552124aae7304587ade2f1239ff80f63d080e3091ec0c3010ef27730b10529e8

Sharing

Copy URL Twitter E-mail

General

Target

552124aae7304587ade2f1239ff80f63d080e3091ec0c3010ef27730b10529e8
Size

1.6MB
MD5

1eb5f46164836eb01796b5166d5afd5d
SHA1

09fcc211837c4b342e853fa422728df820f9f174
SHA256

552124aae7304587ade2f1239ff80f63d080e3091ec0c3010ef27730b10529e8
SHA512

8109c4539442b77dad27948b63b1fc4cbc2ce700e997bb4a491379805e0b12e05df28f95274ecccef46a76e8e28c0e705d5c3a2fa60a16ce25f10c7f195d15ce
SSDEEP

49152:d4KQgXJL576n6wiXrbtGF/v09c288kb7mvWNQ:dMgXJL52nA+HbV8Y7/NQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
552124aae7304587ade2f1239ff80f63d080e3091ec0c3010ef27730b10529e8

Files

552124aae7304587ade2f1239ff80f63d080e3091ec0c3010ef27730b10529e8
.dll windows:6 windows x86 arch:x86

3f789239f6092101ededea902abbd5be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d9

Direct3DCreate9

kernel32

ReleaseMutex

user32

CallWindowProcW

gdi32

GetDeviceCaps

advapi32

QueryServiceConfigW

shell32

ShellExecuteW

msvcp140

?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

iphlpapi

GetTcpTable2

ws2_32

inet_ntoa

d3dx9_43

D3DXCreateTextureFromFileExA

netapi32

Netbios

imm32

ImmGetContext

vcruntime140

_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-math-l1-1-0

sqrt

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-time-l1-1-0

_time64

msvcrt

strncpy

psapi

GetMappedFileNameW

Exports

Exports

Direct3DCreate8

Sections

.text
Size: 709KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KO2_0_P
Size: 884KB - Virtual size: 884KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.KO2_0_P
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f789239f6092101ededea902abbd5be

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

gdi32

advapi32

shell32

msvcp140

iphlpapi

ws2_32

d3dx9_43

netapi32

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

msvcrt

psapi

Exports

Exports

Sections

.text Size: 709KB - Virtual size: 1.9MB

.KO2_0_P Size: 884KB - Virtual size: 884KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.KO2_0_P Size: 4KB - Virtual size: 4KB

.text
Size: 709KB - Virtual size: 1.9MB

.KO2_0_P
Size: 884KB - Virtual size: 884KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB

.KO2_0_P
Size: 4KB - Virtual size: 4KB