msoobe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

msoobe.exe
Size

1.3MB
MD5

574f7eb2d1a291c99324d9efc2acc2b9
SHA1

f67878711eb916d0523c8c133d7710ab0159a511
SHA256

a7bdae88528dc61b40bcb6f271af75e2085c0a6155e6465c4bef78c3f872bf80
SHA512

b2ca70dfea012d7c699d04872164a5194bf66f0c629f3b24b1a1777a948a30357cb6d2250d0a8e68e3084c94c8eeaeb78850425fc633bdeeb460d96ade1746e7
SSDEEP

12288:twbhC1japQkXQ0Uu+704Jdm7XQPTlLOdugEkkFCGEdJy4pUc/4v:twVGIV+704JddPTlLOdzqzgJP7/4

Score

N/A

Malware Config

Signatures

Files

msoobe.exe
.exe windows x86

1c7d4e80448b46c8d0956cc9da833d78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupAccountNameW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
LsaClose
LsaFreeMemory
LsaSetInformationPolicy
LsaQueryInformationPolicy
LsaOpenPolicy
RegDeleteValueW
RegSetKeySecurity
RegSetKeyValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
QueryServiceStatusEx
StartServiceW
ConvertSidToStringSidW
GetSidSubAuthority
CopySid
GetSidLengthRequired
GetSidSubAuthorityCount
RegQueryValueExW
TraceEvent
RegLoadMUIStringW

kernel32

GetAtomNameW
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
GetCurrentProcess
LoadLibraryA
InterlockedCompareExchange
HeapSetInformation
CreateMutexW
TerminateProcess
CreateProcessW
NotifyUILanguageChange
CreateEventW
WaitForSingleObject
GetTickCount
Sleep
ExpandEnvironmentStringsW
OpenEventW
SetEvent
LocaleNameToLCID
GetUserDefaultLCID
SetThreadUILanguage
EnumSystemLocalesW
EnumSystemGeoID
GetUILanguageInfo
GetGeoInfoW
GetDynamicTimeZoneInformation
CompareStringW
FindResourceExW
GetSystemDefaultLocaleName
CompareStringOrdinal
GetACP
GetOEMCP
GetLocaleInfoEx
FreeLibrary
LoadLibraryW
GetProcAddress
LCIDToLocaleName
SetUserGeoID
GetUserGeoID
InterlockedDecrement
InterlockedIncrement
SetDynamicTimeZoneInformation
SetLocalTime
SetComputerNameExW
GetVersionExA
GetProductInfo
GetLocalTime
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetLastError
LocalAlloc
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
GetThreadUILanguage
RaiseException
GlobalFree
DebugBreak
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
GetModuleFileNameA
FormatMessageW
LocalFree
lstrlenW
NlsUpdateLocale
DelayLoadFailureHook
InterlockedExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
GlobalUnlock
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
GetModuleHandleExW
FreeLibraryAndExitThread
HeapCreate
TlsAlloc
TlsFree
HeapDestroy
TlsSetValue
GetVersion
FindAtomW
GetThreadLocale
IsProcessorFeaturePresent
GlobalLock
DeleteAtom
AddAtomW
TlsGetValue
SetProcessWorkingSetSize
GetTimeFormatW
MulDiv
MultiByteToWideChar
SearchPathW
GetUserDefaultUILanguage
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
GetVersionExW
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CreateThread
CreateDirectoryW
DeleteCriticalSection
InitializeCriticalSection
EnumUILanguagesW
GetSystemDefaultUILanguage
GetPrivateProfileSectionW
SetLastError
UnhandledExceptionFilter
GetProcessHeap
WriteFile
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
OutputDebugStringW
CreateActCtxW
GetModuleHandleW

gdi32

PtInRegion
GetDCBrushColor
GetTextMetricsW
GetDIBits
GetBrushOrgEx
SetBrushOrgEx
CreateSolidBrush
CreatePatternBrush
PlayEnhMetaFile
SetWindowOrgEx
GetTextExtentPoint32W
RealizePalette
SelectPalette
CreateHalftonePalette
GetPixel
GetObjectW
StretchBlt
CreateCompatibleBitmap
DeleteEnhMetaFile
PatBlt
GdiAlphaBlend
DeleteObject
GetLayout
CreateDIBSection
BitBlt
SelectObject
SetTextColor
SetBkColor
CreateCompatibleDC
GetObjectA
DeleteDC
GetStockObject
SelectClipRgn
StretchDIBits
CreateFontW
GetDeviceCaps
CombineRgn
CreateRectRgn
GdiGradientFill
GdiTransparentBlt
SetBkMode
SetTextAlign
GetTextAlign
GetTextColor
ExtTextOutW
GdiGetCharDimensions
LPtoDP
CreateDIBPatternBrushPt
GetBkColor
SetLayout
CreateFontIndirectW
OffsetRgn
GetRgnBox
RectVisible
GetRegionData
ExtCreateRegion
GetBkMode
OffsetWindowOrgEx
SetStretchBltMode

user32

GetWindowTextLengthW
GetWindowTextW
DestroyIcon
LoadImageW
GetIconInfo
CallWindowProcW
RegisterClassExW
GetClassInfoW
GetClassInfoExW
CreateIconIndirect
EqualRect
DrawFrameControl
InflateRect
GetSysColorBrush
IsRectEmpty
GetKeyNameTextW
MapVirtualKeyW
DrawFocusRect
IntersectRect
DrawIconEx
CopyRect
SetParent
IsChild
RedrawWindow
SetWindowRgn
GetWindowRgnBox
SetScrollInfo
CharUpperA
GetSystemMetrics
LoadIconW
LoadStringW
GetMessageW
IsProcessDPIAware
SetRectEmpty
IsWindow
RemovePropW
GetPropW
SetPropW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsCharAlphaNumericW
GetMessagePos
ScreenToClient
EnumChildWindows
AdjustWindowRectEx
ClientToScreen
CharUpperW
GetClientRect
GetAncestor
GetWindowRect
ShowWindow
MapWindowPoints
MoveWindow
GetFocus
GetParent
GetWindowDC
GetWindowInfo
SystemParametersInfoW
FillRect
DrawTextW
ReleaseDC
EnumWindows
GetClassNameW
IsWindowVisible
GetWindowThreadProcessId
RegisterClassW
UpdateWindow
RegisterHotKey
BeginPaint
GetUpdateRect
EndPaint
PostQuitMessage
DestroyWindow
InvalidateRect
NotifyWinEvent
DefWindowProcW
EnumDisplaySettingsW
ChangeDisplaySettingsW
RegisterWindowMessageW
GetSystemMenu
EnableMenuItem
SetWindowLongW
SetWindowPos
GetKeyState
PostMessageW
SetTimer
KillTimer
SetWindowTextW
LoadCursorW
SetCursor
GetWindowLongW
EnableWindow
SendMessageW
SetFocus
SendInput
CharNextW
GetDC
GetSysColor
SetRect

msvcrt

_isnan
iswalnum
iswalpha
realloc
_wcsdup
wcstol
wcsncmp
wcsrchr
_vsnprintf
bsearch
_wcsnicmp
_purecall
_wcsicmp
qsort
memset
free
malloc
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_callnewh
swscanf
??0exception@@QAE@XZ
__CxxFrameHandler3
_CIsin
_CxxThrowException
_ftol2
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
_ftol2_sse
wcsstr
_wtoi
_wtol
towlower
_vsnwprintf
towupper
wcschr
memmove
memcpy

oleaut32

VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayGetVartype
VariantInit

shell32

SHGetFolderPathEx
ord262
SHGetFolderPathW
ord754

propsys

PropVariantToUInt32

shlwapi

PathAppendW
SHStrDupW
StrChrW
ord437
StrTrimW
PathFileExistsW
ord174
ord219
ord487
SHRegGetValueW
ord16
SHCreateStreamOnFileW
PathCreateFromUrlW

userenv

ord206
DeleteProfileW

oleacc

LresultFromObject
ObjectFromLresult
GetRoleTextW
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipReleaseDC
GdipAddPathEllipseI
GdipCreateSolidFill
GdipBitmapSetPixel
GdipGetRegionHRgn
GdipDrawLineI
GdipFillEllipse
GdipDrawImageRectI
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipDeleteGraphics
GdipCreateRegionPath
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageRectRect
GdipCreateCachedBitmap
GdipDeleteCachedBitmap
GdipCreateBitmapFromGraphics
GdipCreateFromHDC
GdipDrawCachedBitmap
GdipDrawImageI
GdipCloneBitmapAreaI
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDeleteFont
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteRegion
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipGetImageWidth
GdipCloneBrush
GdiplusShutdown
GdipGraphicsClear
GdipCreateHBITMAPFromBitmap

netapi32

NetUserModalsGet
NetValidatePasswordPolicyFree
NetUserSetInfo
NetApiBufferFree
NetValidatePasswordPolicy

ntdll

NtQueryLicenseValue
RtlpSetPreferredUILanguages
RtlCompareUnicodeString
NtQuerySystemInformation
RtlpVerifyAndCommitUILanguageSettings
RtlInitUnicodeString

psapi

EnumProcessModules

input

ord108
ord104
ord106
ord105
ord107

winbrand

BrandingLoadBitmap

dnsapi

DnsValidateName_W

iphlpapi

GetAdaptersAddresses

msctfmonitor

InitLocalMsCtfMonitor
UninitLocalMsCtfMonitor

duser

MapGadgetPoints
GetGadgetTicket
DUserFlushMessages
SetGadgetBufferInfo
CreateAction
SetGadgetFocus
DUserFlushDeferredMessages
InitGadgets
AttachWndProcW
DetachWndProc
SetGadgetStyle
SetGadgetMessageFilter
GetGadgetFocus
FindGadgetFromPoint
InvalidateGadget
LookupGadgetTicket
SetGadgetRootInfo
DeleteHandle
CreateGadget
DUserSendEvent
DUserPostEvent
GetGadgetRect
GetGadgetAnimation
GetGadgetSize
SetGadgetRect
BuildAnimation
BuildInterpolation
SetGadgetFocusEx
SetGadgetParent
UtilDrawBlendRect
GetStdColorBrushI
GetStdColorI
FindStdColor
ForwardGadgetMessage
GetGadgetRgn

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 720KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c7d4e80448b46c8d0956cc9da833d78

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

shell32

propsys

shlwapi

userenv

oleacc

gdiplus

netapi32

ntdll

psapi

input

winbrand

dnsapi

iphlpapi

msctfmonitor

duser

Sections

.text Size: 471KB - Virtual size: 471KB

.data Size: 50KB - Virtual size: 54KB

.rsrc Size: 720KB - Virtual size: 720KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 471KB - Virtual size: 471KB

.data
Size: 50KB - Virtual size: 54KB

.rsrc
Size: 720KB - Virtual size: 720KB

.reloc
Size: 41KB - Virtual size: 40KB