bd3f1f3832c41d92e25cc122c03f675438653fb30499b0ac49651cb367641a06N

Sharing

Copy URL Twitter E-mail

General

Target

bd3f1f3832c41d92e25cc122c03f675438653fb30499b0ac49651cb367641a06N
Size

43KB
MD5

e63ad52e06ee92ca4ab5522ac747e010
SHA1

7d63b7a27d05f2af318f8ce6ac7aaf1894367511
SHA256

bd3f1f3832c41d92e25cc122c03f675438653fb30499b0ac49651cb367641a06
SHA512

3dd98c92595a0525be48e343f452d5e2086f2029d913c2863834a85b553a7c829809731b66b53a1974e52bfdc0b2e41171a5446404097aa5d3268e19f4f1893a
SSDEEP

768:v4H/EyRrSpSfKfdbvBnSG5r+ezAr506xLHjwL0z2X:A8y1eyKRVrm06xrFK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd3f1f3832c41d92e25cc122c03f675438653fb30499b0ac49651cb367641a06N

Files

bd3f1f3832c41d92e25cc122c03f675438653fb30499b0ac49651cb367641a06N
.exe windows:5 windows x86 arch:x86

b8ce6248094c35e54aa32043cbba8f0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

glmf32

glsGetCurrentContext
glsContext
glsBinary
glsNumus
glsNumfv
glsPixelSetup
glsEndGLS
glsULongHigh
glsGetContextPointer
glsGetConsti
glsUCS2toUTF8z
glsAppRef
glsNuml
glsIsExtensionSupported
glsReadFunc
glsGLRCLayer
glsGetConstubz
glsHeaderfv
glsFlush
glsNumbv
glsGetGLRCi
glsNumulv
glsGetCaptureExecTable
glsCharubz
glsGetCaptureFlags
glsGetCommandAlignment
glsGetStreamCRC32
glsHeaderf
glsGetContextubz

oleaut32

GetErrorInfo
OaBuildVersion
VarI1FromDec
VarUI4FromCy
VarI4FromStr
VarUI8FromBool
VarInt
VarDecFromI2
VariantInit
VarI8FromDec
VarBstrFromI2
VarDateFromUI8
CreateTypeLib2
VarCyFromDisp
VarCyFromR4
SafeArrayLock
VarDecFromR8
VarDateFromI2
OleCreatePropertyFrame
VarDateFromI4
VarBoolFromR8
VarUI1FromI1
SafeArrayGetDim
VarR8FromUI8

dciman32

DCIEnum
DCIDestroy
WinWatchClose
DCIBeginAccess
DCISetClipList
GetWindowRegionData
WinWatchDidStatusChange
DCIEndAccess
GetDCRegionData
DCISetSrcDestClip
DCIDraw
DCICreateOverlay
DCIOpenProvider
WinWatchGetClipList
WinWatchNotify
DCICloseProvider
DCICreatePrimary
DCISetDestination
WinWatchOpen
DCICreateOffscreen

clbcatq

SetSetupSave
SetupSave
UpdateFromComponentChange
UpdateFromAppChange
OpenComponentLibraryOnStreamEx
DowngradeAPL
SetSetupOpen
CLSIDFromStringByBitness
CreateComponentLibraryEx
GetComputerObject
CheckMemoryGates
GetSimpleTableDispenser
CoRegCleanup
ActivatorUpdateForIsRouterChanges
OpenComponentLibraryOnMemEx
DeleteAllActivatorsForClsid
DllGetClassObject
OpenComponentLibraryEx
DllRegisterServer
DllUnregisterServer
ServerGetApplicationType
InprocServer32FromString
GetCatalogObject2
GetCatalogObject
ComPlusMigrate
SetupOpen
DllCanUnloadNow

kernel32

BackupWrite
FindFirstVolumeMountPointA
FindResourceExW
ReadConsoleOutputW
GetModuleHandleA
GetModuleHandleExA
QueryDepthSList
SetTapePosition
GetThreadSelectorEntry
OpenSemaphoreA
VirtualAlloc
ReadConsoleW
SetCurrentDirectoryA
LoadLibraryA
GetShortPathNameW
SetConsoleCP
InvalidateConsoleDIBits
lstrcatW
CreateRemoteThread
IsBadStringPtrA
GetVersionExA
MapViewOfFileEx

msasn1

ASN1CEREncBeginBlk
ASN1objectidentifier_free
ASN1BEREncSX
ASN1BERDecZeroChar16String
ASN1CEREncChar16String
ASN1BERDecObjectIdentifier
ASN1CEREncCharString
ASN1char32string_cmp
ASN1octetstring_cmp
ASN1BERDecOpenType2
ASN1BERDecTag
ASN1BERDecZeroChar32String
ASN1BEREncBitString
ASN1BERDecBool
ASN1BERDecZeroCharString
ASN1charstring_cmp
ASN1intx2uint32
ASN1BEREncObjectIdentifier
ASN1BERDecOctetString2
ASN1BERDecUTF8String
ASN1BEREncFlush
ASN1BERDecChar16String

msvcp60

??0bad_alloc@std@@QAE@ABV01@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAGG@Z
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
?pbackfail@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@MAEHH@Z
??Ystd@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??0locale@std@@AAE@PAV_Locimp@01@@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0out_of_range@std@@QAE@ABV01@@Z
?norm@std@@YANABV?$complex@N@1@@Z
?iword@ios_base@std@@QAEAAJH@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??4?$numeric_limits@O@std@@QAEAAV01@ABV01@@Z
_FSnan
??0_Locinfo@std@@QAE@ABV01@@Z
?sqrt@?$_Ctr@N@std@@SANN@Z
?_Doraise@domain_error@std@@MBEXXZ
_LExp
?_Sync@ios_base@std@@0_NA
?_Getcat@?$moneypunct@D$00@std@@SAIXZ
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
?round_error@?$numeric_limits@_N@std@@SA_NXZ
?compare@?$char_traits@D@std@@SAHPBD0I@Z

Sections

.text
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8ce6248094c35e54aa32043cbba8f0b

Headers

DLL Characteristics

File Characteristics

Imports

glmf32

oleaut32

dciman32

clbcatq

kernel32

msasn1

msvcp60

Sections

.text Size: 1024B - Virtual size: 782B

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 102KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 1024B - Virtual size: 782B

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 102KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 68B