7b1789f115baa74cac9c52eaea530b67b231881b17405078973f96b83b3e8d92

Sharing

Copy URL Twitter E-mail

General

Target

7b1789f115baa74cac9c52eaea530b67b231881b17405078973f96b83b3e8d92
Size

216KB
MD5

f8e0890206b989f9d9642317a52613f1
SHA1

31b3824d14ddc20f45326ddd5323e1220cdf958b
SHA256

7b1789f115baa74cac9c52eaea530b67b231881b17405078973f96b83b3e8d92
SHA512

d02179931cdf133ce0363887e8b46cfc8cced0e8bc32a08f8d54bf7379530ebf5330bf030720306b84b32c272b4764ac671c766c479c20713fdee3bfd631a0c1
SSDEEP

3072:alSBA1/+Pxaip3KiRbSYYSrSkXXYCmo83ihp6r7wI4XBJpMcUJXb:ESBA8prSsKihp6vKpGL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b1789f115baa74cac9c52eaea530b67b231881b17405078973f96b83b3e8d92

Files

7b1789f115baa74cac9c52eaea530b67b231881b17405078973f96b83b3e8d92
.dll windows:6 windows x86 arch:x86

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olethk32.pdb

Imports

msvcrt

_lock
__dllonexit
_unlock
_amsg_exit
_onexit
free
malloc
_XcptFilter
memcpy
_except_handler4_common
_initterm
memset

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
TlsAlloc
CompareStringW
lstrlenW
GetModuleFileNameW
TlsSetValue
LocalAlloc
LocalFree
TlsGetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
Sleep
WideCharToMultiByte
AreFileApisANSI
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
MultiByteToWideChar
GetShortPathNameW
InterlockedExchange

gdi32

GetObjectType
DeleteMetaFile

user32

RegisterClipboardFormatW
CharPrevW
AttachThreadInput

ntvdm.exe

ExpLdt

wow32

WOWDirectedYield16
WOWYield16
WOWFreeMetafile
WOWGlobalUnlockFree16
WOWGlobalLock16
WOWGlobalAllocLock16
WOWGlobalFree16
WOWGlobalLockSize16
WOWGlobalUnlock16
CopyDropFilesFrom32
CopyDropFilesFrom16
WOWHandle16
WOWHandle32
WOWCallback16
WOWCallback16Ex
WOWGetVDMPointer

ole32

OleRegGetUserType
CoRevokeClassObject
CoRegisterClassObject
OleInitializeWOW
CoInitializeWOW
CoUninitialize
DllGetClassObjectWOW
ReadOleStg
WriteOleStg
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
CoDisconnectObject
CoLockObjectExternal
CoGetStandardMarshal
CoIsHandlerConnected
CoQueryReleaseObject
CoUnloadingWOW
OleSetMenuDescriptor
CoGetCallerTID
CoGetMalloc
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
UtConvertDvtd32toDvtd16
UtGetDvtd32Info
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleIsCurrentClipboard
SetConvertStg
GetConvertStg
OleSetAutoConvert
OleGetAutoConvert
OleDoAutoConvert
OleConvertOLESTREAMToIStorageEx
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
OleRegEnumVerbs
OleRegEnumFormatEtc
OleRegGetMiscStatus
OleCreateEmbeddingHelper
OleCreateDefaultHandler
CreateOleAdviseHolder
OleLockRunning
OleIsRunning
OleRun
OleDraw
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleNoteObjectVisible
OleSetContainedObject
OleSaveToStream
OleLoadFromStream
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateLink
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
OleQueryCreateFromData
OleQueryLinkFromData
OleUninitialize
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStm
ReadClassStm
WriteClassStg
ReadClassStg
GetRunningObjectTable
CreatePointerMoniker
CreateAntiMoniker
CreateItemMoniker
CreateFileMoniker
GetClassFile
CreateGenericComposite
CreateBindCtx
MonikerCommonPrefixWith
MonikerRelativePathTo
MkParseDisplayName
BindMoniker
CreateDataCache
CreateDataAdviseHolder
StgSetTimes
StgIsStorageILockBytes
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfileOnILockBytes
StgCreateDocfile
CoTreatAsClass
CoGetTreatAsClass
CoRegisterMessageFilter
CoFileTimeNow
CoDosDateTimeToFileTime
CoFileTimeToDosDateTime
CoCreateGuid
CLSIDFromProgID
ProgIDFromCLSID
CoIsOle1Class
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoFreeAllLibraries

Exports

Exports

CSm16ReleaseHandler_Release32
CallbackProcessing_3216
ConvertHr1632Thunk
ConvertHr3216Thunk
ConvertObjDescriptor
IUnknownObj32
IntOpInitialize
IntOpUninitialize
InvokeOn32
ThkAddAppCompatFlag
ThkMgrInitialize
ThkMgrUninitialize
TransformHRESULT_1632
TransformHRESULT_3216

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

ntvdm.exe

wow32

ole32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 67KB - Virtual size: 66KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB