4f95f5fd58b8a695bb26a2930d0583cfe3409a4badbb181d193e4932ea960f17

Sharing

Copy URL

Twitter E-mail

General

Target

4f95f5fd58b8a695bb26a2930d0583cfe3409a4badbb181d193e4932ea960f17
Size

46KB
MD5

c4a9d24db02daa30aeb575403c0662a8
SHA1

c6bc64435d0560612827c564fa3293b143b633e6
SHA256

4f95f5fd58b8a695bb26a2930d0583cfe3409a4badbb181d193e4932ea960f17
SHA512

624dab7813c84f998aba8148c208bdaf6f60e5d11cf2e325a32518de60641f81662f32cc74aa525aa95af4d0ebd97650e0c1c5a8a18f87fb8ab1f812c79faeb6
SSDEEP

768:/a0LPhb+wnyeo2XeHqc3iFpTi2Jb3Z/0lL1fWEByKZk0vg/trKS8phnFM:/aC5KwyeLeHqcom2Jb3Z/KL1fWKjZk0o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f95f5fd58b8a695bb26a2930d0583cfe3409a4badbb181d193e4932ea960f17

Files

4f95f5fd58b8a695bb26a2930d0583cfe3409a4badbb181d193e4932ea960f17
.dll windows:6 windows x86 arch:x86

edaaf141a414f1836f53e4cb844ccb4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\KbMedia\_all\kbmplay_all\_temp\Win32\Release\kb2smf\kb2smf.pdb

Imports

kernel32

lstrlenW
lstrcpynW
DisableThreadLibraryCalls
CompareFileTime
GetCurrentProcess
WriteFile
TerminateProcess
GetModuleFileNameW
WaitForSingleObject
CreateFileW
UnmapViewOfFile
DuplicateHandle
SetFileAttributesW
MultiByteToWideChar
DeleteFileW
CloseHandle
IsDBCSLeadByte
FileTimeToLocalFileTime
CreateProcessW
CopyFileW
MoveFileW
GetFileTime
GetExitCodeProcess
WaitForMultipleObjects
OpenFileMappingW
CreateEventW
GetLastError
SetEvent
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
GetFileAttributesW
Sleep
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

user32

PeekMessageW
MessageBoxW
PostThreadMessageW

msvcp140

?_Random_device@std@@YAIXZ

vcruntime140

memset
_except_handler4_common
_purecall
__CxxFrameHandler3
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
wcsrchr
__std_exception_copy
memcpy
__std_terminate
memmove

api-ms-win-crt-string-l1-1-0

isgraph
_wcsdup
_wcsicmp
wcsncpy_s
wcsncat_s

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_cexit
_initterm
_initialize_narrow_environment
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_beginthreadex
_initialize_onexit_table

Exports

Exports

kpi_CreateInstance

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edaaf141a414f1836f53e4cb844ccb4b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 2KB