PASMUTILITY[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PASMUTILITY.dll
Size

2.3MB
MD5

a533048fcd367ed93aad2dbcdf5fbb38
SHA1

61e7e3590e7b9474e358c6e7b4c33b08c0c4170c
SHA256

f12f39d9ec34316d5c64c7fc850c7339e91c766d09abf530e3e423316e384928
SHA512

f03ac767eee3bbcb884f81da3c400f79ca12950a792ce478a47963ef53530d3ebb2f956cfc26286ecb244755085bf9a38fca8a21ca69e3fa885fa03962da14b2
SSDEEP

24576:uHmilIy8aAIdBI3z6kLKPQn3gf8vJly9K2nu3IfH5:SAI3K+rPv0hlyE2nu4

Score

N/A

Malware Config

Signatures

Files

PASMUTILITY.dll
.dll regsvr32 windows x64

38c593ce408cc7a57fc98ac3b5a1f617

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

omnitracking

?GetTrackerInterface@@YAPEAVITracker@@XZ

mfc120u

ord5401
ord8393
ord2189
ord13845
ord5421
ord2316
ord14079
ord13886
ord294
ord488
ord11518
ord14085
ord2759
ord1117
ord14102
ord2256
ord533
ord5402
ord5403
ord2763
ord1150
ord1922
ord12656
ord12657
ord4310
ord11868
ord11866
ord11869
ord11547
ord12312
ord4466
ord2373
ord1499
ord807
ord1326
ord13928
ord8064
ord13934
ord5863
ord7083
ord4682
ord4777
ord4776
ord4778
ord4775
ord4774
ord11776
ord2656
ord7885
ord9081
ord9096
ord9086
ord9558
ord9563
ord9098
ord11309
ord10691
ord8583
ord10715
ord9619
ord9620
ord6526
ord8798
ord2585
ord10686
ord7401
ord10844
ord10847
ord10075
ord8492
ord8484
ord13258
ord5903
ord521
ord6786
ord6592
ord3044
ord11660
ord9888
ord9896
ord11087
ord9976
ord11444
ord9612
ord9060
ord9848
ord10813
ord11296
ord9821
ord11297
ord9884
ord10422
ord8576
ord11168
ord10733
ord8834
ord9072
ord9073
ord11240
ord10736
ord10553
ord9055
ord10749
ord11457
ord11241
ord10308
ord11166
ord4233
ord11220
ord10423
ord9264
ord1143
ord9101
ord3870
ord8398
ord11105
ord7136
ord2372
ord4822
ord12433
ord7077
ord7084
ord6713
ord362
ord4175
ord1053
ord5651
ord482
ord5230
ord12334
ord6211
ord5232
ord12246
ord869
ord8298
ord5585
ord960
ord12163
ord12195
ord4474
ord1424
ord2228
ord7097
ord6158
ord4417
ord4415
ord4418
ord820
ord3159
ord3160
ord3752
ord3963
ord7721
ord13358
ord7718
ord6030
ord13355
ord12481
ord6618
ord5250
ord8349
ord8352
ord13625
ord7432
ord5140
ord12990
ord8388
ord13619
ord13721
ord7924
ord4290
ord13057
ord13056
ord4207
ord2477
ord2485
ord11895
ord3166
ord1338
ord3462
ord3461
ord528
ord3047
ord4680
ord3702
ord1146
ord987
ord4280
ord1449
ord13260
ord5904
ord5818
ord6488
ord3122
ord4052
ord1419
ord8707
ord6472
ord3109
ord1399
ord2145
ord6455
ord3102
ord3224
ord6066
ord1378
ord6503
ord3127
ord1434
ord5809
ord489
ord1118
ord3909
ord5992
ord2180
ord7121
ord11631
ord11687
ord5902
ord13256
ord2655
ord8782
ord11728
ord1086
ord8612
ord10958
ord10044
ord3265
ord3266
ord3029
ord448
ord6187
ord3170
ord3167
ord7558
ord9827
ord7795
ord9857
ord9859
ord9858
ord9856
ord9860
ord5355
ord11288
ord11289
ord8711
ord11645
ord3675
ord3670
ord11499
ord14067
ord8537
ord6625
ord10571
ord8828
ord3131
ord13372
ord11815
ord11813
ord1689
ord1701
ord1709
ord1705
ord1714
ord4718
ord4759
ord4726
ord4738
ord4734
ord4730
ord4767
ord4755
ord4722
ord4771
ord4744
ord4706
ord4713
ord4748
ord4316
ord5484
ord9265
ord4308
ord2925
ord12480
ord2644
ord14069
ord7535
ord14075
ord6527
ord13058
ord4291
ord7925
ord11280
ord13723
ord13620
ord8389
ord13213
ord5625
ord13626
ord2587
ord11680
ord3769
ord3236
ord3237
ord3130
ord11724
ord4686
ord8350
ord6620
ord2170
ord1161
ord12150
ord1632
ord8088
ord543
ord2315
ord320
ord12470
ord1660
ord1626
ord11919
ord290
ord12135
ord12313
ord14157
ord956
ord8291
ord8334
ord8043
ord1945
ord13892
ord13898
ord287
ord2107
ord4299
ord1423
ord12792
ord959
ord2773
ord11528
ord1422
ord11981
ord958
ord8044
ord4612
ord7940
ord8333
ord4467
ord2867
ord2861
ord5611
ord1665
ord1662
ord1498
ord1496
ord285
ord2879
ord13808
ord7775
ord5576
ord4138
ord1636
ord2129
ord8049
ord7281
ord1445
ord7966
ord11803
ord10005
ord12476
ord12414
ord4401
ord7600
ord7905
ord5087
ord2397
ord12093
ord12092
ord14068
ord7534
ord14074
ord8970
ord3968
ord3906
ord12495
ord7552
ord1969
ord11539
ord11538
ord13947
ord12082
ord7603
ord14146
ord6023
ord14148
ord6025
ord14147
ord6024
ord980
ord6511
ord3688
ord5608
ord11795
ord7802
ord11807
ord11775
ord4987
ord5267
ord5455
ord8922
ord5243
ord5458
ord4990
ord5133
ord4970
ord7346
ord7347
ord7337
ord5131
ord7804
ord9822
ord8781
ord2354
ord1030
ord286
ord280
ord296
ord12110
ord4855
ord3685
ord2302
ord265
ord1036
ord323
ord2308
ord2304
ord1484
ord266
ord1486
ord2318
ord9854
ord1487
ord324
ord1037
ord2285
ord2327
ord2330
ord2296
ord2329
ord473
ord2192
ord2294
ord2119
ord2224

