15e9f2be647aa994bbe99f3b005f36f0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

15e9f2be647aa994bbe99f3b005f36f0N.exe
Size

378KB
MD5

15e9f2be647aa994bbe99f3b005f36f0
SHA1

7c34354d34d09330abfbf72961dcf6a84577d7ab
SHA256

8bf31f2e451ca83d068381af4be4cf9a6558fd5bf4aabcc6f056b41b8e16f7e5
SHA512

2e9995563bdca9fc3c0f8a3a43ed74fcc5e5ceb1c8f4ca4a48fb23c3064cfd677d00d1ecb3b047531d6b83311b8115baba85fd512869c9967e071661993961f2
SSDEEP

6144:/HTc33WWDRidGTQBdISqMCnMj+XIa5jWihp+SKHwi41:PYnW7qcISRWXN5IzHwl1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15e9f2be647aa994bbe99f3b005f36f0N.exe

Files

15e9f2be647aa994bbe99f3b005f36f0N.exe
.dll regsvr32 windows:6 windows x86 arch:x86

a627d6ff78a291fafd684718d77d6204

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audiodev.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wtoi
memcpy
_vsnwprintf
memset

kernel32

FileTimeToLocalFileTime
DosDateTimeToFileTime
GetModuleHandleA
lstrlenA
GetVersionExA
DeviceIoControl
GlobalFree
GlobalReAlloc
GlobalAlloc
InterlockedIncrement
LocalAlloc
LocalFree
GetLastError
lstrlenW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
Sleep
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetExitCodeThread
CreateThread
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
SetFilePointer
DeleteFileW
UnmapViewOfFile
CreateFileW
GetTempPathW
ReadFile
lstrcmpiW
lstrcmpW
GlobalUnlock
GlobalSize
GetCurrentProcessId
ActivateActCtx
CreateActCtxW
GetModuleFileNameW
ReleaseActCtx
DeactivateActCtx
GetModuleHandleW
FileTimeToSystemTime
FormatMessageW
HeapAlloc
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
SetEvent
WaitForMultipleObjects
CreateEventW
GetNumberFormatW
GetLocaleInfoW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalLock
GetCurrentThreadId
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RegSetValueExA
RegCreateKeyExA
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA

advapi32

RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA

user32

DialogBoxParamW
RegisterClipboardFormatW
GetShellWindow
LoadMenuW
GetMenuItemCount
GetMenuItemInfoW
CreatePopupMenu
GetMenuDefaultItem
DestroyWindow
GetLastActivePopup
SwitchToThisWindow
GetClassNameW
GetWindowThreadProcessId
SendMessageTimeoutW
GetWindow
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
WinHelpW
SendDlgItemMessageW
SetTimer
KillTimer
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
GetWindowLongW
SetWindowLongW
EndDialog
LoadIconW
LoadStringW
SetDlgItemTextW
ShowWindow
SetFocus
DefWindowProcW
GetDlgItem
PostMessageW
CopyImage
RemoveMenu
GetSubMenu
CharNextA
CharNextW
GetSystemMetrics
DestroyIcon
SendMessageW
FindWindowW

shell32

ord750
SHGetPathFromIDListW
SHBindToParent
ord23
ord743
SHGetSettings
SHParseDisplayName
ExtractIconExW
ord152
ord19
ord67
ord74
ord18
ord16
SHGetFileInfoW
ord25
ord6
ord256
ord701
SHChangeNotify
ord21
ord155
ord17
SHGetDesktopFolder

shlwapi

ord10
ord8
ord9
StrRetToBufW
SHStrDupW
ord487
SHQueryValueExW
ord174
SHGetThreadRef
StrToIntW
StrDupW
ord7
PathRemoveFileSpecW
PathCombineW
PathAppendW
ord219
ord158
StrRChrW
ord199
AssocCreate
StrCmpLogicalW
ord16
StrFormatByteSizeW
ord168
ord176
ord388
PathFindExtensionW
ord354
PathFindFileNameW
ord172
StrCmpIW
PathRemoveBlanksW
StrFormatKBSizeW
StrCmpW

wmvcore

WMCreateEditor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_CDefFolderMenu_MergeMenu@16
_CIDLData_CreateFromIDArray@16
_GUIDFromStringW@8
_GetUIVersion@0
_ParseURLW@8
_SHAnsiToUnicode@12
_SHCoCreateInstanceAC@20
_SHGetMenuFromID@8
_SHGetObjectCompatFlags@8
_SHInvokeCommandOnContextMenu@20
_SHLoadRegUIStringW@16
_SHStringFromGUIDW@12
_SHUnicodeToAnsi@12

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a627d6ff78a291fafd684718d77d6204

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

shell32

shlwapi

wmvcore

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 146KB - Virtual size: 145KB

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 146KB - Virtual size: 145KB