8c767ecc77e3c03a7f573d3d236ae4f0d34b15f41be7823ff52743bc1c858934N

Sharing

Copy URL Twitter E-mail

General

Target

8c767ecc77e3c03a7f573d3d236ae4f0d34b15f41be7823ff52743bc1c858934N
Size

1.8MB
MD5

f9df5faa153659e20015e0b10476aac0
SHA1

54eef39191dd6d124e79979c8df485855e8cdc88
SHA256

8c767ecc77e3c03a7f573d3d236ae4f0d34b15f41be7823ff52743bc1c858934
SHA512

e064e5703c744d375671f7621f4bf30c3751f166332ad35d4a5b98b015549d0af8ef8c684fb257b458eb839914f410594c4e3ecea8dae3e716fe0bb2253fd320
SSDEEP

49152:SxoNlp0i3NlvAMr0Z5VCuWKALJ2jHE3P4UmjGKlY:SiN5n70ZzWBJQE0K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wmp.dll

Files

8c767ecc77e3c03a7f573d3d236ae4f0d34b15f41be7823ff52743bc1c858934N
.cab
wmp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

1ee7967d6361f813705cb2625486f969

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmp.pdb

Imports

msvcrt

_wcslwr
malloc
free
??3@YAXPAX@Z
realloc
??2@YAPAXI@Z
wcslen
wcsncpy
_vsnwprintf
memmove
_wcsicmp
wcsrchr
wcscmp
iswalpha
_wtoi
wcsstr
_wcsnicmp
bsearch
iswspace
swscanf
iswdigit
_wtol
_beginthreadex
ldexp
swprintf
floor
ceil
_CIpow
__CxxFrameHandler
rand
_vsnprintf
wcspbrk
_stricmp
qsort
wcschr
srand
wcstoul
_ultow
time
wcsncmp
fclose
_wfopen
_memicmp
wcstok
_snwprintf
tolower
wcscpy
memcpy
memset
abort
_itow
wcstol
towlower
exit
wcstombs
iswalnum
_wtoi64
memcmp
atoi
strcpy
_itoa
abs
strchr
isspace
toupper
_ftol
_CIexp
longjmp
_setjmp3
strncmp
wcsftime
localtime
wcstod
wcscoll
_wcsicoll
_ltow
wcsspn
iswprint
iswascii
_strnicmp
difftime
_except_handler3
_wcsupr
fwrite
fflush
fprintf
_iob
sprintf
sscanf
getenv
_ui64tow
clock
isxdigit
isdigit
wcscspn
iswcntrl
towupper
_endthread
_beginthread
_initterm
_adjust_fdiv
__dllonexit
_onexit

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrStubCall2
NdrStubForwardingFunction
NdrClientCall2
UuidCreate
NdrDllCanUnloadNow

kernel32

FileTimeToLocalFileTime
ResetEvent
FreeLibraryAndExitThread
ReleaseSemaphore
ExitThread
CreateSemaphoreW
GetThreadPriority
WaitForMultipleObjects
RemoveDirectoryW
GetDateFormatW
CreateDirectoryW
GetTempPathW
GetFileType
SetFilePointer
GetStringTypeExW
lstrcmpW
DebugBreak
OutputDebugStringW
LocalAlloc
GetVersionExA
CreateFileA
CreateFileMappingA
CreateEventA
GetTimeFormatW
LocalFileTimeToFileTime
CopyFileExW
GlobalSize
InterlockedCompareExchange
InterlockedExchange
CompareStringW
ExitProcess
GetLocaleInfoA
SetEndOfFile
FlushFileBuffers
CreateMutexA
GetFullPathNameA
GetFullPathNameW
GetLongPathNameA
GetLongPathNameW
LCMapStringA
LCMapStringW
DeleteFileA
GetDriveTypeA
GetTempFileNameA
GetTempFileNameW
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringW
WritePrivateProfileStringW
IsValidLocale
GlobalMemoryStatus
GetNumberFormatW
GetACP
lstrcmpA
GetExitCodeProcess
CreateProcessW
GlobalAddAtomW
GlobalDeleteAtom
CreateProcessA
GetVersion
OpenProcess
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
QueryDosDeviceW
GetWindowsDirectoryW
GetSystemDirectoryW
FindAtomW
GetSystemPowerStatus
CompareFileTime
FileTimeToSystemTime
GetLocalTime
IsBadReadPtr
GetCurrentDirectoryW
WideCharToMultiByte
WriteFile
MoveFileW
GetFileSize
GetUserDefaultLCID
GlobalAlloc
GlobalFree
LoadLibraryA
GetFileAttributesExW
SetErrorMode
GetVolumeInformationW
ReadDirectoryChangesW
WaitForSingleObjectEx
CreateThread
GetExitCodeThread
GetUserDefaultLangID
GetLocaleInfoW
GetUserGeoID
VirtualFree
SetFileAttributesW
GlobalLock
GlobalUnlock
GetFileAttributesW
GetDiskFreeSpaceExW
DeleteFileW
GetLogicalDriveStringsW
GetDriveTypeW
Sleep
GetThreadLocale
FindNextChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindClose
FindCloseChangeNotification
lstrcpynA
FormatMessageW
LocalFree
GetUserDefaultUILanguage
FindResourceExW
GetCurrentThread
SetThreadPriority
CreateFileMappingW
MapViewOfFile
CreateEventW
CreateMutexW
DuplicateHandle
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
OpenEventW
SetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetShortPathNameW
SizeofResource
lstrlenA
LoadLibraryExW
DisableThreadLibraryCalls
MulDiv
FindResourceW
CreateFileW
ReadFile
CloseHandle
lstrcatW
GetSystemTime
SystemTimeToFileTime
CopyFileW
GetProcAddress
GetModuleFileNameW
lstrcpynW
LoadLibraryW
GetProcessHeap
HeapAlloc
HeapFree
FreeLibrary
FindResourceA
LoadResource
LockResource
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExW
GetLastError
FreeResource
SetFilePointerEx
GetProfileStringW
WriteProfileStringW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetWindowsDirectoryA
GetTimeZoneInformation
GetFileTime
GetModuleHandleW

gdi32

Ellipse
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
GetSystemPaletteEntries
CreatePalette
GetPaletteEntries
SetPaletteEntries
SelectPalette
RealizePalette
GetTextAlign
GetRegionData
ExtSelectClipRgn
GetTextExtentPoint32W
MaskBlt
CreateICW
SetDIBColorTable
ExtCreateRegion
GetDIBits
GetObjectA
GetDIBColorTable
CreateDIBSection
SetTextAlign
TextOutW
StretchDIBits
SetDIBitsToDevice
BitBlt
GetObjectType
GetBkColor
GetLayout
IntersectClipRect
PatBlt
PtInRegion
GetRgnBox
SetRectRgn
StretchBlt
SetTextCharacterExtra
DPtoLP
SetBkColor
ExtTextOutW
SetROP2
Polygon
CreateSolidBrush
CreatePenIndirect
SelectClipRgn
OffsetWindowOrgEx
CreateBrushIndirect
Rectangle
MoveToEx
LineTo
CreatePen
OffsetRgn
CombineRgn
CreateRectRgn
CreateCompatibleBitmap
GetClipBox
OffsetViewportOrgEx
CreateRectRgnIndirect
GetObjectW
ExcludeClipRect
RectVisible
SetLayout
SetStretchBltMode
CreateFontW
CreateCompatibleDC
SetBkMode
SetTextColor
GetStockObject
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPointW
DeleteObject
CreateDCW
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC

user32

GetWindowRgnBox
SetForegroundWindow
InflateRect
GetWindowDC
EndDialog
LoadIconW
GetAsyncKeyState
DrawAnimatedRects
ValidateRect
GetUpdateRect
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
VkKeyScanW
GetSystemMetrics
CharLowerW
SetDlgItemTextW
SendDlgItemMessageW
CheckDlgButton
SetScrollPos
SetScrollInfo
ScrollWindowEx
GetSysColor
IsDlgButtonChecked
UnregisterClassW
TrackMouseEvent
ClipCursor
EnumChildWindows
MsgWaitForMultipleObjects
SetDlgItemInt
GetAncestor
GetDoubleClickTime
MonitorFromWindow
GetDesktopWindow
PostThreadMessageW
SetParent
GetClassInfoW
GetClassNameW
DestroyCursor
SendMessageTimeoutA
SendMessageTimeoutW
GetMonitorInfoW
WaitMessage
CopyIcon
wvsprintfW
CharUpperBuffW
PostThreadMessageA
GetMessageA
CharNextA
IsZoomed
GetSystemMenu
MonitorFromRect
DrawFocusRect
GetMessagePos
GetMessageTime
GetScrollInfo
GetClassLongW
WindowFromDC
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetNextDlgTabItem
DrawEdge
MonitorFromPoint
SystemParametersInfoA
IsMenu
CopyImage
NotifyWinEvent
EnumWindows
SetMenu
GetDlgItemTextW
GetDlgItemInt
ShowScrollBar
GetScrollBarInfo
RegisterWindowMessageA
CheckRadioButton
EnumDisplayMonitors
ShowCursor
BringWindowToTop
SetMenuInfo
LoadCursorA
TranslateAcceleratorA
SetPropW
GetPropW
CopyAcceleratorTableW
RegisterClipboardFormatW
EnumDisplayDevicesW
CheckMenuRadioItem
CreateMenu
GetMenuStringW
SetActiveWindow
GetWindowPlacement
GetMenu
GetParent
InvalidateRgn
DestroyAcceleratorTable
GetCursorPos
GetForegroundWindow
GetCapture
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
GetSubMenu
IsRectEmpty
GetActiveWindow
FindWindowExW
DrawTextW
ReleaseCapture
SetCapture
IsWindowUnicode
CreateDialogParamW
TranslateAcceleratorW
FindWindowW
CloseWindow
SystemParametersInfoW
GetWindowThreadProcessId
GetWindowRgn
GetTopWindow
GetWindow
ShowWindowAsync
RedrawWindow
SetWindowPlacement
IsIconic
GetMenuItemID
IsWindowEnabled
DialogBoxParamW
GetIconInfo
GetSysColorBrush
DrawIconEx
InsertMenuW
DestroyIcon
CheckMenuItem
EnableMenuItem
ModifyMenuW
SetClassLongW
DeleteMenu
EnableWindow
SetRectEmpty
FrameRect
MapWindowPoints
CopyRect
SetRect
FillRect
SetCursor
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemoveMenu
PtInRect
CreatePopupMenu
GetMenuItemCount
GetMenuItemInfoW
GetQueueStatus
AppendMenuW
DestroyMenu
MessageBeep
ClientToScreen
TrackPopupMenuEx
GetWindowRect
SetWindowPos
LoadStringA
IsWindowVisible
SetFocus
PostQuitMessage
SetMenuItemInfoW
MessageBoxW
GetKeyState
PostMessageW
LoadMenuW
LoadAcceleratorsW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadImageW
CreateWindowExW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
WinHelpW
IsWindow
DestroyWindow
GetDlgItem
SendMessageW
RegisterWindowMessageW
GetFocus
IsChild
BeginPaint
GetClientRect
EndPaint
GetDialogBaseUnits
LoadStringW
CallWindowProcW
GetWindowLongW
DefWindowProcW
CharPrevW
SetWindowLongW
GetDC
ReleaseDC
IsDialogMessageW
MoveWindow
ShowWindow
CharNextW
TrackPopupMenu
InsertMenuItemW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
CryptGenRandom
CryptAcquireContextW
TraceEvent
GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
LogonUserW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AccessCheck
FreeSid
OpenThreadToken
OpenProcessToken
DuplicateTokenEx
RegDeleteKeyW
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegSetValueExA
RegSetValueW
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExA
IsValidSecurityDescriptor

ole32

HBITMAP_UserUnmarshal
HBITMAP_UserFree
HWND_UserSize
HWND_UserMarshal
CoFreeUnusedLibraries
HWND_UserUnmarshal
HWND_UserFree
OleRegGetUserType
CoCreateInstance
StringFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
HBITMAP_UserMarshal
HBITMAP_UserSize
HMENU_UserFree
HMENU_UserUnmarshal
HMENU_UserMarshal
HMENU_UserSize
OleRegEnumVerbs
CreateOleAdviseHolder
OleRegGetMiscStatus
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromString
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitialize
CoMarshalInterThreadInterfaceInStream
GetRunningObjectTable
CoDisconnectObject
CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoFileTimeNow
PropVariantCopy
OleLoadFromStream
GetHGlobalFromStream
OleSaveToStream
CoGetMalloc
CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
StringFromIID
DoDragDrop
IsAccelerator
CLSIDFromProgID
CreateDataAdviseHolder
ReadClassStm
WriteClassStm
CoGetClassObject
PropVariantClear
CoGetTreatAsClass

comctl32

PropertySheetW
ImageList_Remove
ImageList_Add
ImageList_Draw
ImageList_LoadImageW
ImageList_AddMasked
CreatePropertySheetPageW
DestroyPropertySheetPage
_TrackMouseEvent
CreateStatusWindowW
InitCommonControlsEx
ord17
ImageList_Destroy
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize

oleaut32

LoadRegTypeLi
VariantClear
VarUI4FromStr
SysStringLen
SysAllocStringLen
SafeArrayCreate
VARIANT_UserFree
SysAllocString
SysFreeString
LoadTypeLi
VARIANT_UserUnmarshal
SafeArrayGetElement
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
SysAllocStringByteLen
OleLoadPicture
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeTypeEx
SystemTimeToVariantTime
SafeArrayCreateVectorEx
SafeArrayPutElement
VarCmp
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SysStringByteLen
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
VariantCopy
VariantChangeType
VariantInit
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
VARIANT_UserMarshal
RegisterTypeLi

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

uxtheme

GetCurrentThemeName

gdiplus

GdiplusShutdown
GdipCloneImage
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromFile
GdiplusStartup
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipGetImageRawFormat
GdipGetPropertySize
GdipGetAllPropertyItems
GdipSetPropertyItem
GdipCreateBitmapFromScan0
GdipBitmapSetResolution
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipDrawImageRectI
GdipLoadImageFromFileICM

msvfw32

ICInstall
ICInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ee7967d6361f813705cb2625486f969

Headers

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

gdi32

user32

advapi32

ole32

comctl32

oleaut32

version

uxtheme

gdiplus

msvfw32

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.orpc Size: 8KB - Virtual size: 6KB

RT_CODE Size: 20KB - Virtual size: 16KB

.data Size: 396KB - Virtual size: 470KB

RT_DATA Size: 4KB - Virtual size: 384B

.rsrc Size: 492KB - Virtual size: 489KB

.reloc Size: 348KB - Virtual size: 347KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.orpc
Size: 8KB - Virtual size: 6KB

RT_CODE
Size: 20KB - Virtual size: 16KB

.data
Size: 396KB - Virtual size: 470KB

RT_DATA
Size: 4KB - Virtual size: 384B

.rsrc
Size: 492KB - Virtual size: 489KB

.reloc
Size: 348KB - Virtual size: 347KB