fad6679ffd9a142a9b4f05374b578476cab260ff3193452c38dc73bac661dd22N

Sharing

Copy URL Twitter E-mail

General

Target

fad6679ffd9a142a9b4f05374b578476cab260ff3193452c38dc73bac661dd22N
Size

88KB
MD5

66ca68fae7289e64ab497b0dba71e040
SHA1

53ebe8fe95272f00aa8876718f27d488ba979358
SHA256

fad6679ffd9a142a9b4f05374b578476cab260ff3193452c38dc73bac661dd22
SHA512

eb1de9f592f2427a10d27b5d38e01a90ff000ca1074550c90992d39c563dea666578d7b56e8a3ce6266d351c6c8dcc6ef40fab58eecfa1ba58ccc8b039b1ac59
SSDEEP

1536:PzPrVkbLTKLNF1xAWC9iPsFgc3K+BpGaSRfUZQUhihN1yD8Z2gE/MFsEzekl/gs:bP5kCNF1xADT5tSRT3NQN/s79lIs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mswrd632.wpc

Files

fad6679ffd9a142a9b4f05374b578476cab260ff3193452c38dc73bac661dd22N
.cab
mswrd632.wpc
.dll windows:5 windows x86 arch:x86

2c4027e45cff3f668a9e9dfa63a22544

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mswrd632.pdb

Imports

msvcrt

malloc
_initterm
free
_setjmp3
longjmp
_adjust_fdiv
memmove

kernel32

LoadLibraryA
IsDBCSLeadByte
GetLocalTime
GlobalAlloc
GlobalReAlloc
GlobalSize
SetFilePointer
GetFileSize
lstrlenA
DeleteFileA
MoveFileA
CloseHandle
FlushFileBuffers
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalFree
LocalAlloc
GetProcAddress
GlobalHandle
LocalLock
LocalUnlock
LocalReAlloc
CreateFileA
ReadFile
WriteFile
GetModuleFileNameA
GetWindowsDirectoryA
GetTempFileNameA
GetTempPathA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
GetSystemDefaultLangID
lstrcpynA
lstrcpyA
FreeLibrary
SetErrorMode
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
LocalFree
lstrcatA

user32

wsprintfA
CharUpperA
CharLowerA
LoadStringA
IsCharAlphaA
OemToCharA
IsCharUpperA
IsCharAlphaNumericA
RegisterClipboardFormatA
GetLastActivePopup
MessageBoxA

gdi32

DeleteMetaFile
SetMetaFileBitsEx
GetMetaFileBitsEx

advapi32

RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ole32

OleInitialize
OleBuildVersion
OleUninitialize
StgCreateDocfile
StgOpenStorage
OleConvertIStorageToOLESTREAM
OleSave
OleLoad
WriteFmtUserTypeStg
WriteClassStg

Exports

Exports

AbortForeignToRtf
AbortRtfToForeign
CchFetchLpszError
CchFetchMainStream
ConvertForeignToRtf
ConvertRtfToForeign
DllMain
FFetchSzzClasses
FFileRecognized32
FPrivateRetryMemError
FRegisterConverter
ForeignToRtf32
GetReadNames
GetWriteNames
InitConverter32
IsFormatCorrect32
RegisterApp
RtfToForeign32
UninitConverter
_AbortProcessing

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c4027e45cff3f668a9e9dfa63a22544

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

advapi32

version

ole32

Exports

Exports

Sections

.text Size: 157KB - Virtual size: 156KB

.data Size: 3KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 157KB - Virtual size: 156KB

.data
Size: 3KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 11KB - Virtual size: 10KB