ac1538b086450db655a1b965d83645e46e51a1b6ce9e3f6f106503a83eeb41f8

Sharing

Copy URL

Twitter E-mail

General

Target

ac1538b086450db655a1b965d83645e46e51a1b6ce9e3f6f106503a83eeb41f8
Size

653KB
MD5

ec3be31f1140a8570a20b1833a7e563a
SHA1

21f55b0c6ca0052daa3d6ab2b0c7cec380fa9069
SHA256

ac1538b086450db655a1b965d83645e46e51a1b6ce9e3f6f106503a83eeb41f8
SHA512

51eb5c5de0799ee7f080e9267b9093a55107aeca6bfa46cf3ff24d11f820eeea2e67ede7e7e96462cfa1074350f852e43065a1daa4efa3f1361212b986064988
SSDEEP

12288:T8MxLli5Dqsy4Kx7EkPdBdtueuu0Wdbcx07TBkezAQMGk+uU6qHdFEv:T8MHi5DuLtdBfLpk5QMGKTsdFEv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac1538b086450db655a1b965d83645e46e51a1b6ce9e3f6f106503a83eeb41f8

Files

ac1538b086450db655a1b965d83645e46e51a1b6ce9e3f6f106503a83eeb41f8
.exe windows:6 windows x86 arch:x86

85e20b41c8c4f7a1bee35acd3f209bbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\thunder11\thunder11_xmp_plugin\cppsrc\build\ProductRelease\APlayer.pdb

Imports

kernel32

CreateFileW
CloseHandle
LoadLibraryW
LoadResource
FindResourceW
GetProcAddress
LocalFree
GetFileSize
FreeLibrary
lstrcmpiW
LoadLibraryExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
WideCharToMultiByte
SetNamedPipeHandleState
WriteFile
PeekNamedPipe
WaitForSingleObject
GetModuleHandleA
PostQueuedCompletionStatus
QueueUserWorkItem
CreateEventW
FormatMessageW
SetEvent
GetNamedPipeHandleStateW
GetQueuedCompletionStatusEx
SwitchToThread
CreateIoCompletionPort
WaitNamedPipeW
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
VirtualAlloc
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OutputDebugStringW
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
GetCommandLineW
VirtualFree
SizeofResource
ReadFile
MulDiv
lstrcmpW
GlobalUnlock
DeleteCriticalSection
GlobalLock
DecodePointer
RaiseException
GlobalAlloc
GetLastError
MultiByteToWideChar
GetModuleHandleW
GetCurrentThreadId
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetVersionExA
CreateFileA
GetVolumeInformationA
DeviceIoControl
SetPriorityClass
GetPrivateProfileStringA
CreateDirectoryA
WritePrivateProfileStringA
lstrcpyA
GetFileAttributesA
lstrcatA
EnterCriticalSection
SetLastError
GetTempPathW

user32

BeginPaint
ReleaseDC
InvalidateRect
ReleaseCapture
GetWindowTextW
GetParent
GetClassInfoExW
GetDesktopWindow
GetDlgItem
GetClientRect
SetWindowLongW
SetCapture
GetClassNameW
EndPaint
RegisterWindowMessageW
LoadCursorW
CharNextW
SetFocus
wsprintfW
GetKeyState
FindWindowExW
GetWindowRect
SetForegroundWindow
PostMessageW
ShowWindow
SetClassLongW
SetParent
CreateAcceleratorTableW
DispatchMessageW
SetTimer
PeekMessageW
ChangeWindowMessageFilter
TranslateMessage
GetWindowLongW
GetWindowTextLengthW
DefWindowProcW
CallWindowProcW
GetWindow
GetFocus
DestroyWindow
GetDC
SetWindowPos
FillRect
CreateWindowExW
ScreenToClient
SendMessageW
UnregisterClassW
SetWindowTextW
RegisterClassExW
IsWindow
InvalidateRgn
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
GetSysColor
MoveWindow
GetMessageW

gdi32

DeleteObject
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
CreateSolidBrush

advapi32

RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW

shell32

DragQueryFileW
CommandLineToArgvW
SHGetSpecialFolderPathA
DragFinish

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleInitialize
CLSIDFromString
OleLockRunning
CoInitialize
CoTaskMemRealloc
OleUninitialize
CoTaskMemFree

oleaut32

DispCallFunc
SysAllocString
OleCreateFontIndirect
SysFreeString
LoadTypeLi
VariantInit
LoadRegTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringLen
VariantClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathCombineW

comctl32

_TrackMouseEvent

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85e20b41c8c4f7a1bee35acd3f209bbf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

iphlpapi

shlwapi

comctl32

Sections

.text Size: 285KB - Virtual size: 284KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 171KB - Virtual size: 170KB

.reloc Size: 91KB - Virtual size: 92KB

.text
Size: 285KB - Virtual size: 284KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 171KB - Virtual size: 170KB

.reloc
Size: 91KB - Virtual size: 92KB