msvcr120

__clean_type_info_names_internal
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__C_specific_handler
wcstoul
srand
rand
strstr
toupper
islower
wmemcpy_s
_stricmp
ftell
fseek
fread
fclose
_wfopen_s
_strdup
_wtol
sprintf_s
_strnicmp
strtok_s
atoi
strcmp
_strlwr_s
realloc
wcsnlen
memmove_s
_difftime64
__RTDynamicCast
swscanf_s
wcsncmp
?terminate@@YAXXZ
calloc
floor
ceil
wcstok_s
_i64tow_s
wcsncat_s
_wtoi64
_ui64tow_s
_ftime64_s
wcsftime
_time64
_localtime64_s
strlen
strcat_s
strcpy_s
_vscwprintf
vswprintf_s
_wcsupr_s
_wcslwr_s
_wcsrev
_wcsnset_s
wcsrchr
wcscspn
wcschr
_wcsdup
memmove
_mktime64
_get_timezone
swprintf_s
strncpy_s
memcpy
_set_invalid_parameter_handler
_wcsnicmp
wcscmp
_wtoi
_ltow_s
_wcsicmp
fprintf
fopen
wcscpy
wcscat_s
_CxxThrowException
wcscpy_s
_recalloc
malloc
wcsstr
wcsncpy_s
wcslen
memcpy_s
_purecall
memcmp
__CxxFrameHandler3
free
memset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ

kernel32

GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
RaiseException
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
HeapFree
lstrlenA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleA
FindResourceExW
VirtualQueryEx
GetLocaleInfoW
CreateEventW
OpenMutexW
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
TlsFree
TlsSetValue
TlsAlloc
GetTickCount
InitializeCriticalSection
MulDiv
LockResource
FreeResource
OpenProcess
GetCurrentProcessId
WaitForMultipleObjects
GetDiskFreeSpaceExW
lstrlenW
FormatMessageW
GetSystemDirectoryW
TlsGetValue
GetVolumeInformationW
CreateMutexW
ReleaseMutex
SetFilePointer
FlushFileBuffers
CopyFileW
LocalFree
LocalAlloc
GetCurrentProcess
GetTempPathW
WriteFile
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
IsBadWritePtr
IsBadReadPtr
FileTimeToSystemTime
VerifyVersionInfoW
GetComputerNameW
LoadLibraryW
GetWindowsDirectoryW
CreateProcessW
GetExitCodeProcess
SetLastError
GetTempFileNameW
GetFileTime
GetFileAttributesW
DeleteFileW
CreateFileW
ExpandEnvironmentStringsW
VerSetConditionMask
ResumeThread
TerminateThread
CreateThread
Sleep
WaitForSingleObject
CloseHandle
LoadLibraryExA
WideCharToMultiByte
GetPrivateProfileStringW
EncodePointer
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetPrivateProfileIntW
GetModuleFileNameW
OutputDebugStringW
LeaveCriticalSection
DecodePointer

comctl32

ImageList_ReplaceIcon

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 746KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data_1
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38c593ce408cc7a57fc98ac3b5a1f617

Headers

DLL Characteristics

File Characteristics

Imports

omnitracking

mfc120u

msvcr120

kernel32

comctl32

msvcp120

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 746KB - Virtual size: 746KB

.data Size: 41KB - Virtual size: 52KB

.pdata Size: 131KB - Virtual size: 130KB

.data_1 Size: 512B - Virtual size: 33B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 746KB - Virtual size: 746KB

.data
Size: 41KB - Virtual size: 52KB

.pdata
Size: 131KB - Virtual size: 130KB

.data_1
Size: 512B - Virtual size: 33B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 15KB - Virtual size: 15KB