuDefaultItem
CopyImage
DestroyIcon
PostMessageW
SetFocus
ShowWindow
SetDlgItemTextW
LoadStringW
LoadIconW
SetWindowLongW
EndDialog
SendMessageW
RemoveMenu
GetWindowLongW
DefWindowProcW

shlwapi

StrToIntW
ord174
SHGetThreadRef
SHStrDupW
StrRetToBufW
ord10
ord7
ord9
ord8
StrFormatKBSizeW
PathRemoveBlanksW
StrCmpW
ord172
ord354
PathFindExtensionW
PathFindFileNameW
ord388
StrCmpIW
ord168
ord176
AssocCreate
ord199
StrFormatByteSizeW
ord16
StrCmpLogicalW
StrRChrW
ord158
ord219
PathRemoveFileSpecW
PathAppendW
PathCombineW

wmvcore

WMCreateEditor

ntdll

RtlGetPersistedStateLocation

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_CDefFolderMenu_MergeMenu@16
_CIDLData_CreateFromIDArray@16

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f20f87d2987f61aa73320d8a93b06bb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

shlwapi

wmvcore

ntdll

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 147KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 296B

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 147KB - Virtual size: 146KB

.text
Size: 148KB - Virtual size: 147KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 296B

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 147KB - Virtual size: 146KB