bebf5857939b7ae74f09d5bbfabccd32cddac433acdf0fd14d51faafb8507a56

Sharing

Copy URL Twitter E-mail

General

Target

bebf5857939b7ae74f09d5bbfabccd32cddac433acdf0fd14d51faafb8507a56
Size

492KB
MD5

0df4dfbf516286fab77cd5273711ae3e
SHA1

e05e4096315e71f02eaaefedfe9b1ed88d8fbe34
SHA256

bebf5857939b7ae74f09d5bbfabccd32cddac433acdf0fd14d51faafb8507a56
SHA512

2789d29230d4d871cae3f1776772c251cfdebbfc0cecc34b6aeed6c26248d3094b8eb1656a501ac0ebc2750728df643f0f12e83021882142a015a1331ace8ecb
SSDEEP

12288:r6TXOJ+gJ00CVXboJcaQNH6ACKwctpMMLJrZAyS31:rsXOJhtCVrWqpCUFr2yS3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bebf5857939b7ae74f09d5bbfabccd32cddac433acdf0fd14d51faafb8507a56

Files

bebf5857939b7ae74f09d5bbfabccd32cddac433acdf0fd14d51faafb8507a56
.dll windows:6 windows x86 arch:x86

429e47ea752b1776447ff97b6e96ce3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Documents\vcpkg\buildtrees\harfbuzz\x86-o1-windows-rel\src\harfbuzz-subset.pdb

Imports

harfbuzz

hb_set_subtract
hb_set_union
hb_set_previous
hb_map_create
hb_map_reference
hb_font_set_variations
hb_map_destroy
hb_face_destroy
hb_face_get_user_data
hb_set_reference
hb_face_builder_create
hb_ot_var_find_axis_info
hb_font_destroy
hb_blob_get_empty
hb_font_get_empty
hb_face_builder_add_table
hb_face_get_table_tags
hb_face_set_user_data
hb_face_get_empty
hb_set_get_empty
hb_blob_get_data
hb_blob_get_length
hb_blob_copy_writable_or_fail
hb_blob_create
hb_set_add_range
hb_ot_layout_has_positioning
hb_font_create
hb_ot_layout_lookups_substitute_closure
hb_ot_layout_collect_features
hb_face_reference
hb_set_add
hb_set_invert
hb_set_clear
hb_set_destroy
hb_set_create
hb_face_get_glyph_count
hb_face_get_upem
hb_face_reference_table
hb_blob_get_data_writable
hb_blob_make_immutable
hb_blob_destroy
hb_blob_reference

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

vcruntime140

__std_terminate
memcpy
memset
__CxxFrameHandler3
memmove
memcmp
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

terminate
_seh_filter_dll
_configure_narrow_argv
_execute_onexit_table
_cexit
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_initterm

api-ms-win-crt-math-l1-1-0

ceil
floor
_libm_sse2_sqrt_precise
round

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
realloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

Exports

Exports

hb_subset_input_create_or_fail
hb_subset_input_destroy
hb_subset_input_get_flags
hb_subset_input_get_user_data
hb_subset_input_glyph_set
hb_subset_input_keep_everything
hb_subset_input_old_to_new_glyph_mapping
hb_subset_input_pin_axis_location
hb_subset_input_pin_axis_to_default
hb_subset_input_reference
hb_subset_input_set
hb_subset_input_set_flags
hb_subset_input_set_user_data
hb_subset_input_unicode_set
hb_subset_or_fail
hb_subset_plan_create_or_fail
hb_subset_plan_destroy
hb_subset_plan_execute_or_fail
hb_subset_plan_get_user_data
hb_subset_plan_new_to_old_glyph_mapping
hb_subset_plan_old_to_new_glyph_mapping
hb_subset_plan_reference
hb_subset_plan_set_user_data
hb_subset_plan_unicode_to_old_glyph_mapping
hb_subset_preprocess

Sections

.text
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

429e47ea752b1776447ff97b6e96ce3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

harfbuzz

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 427KB - Virtual size: 426KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 427KB - Virtual size: 426KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB