85ba1423c42b9d3e8f0b5bb65186e88982407d0259423a7f928a3c963ad28624N

Sharing

Copy URL Twitter E-mail

General

Target

85ba1423c42b9d3e8f0b5bb65186e88982407d0259423a7f928a3c963ad28624N
Size

344KB
MD5

a9ed9f6f3ace7d2a38100cd7233d5240
SHA1

3c3b8234f9c97fdd94f5cab6f9d70349fdf9d43e
SHA256

85ba1423c42b9d3e8f0b5bb65186e88982407d0259423a7f928a3c963ad28624
SHA512

669d31362442c463095347d8e81e94c40a694b713bb18e527dbf6ad5783a5270049593fd93dcd5bc49bf47b9e5a1c631cafe91567740e941508154bdf3062312
SSDEEP

6144:0z6NKy8rrBT8ZprKkUelsEgjolBf825IAysmO7km8tiX2gTENfOwjmrjbf1CR2IL:AiA1gZZK9e2rMlBE+mddYzYNfOA2bfcj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wmvdmoe2.dll

Files

85ba1423c42b9d3e8f0b5bb65186e88982407d0259423a7f928a3c963ad28624N
.cab
wmvdmoe2.dll
.dll regsvr32 windows:5 windows x86 arch:x86

585c3e3cb0f593d4fc444b0c564e3f3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMVDMOE2.pdb

Imports

msvcrt

fclose
fprintf
ceil
srand
printf
remove
_iob
fscanf
asctime
rewind
time
rand
exit
fseek
ftell
fread
fwrite
_except_handler3
_purecall
??2@YAPAXI@Z
wcscmp
wcslen
free
_initterm
_adjust_fdiv
fopen
localtime
fflush
malloc
_onexit
_vsnprintf
__dllonexit
??3@YAXPAX@Z

kernel32

GetDiskFreeSpaceA
GetEnvironmentStrings
lstrlenW
lstrlenA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MulDiv
SetEnvironmentVariableA
InitializeCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
Sleep
GetTempFileNameA
SetLastError
GetTempPathA
GetSystemInfo
CloseHandle
WaitForSingleObject
SetEvent
ResetEvent
SetThreadPriority
CreateThread
GetThreadPriority
GetCurrentThread
CreateEventA
IsProcessorFeaturePresent
GetLocalTime
GlobalMemoryStatus
DeviceIoControl
GetVersionExA
GetModuleHandleW
GetProcAddress
LoadLibraryA
InterlockedCompareExchange
HeapFree
GetProcessHeap
GetEnvironmentStringsW
HeapAlloc
InterlockedExchange

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantInit
SysAllocString

advapi32

RegSetValueExA
RegSetValueA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shlwapi

SHDeleteKeyA

msdmo

MoDuplicateMediaType
MoDeleteMediaType
DMORegister
DMOUnregister
MoCopyMediaType
MoFreeMediaType
MoInitMediaType

Exports

Exports

CreateInstance
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

585c3e3cb0f593d4fc444b0c564e3f3b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

oleaut32

advapi32

shlwapi

msdmo

Exports

Exports

Sections

.text Size: 831KB - Virtual size: 831KB

.data Size: 125KB - Virtual size: 393KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 831KB - Virtual size: 831KB

.data
Size: 125KB - Virtual size: 393KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 21KB - Virtual size: 21KB