f9f1c307da98ed25d73de00e0b395066ba91f7316f92575e28ffbbebdead4838

Sharing

Copy URL Twitter E-mail

General

Target

f9f1c307da98ed25d73de00e0b395066ba91f7316f92575e28ffbbebdead4838
Size

70KB
MD5

69326e395343da9299fee2b5578d1e16
SHA1

1cbcb4f7da8092d72292329e6a8d987bfca56ff5
SHA256

f9f1c307da98ed25d73de00e0b395066ba91f7316f92575e28ffbbebdead4838
SHA512

00a48cf19c7c92b7550849cb69bcb51268b7d83d0f45c03d7af43da2ca5fd0a88ea6f64b3db3e713c721697aed61aadda38b553a1caf84657a088cbc2a1b4a27
SSDEEP

384:I399oBkEUS1/49ANSG8CiII3HxQ7vlYxjp7xg6a0rqsywuGbvMNg90kVMJn2:I399oBZArG8CoC7vk79G2Lp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9f1c307da98ed25d73de00e0b395066ba91f7316f92575e28ffbbebdead4838

Files

f9f1c307da98ed25d73de00e0b395066ba91f7316f92575e28ffbbebdead4838
.dll windows:4 windows x86 arch:x86

8b87ea5a122f33663c5a485eb587a992

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegEnumKeyW
RegOpenKeyA
RegOpenKeyW
RegQueryValueExA
RegQueryValueExW

kernel32

DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadReadPtr
IsBadStringPtrW
RaiseException
lstrcmpW

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
free
fwrite
getenv
memmove
strchr
strcmp
strcspn
strlen
wcsncmp

user32

MessageBoxA

winmm

DefDriverProc
DriverCallback
midiOutClose
midiOutGetDevCapsW
midiOutGetNumDevs
midiOutLongMsg
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutShortMsg
midiOutUnprepareHeader

Exports

Exports

DriverProc
modMessage
modmCallback

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 192B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b87ea5a122f33663c5a485eb587a992

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

ucrtbase

user32

winmm

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 96B

.rodata Size: 4KB - Virtual size: 240B

.rdata Size: 4KB - Virtual size: 1KB

.eh_fram Size: 4KB - Virtual size: 1KB

.bss Size: - Virtual size: 192B

.edata Size: 4KB - Virtual size: 128B

.idata Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 932B

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 96B

.rodata
Size: 4KB - Virtual size: 240B

.rdata
Size: 4KB - Virtual size: 1KB

.eh_fram
Size: 4KB - Virtual size: 1KB

.bss
Size: - Virtual size: 192B

.edata
Size: 4KB - Virtual size: 128B

.idata
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 932B