8892d31a4fb78dee301348258dd02fe3f3f55a96b244b4416898a01e0abab70b

Sharing

Copy URL

Twitter E-mail

General

Target

8892d31a4fb78dee301348258dd02fe3f3f55a96b244b4416898a01e0abab70b
Size

196KB
MD5

885a7aab43b0c51abbba68ac1528a4a5
SHA1

2f2d73c937fb4c66298c2ba4da3521e89d157a8c
SHA256

8892d31a4fb78dee301348258dd02fe3f3f55a96b244b4416898a01e0abab70b
SHA512

42bde56aa9237b2005263b4d15c2a902622261358bddbebd6c608464a0b5cd404f20667c857c8a771d3df3316922f275a4b974aa96e31045b4fb65c59fe7447d
SSDEEP

3072:K+S/JEqdrhf8p+vDFT/r4AG6RbS8uEdxtHwYCmo/eihp/VSI6XBJ4rcL6l:++eFf8QRT/r7Pt7Pihp/M4L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8892d31a4fb78dee301348258dd02fe3f3f55a96b244b4416898a01e0abab70b

Files

8892d31a4fb78dee301348258dd02fe3f3f55a96b244b4416898a01e0abab70b
.dll windows:10 windows x86 arch:x86

adfa4ceb475544ed7a3c0fb8598bd5ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olesvr32.pdb

Imports

msvcrt

_vsnwprintf
??3@YAXPAX@Z
_purecall
_errno
wcsncmp
memcpy
memcmp
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
lstrcmpA
GetCurrentThreadId
VirtualQuery
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
IsDebuggerPresent
IsWow64Process
DebugBreak
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceComplete
GetCurrentThread
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
lstrcmpiA
GlobalSize
GlobalGetAtomNameA
GlobalUnlock
GlobalFindAtomA
GlobalLock
GlobalFree
GlobalAlloc
GlobalAddAtomA
Sleep
GetLastError
FormatMessageW
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GlobalDeleteAtom
LocalUnlock
LocalFree
LocalAlloc
LocalLock
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError

advapi32

SetThreadToken
RegOpenKeyExA
EventUnregister
OpenThreadToken
OpenProcessToken
RegOpenUserClassesRoot
EventSetInformation
EventRegister
RegQueryValueExA
EventWriteTransfer
RegCloseKey

user32

GetParent
GetWindowLongA
SetTimer
PostMessageA
UnpackDDElParam
PackDDElParam
SendMessageA
CreateWindowExA
DefWindowProcA
EnumPropsA
SetWindowLongA
IsWindow
RegisterClassA
RegisterClipboardFormatA
GetWindowThreadProcessId
SetPropA
GetClassNameA
KillTimer
GetDesktopWindow
RemovePropA
GetPropA
SetWindowWord
EnumChildWindows
FreeDDElParam
DestroyWindow
GetWindow

gdi32

CopyMetaFileA
CreateBitmap
GetBitmapBits
DeleteEnhMetaFile
DeleteObject
DeleteMetaFile
GetObjectA
SetBitmapBits
CopyEnhMetaFileA

ntdll

EtwTraceMessage

Exports

Exports

DeleteClientInfo
DocWndProc
EnumForTerminate
FindItemWnd
ItemCallBack
ItemWndProc
OleBlockServer
OleQueryServerVersion
OleRegisterServer
OleRegisterServerDoc
OleRenameServerDoc
OleRevertServerDoc
OleRevokeObject
OleRevokeServer
OleRevokeServerDoc
OleSavedServerDoc
OleUnblockServer
SendDataMsg
SendRenameMsg
SrvrWndProc
TerminateClients
TerminateDocClients
WEP

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adfa4ceb475544ed7a3c0fb8598bd5ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 143KB - Virtual size: 142KB

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 143KB - Virtual size: 142KB