a20b409e022f9a4e487672ad3b9647e7bd08fe6a6917541298aff1fdb847c62d

Sharing

Copy URL

Twitter E-mail

General

Target

a20b409e022f9a4e487672ad3b9647e7bd08fe6a6917541298aff1fdb847c62d
Size

123KB
MD5

77d648cae74fc002d1c7e0337b78e6a8
SHA1

56be41bec3784f35946a3f9b78d32764069a75bc
SHA256

a20b409e022f9a4e487672ad3b9647e7bd08fe6a6917541298aff1fdb847c62d
SHA512

5221e519672430e3dee9c079b8f09ba271939071b2f128a9181d49baf636cb582d88c2fba795d4483d31ffa918a770e21a139b8d44f51f136ff5e21987b67a0a
SSDEEP

3072:3C3nVdQ1FJeVk0vLfg6iOZ9czn2lQBV+UdE+rECWp7hKojsv3:cnVdoFUM6iOZ9czLBV+UdvrEFp7hKoje

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a20b409e022f9a4e487672ad3b9647e7bd08fe6a6917541298aff1fdb847c62d

Files

a20b409e022f9a4e487672ad3b9647e7bd08fe6a6917541298aff1fdb847c62d
.dll regsvr32 windows:5 windows x86 arch:x86

f7c98b9ba0d1076f9cfe64fb632fa11c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev\ruby\virtual\source_code\Release\audio_sniffer.pdb

Imports

kernel32

GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
CreateEventW
SetEvent
ResetEvent
GetCurrentProcess
GetCurrentThreadId
InterlockedExchange
FreeLibrary
MultiByteToWideChar
GetVersionExW
DisableThreadLibraryCalls
lstrlenW
GetProcAddress
GetModuleHandleW
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
InterlockedCompareExchange
DecodePointer
lstrlenA
Sleep
CreateThread
GetLastError
SetThreadPriority
CloseHandle
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EncodePointer
EnterCriticalSection
DeleteCriticalSection
IsDebuggerPresent

user32

wsprintfW

advapi32

RegCreateKeyW
RegSetValueExW
RegCloseKey
RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW

ole32

CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
??3@YAXPAX@Z
??2@YAPAXI@Z
printf
__CxxFrameHandler3
memcpy
_purecall
memset
_wtoi
_vsnwprintf
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
_initterm

winmm

timeGetTime

Exports

Exports

??4Cacam@@QAEAAV0@ABV0@@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7c98b9ba0d1076f9cfe64fb632fa11c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

avrt

msvcr100

winmm

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 1.0MB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1.0MB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB