28a9969e847e1a08e21add00b1772f553e957555545c7c49acfed8d69ad93b96

Sharing

Copy URL Twitter E-mail

General

Target

28a9969e847e1a08e21add00b1772f553e957555545c7c49acfed8d69ad93b96
Size

2.9MB
MD5

f477e0ee181ef79a71d8732546d8635f
SHA1

49c2293d480048b67f66accf3fae54f9f5e40978
SHA256

28a9969e847e1a08e21add00b1772f553e957555545c7c49acfed8d69ad93b96
SHA512

0f8ec792bfcddd2f513218e7a207853e6aac54e223e627dfee68cdb357c018a28b21ec95f9560391d4ab0cba6a30f8c900d8d48481ff3e46216430c374c72fa6
SSDEEP

49152:zw3QKpC6d0bHtR5pHHb8PxCtqCUq90xB0+gDyTo:zQHYb+4UCUq92dg/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28a9969e847e1a08e21add00b1772f553e957555545c7c49acfed8d69ad93b96

Files

28a9969e847e1a08e21add00b1772f553e957555545c7c49acfed8d69ad93b96
.dll windows:4 windows x64 arch:x64

194ce3c35177457577ae194f4756c804

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

GetOpenFileNameW
GetSaveFileNameW

dwmapi

DwmSetWindowAttribute

gdi32

BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExtCreateRegion
ExtSelectClipRgn
ExtTextOutW
GdiFlush
GetCharWidth32A
GetClipBox
GetClipRgn
GetDeviceCaps
GetFontData
GetFontUnicodeRanges
GetGlyphIndicesW
GetGlyphOutlineW
GetGraphicsMode
GetObjectW
GetOutlineTextMetricsA
GetStockObject
GetTextMetricsA
GetWorldTransform
IntersectClipRect
ModifyWorldTransform
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetMapMode
SetPixelFormat
SetTextAlign
SetTextColor
SetWorldTransform
StretchDIBits

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateSemaphoreA
CreateSemaphoreW
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileSizeEx
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExA
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__doserrno
__iob_func
__setusermatherr
_amsg_exit
_beginthreadex
_close
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fstat64
_getcwd
_gmtime64
_hypot
_initterm
_lock
_lseeki64
_open_osfhandle
_setjmp
_snprintf
_strdup
_strnicmp
_ultoa
_unlock
_wfopen
abort
acos
atof
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
frexp
fsetpos
fwrite
getc
getenv
getwc
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
qsort
rand
realloc
remove
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
strtol
strtoul
strxfrm
tan
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscmp
wcscoll
wcsftime
wcslen
wcsxfrm
longjmp
_write
_strdup
_read
_fileno
_fdopen

user32

AdjustWindowRectEx
BeginPaint
ClientToScreen
CloseClipboard
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EndPaint
EnumDisplaySettingsA
FillRect
FlashWindowEx
GetClassInfoExA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetFocus
GetKeyState
GetMessageTime
GetMonitorInfoA
GetParent
GetUpdateRect
GetWindow
GetWindowLongA
GetWindowLongPtrA
GetWindowPlacement
GetWindowRect
InSendMessageEx
InvalidateRect
IsClipboardFormatAvailable
KillTimer
LoadCursorA
LoadIconA
MapVirtualKeyA
MapWindowPoints
MonitorFromPoint
MonitorFromWindow
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
PostMessageA
RedrawWindow
RegisterClassExA
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoA
ToUnicode
TrackMouseEvent
TranslateMessage
UnregisterClassA
UpdateWindow
WaitMessage

Exports

Exports

DllMain
VSTPluginMain
main

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 115B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

194ce3c35177457577ae194f4756c804

Headers

File Characteristics

Imports

comdlg32

dwmapi

gdi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.data Size: 61KB - Virtual size: 60KB

.rdata Size: 304KB - Virtual size: 303KB

.pdata Size: 122KB - Virtual size: 122KB

.xdata Size: 136KB - Virtual size: 136KB

.bss Size: - Virtual size: 5KB

.edata Size: 512B - Virtual size: 115B

.idata Size: 11KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 61KB - Virtual size: 60KB

.rdata
Size: 304KB - Virtual size: 303KB

.pdata
Size: 122KB - Virtual size: 122KB

.xdata
Size: 136KB - Virtual size: 136KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 115B

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 12KB - Virtual size: 12KB