d2db88bc51fc95d79c071e7f67e093393093ef6dbafde802f2769378ef438ab7

Sharing

Copy URL Twitter E-mail

General

Target

d2db88bc51fc95d79c071e7f67e093393093ef6dbafde802f2769378ef438ab7
Size

6.1MB
MD5

ac1a3d9ede431f91ab21c909019c272a
SHA1

297ed5adae0aa058bf0e922f17b87e04230c7bcf
SHA256

d2db88bc51fc95d79c071e7f67e093393093ef6dbafde802f2769378ef438ab7
SHA512

375da82f22550889bcadc1e5ba1cbdb3e24a6c37c7f29c3b76d573f5147a9d0b29d037078dec3c37a39f94d7bb72ec8ecc144cb6ff398a60dd43af77d2243d01
SSDEEP

98304:mDFXABPr2PbE7En3XCWpcPeuZw97c4PObVDACRqe4FprA4Gx:mDFg2PwgQ0Aq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2db88bc51fc95d79c071e7f67e093393093ef6dbafde802f2769378ef438ab7

Files

d2db88bc51fc95d79c071e7f67e093393093ef6dbafde802f2769378ef438ab7
.exe windows:6 windows x86 arch:x86

64c949e192b03c760db55da9b7f8650f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\meta-rightmore-ext\recipes-qxapps\workspace\vs2015\Win32\Release\audi.pdb

Imports

kernel32

GetCurrentThreadId
RaiseException
Sleep
GetLocalTime
GetFileAttributesA
DeleteFileA
CreateDirectoryA
SetThreadPriority
ResumeThread
GetThreadPriority
CloseHandle
CreateThread
ReadFile
WriteFile
PurgeComm
CreateFileW
CreateEventW
GetLastError
WaitCommEvent
SetEvent
GetCommState
ResetEvent
ClearCommError
GetOverlappedResult
SetCommMask
WideCharToMultiByte
OutputDebugStringA
IsDebuggerPresent
MultiByteToWideChar
GetModuleFileNameA
LoadResource
LockResource
FindResourceA
SizeofResource
GetTickCount64
MapViewOfFile
CreateFileMappingW
GetSystemInfo
UnmapViewOfFile
ReleaseMutex
CreateMutexW
SetEndOfFile
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetCommState
GetTickCount
FindNextFileA
FindFirstFileExA
FindClose
GetProcessHeap
ReadConsoleW
GetTimeZoneInformation
SetFilePointerEx
DeleteFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
WaitForSingleObject
RtlUnwind
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitThread
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
LoadLibraryA

user32

wsprintfW
GetCursorPos
ReleaseDC
SetForegroundWindow
ReleaseCapture
UpdateWindow
SetRect
PeekMessageA
LoadIconA
SetCapture
TranslateMessage
AdjustWindowRectEx
MonitorFromPoint
DispatchMessageA
DestroyWindow
GetDC
SetWindowPos
ScreenToClient
ShowWindow
GetCapture
SetWindowLongA
GetWindowLongA
MessageBoxA
GetMonitorInfoA
RegisterClassA
DefWindowProcA
CreateWindowExA

gdi32

GetStockObject

zlib

ord26

freetype

FT_Select_Charmap
FT_Set_Pixel_Sizes
FT_Load_Char
FT_Render_Glyph
FT_Outline_Embolden
FT_New_Face
FT_Init_FreeType

advapi32

SystemFunction036

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64c949e192b03c760db55da9b7f8650f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

zlib

freetype

advapi32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 838KB - Virtual size: 838KB

.data Size: 22KB - Virtual size: 549KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 243KB - Virtual size: 243KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 838KB - Virtual size: 838KB

.data
Size: 22KB - Virtual size: 549KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 243KB - Virtual size: 243KB