02383993dd04fb202434d83c7d4ebc261b58f395c756a7fcca5141782e0ffb60N

Sharing

Copy URL Twitter E-mail

General

Target

02383993dd04fb202434d83c7d4ebc261b58f395c756a7fcca5141782e0ffb60N
Size

76KB
MD5

267856c7604b2b8e46ce7ade4c3300e0
SHA1

1fa9f092175d262049349f3dd98acc24e89545af
SHA256

02383993dd04fb202434d83c7d4ebc261b58f395c756a7fcca5141782e0ffb60
SHA512

7fb15e02855eb4e17fed3e4b5008e556f92c2b259ce6eef1b21d1bfa18c68bbd96e7c109590d3546e19cff4699f70bada3e799976dcf27d3ee5f5ad4dbfab05a
SSDEEP

1536:VU3EJQes2xoDoxTwN2NJRwbG8/hfevM6S2t/pBCa72ZnDhKxNg:K3EJM/s2az88U6SAhKZn0u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wmpsrcwp.dll

Files

02383993dd04fb202434d83c7d4ebc261b58f395c756a7fcca5141782e0ffb60N
.cab
wmpsrcwp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

62609d6efb9e50a2169c921b4b492cb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmpsrcwp.pdb

Imports

msvcrt

??2@YAPAXI@Z
towlower
towupper
wcslen
wcsstr
wcsrchr
wcsncpy
_snwprintf
_purecall
_wtoi
_wcslwr
_strnicmp
wcscmp
_wcsicmp
wcsncat
swscanf
malloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
free
wcscpy
??3@YAXPAX@Z

kernel32

FreeLibrary
lstrlenW
lstrcmpW
lstrlenA
MultiByteToWideChar
lstrcpynW
lstrcmpiW
VirtualAlloc
CreateEventW
WaitForSingleObject
Sleep
VirtualFree
GetSystemInfo
ResetEvent
SetEvent
GetModuleFileNameW
InitializeCriticalSection
InterlockedExchange
GetModuleHandleW
InterlockedIncrement
GetVersionExW
DeleteCriticalSection
WaitForSingleObjectEx
CloseHandle
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetSystemDefaultLCID
GetProcAddress
WideCharToMultiByte
GetLastError
LoadLibraryW
InterlockedDecrement
GetVersionExA
SetThreadPriority
GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
CreateSemaphoreW
WaitForMultipleObjects
GlobalMemoryStatus
ReleaseSemaphore
GetCurrentThreadId
ExitThread
GetTickCount
GetDiskFreeSpaceExW
lstrcpyW
lstrcatW
SetFilePointer
GetFileAttributesW
GetTempPathW
CreateFileW
GetFileType
ReadFile
HeapFree
GetProcessHeap
HeapAlloc

winmm

timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeSetEvent
timeKillEvent
OpenDriver
CloseDriver
SendDriverMessage

avicap32

capGetDriverDescriptionA

user32

InvalidateRect
RegisterWindowMessageW
PeekMessageW
GetWindowRgn
IsDialogMessageW
GetWindowThreadProcessId
AttachThreadInput
GetCursor
DestroyWindow
PostQuitMessage
CreateWindowExW
GetMessageW
SetRect
GetDlgItem
IsWindow
GetWindowTextW
GetClientRect
ClientToScreen
WaitMessage
BeginPaint
EndPaint
TranslateMessage
DispatchMessageW
CallWindowProcW
ReleaseCapture
GetSystemMetrics
SetCursor
SetCapture
SetWindowRgn
GetIconInfo
CharNextW
wsprintfW
RedrawWindow
CreateDialogParamW
GetWindowLongW
EnableWindow
IsChild
DefWindowProcW
SetWindowLongW
LoadIconW
GetWindowPlacement
SetWindowPlacement
SendMessageW
SendDlgItemMessageW
IsRectEmpty
PtInRect
IsWindowVisible
GetWindowRect
GetWindow
IsIconic
GetParent
MessageBoxW
LoadStringW
RegisterClassW
UnregisterClassW
EqualRect
ReleaseDC
GetDC
DrawIconEx
LoadCursorW
GetDesktopWindow
GetCursorPos
MoveWindow
ShowWindow
EnumWindows

olepro32

ord250

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteKeyW
RegSetValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW

ole32

CoFreeUnusedLibraries
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
VariantInit

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

gdi32

Rectangle
CreateRectRgn
CreateRectRgnIndirect
CombineRgn
GetDIBits
GetSystemPaletteEntries
SetROP2
GetPixel
DeleteDC
BitBlt
CreateSolidBrush
GetDeviceCaps
DeleteObject
SelectObject
RealizePalette
SelectPalette
CreatePalette
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShowSourcePropertyPage
ShowStreamTransformPropertyPage

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62609d6efb9e50a2169c921b4b492cb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

winmm

avicap32

user32

olepro32

advapi32

ole32

oleaut32

wininet

gdi32

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 152KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 152KB - Virtual size: 152KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 11KB - Virtual size: 10KB