MSID1FC[.]tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MSID1FC.tmp
Size

1.3MB
MD5

b0abd2b7a3b51bfa95b2c62043d97ea0
SHA1

ea0f00314944c88bf25e9f26877e506577489579
SHA256

e3c325216ee1b0fd26e5269cb6413fff967b0e0b2c97ca9e937be053f39dce02
SHA512

008551d496ac5eb11ea3437947a8fe4bba9251b69b8ca6d412d4f940862ae62f32ffab56fcda00226678ac073e0098136dca717af2a2c633442ba0252dc49881
SSDEEP

24576:TaWOl4QIfjnCZOEvYVXn/v1zAOzwMa03BCFM:fOuQuCZvYJhzwMa2CF

Score

1^/10

Malware Config

Signatures

Files

MSID1FC.tmp
.dll windows x86

e3aeb8ea5d0e86b21208a09e3faecaa8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BroadcastSystemMessageA
EnableMenuItem
GetClipboardViewer
DlgDirSelectComboBoxExA
IsCharUpperA
GetRawInputDeviceList
SetClipboardViewer
FlashWindowEx
SetCursor
SetScrollRange
LoadMenuIndirectA
GetKBCodePage
EmptyClipboard
OpenWindowStationW
MonitorFromWindow
AnimateWindow
SetSysColors
SetUserObjectInformationA
GetCaretPos
MessageBoxIndirectW
DrawIcon
GetRawInputData
LockWorkStation
CharUpperA
RemovePropW

opengl32

glMultMatrixf

rasapi32

RasHangUpW
RasSetEapUserDataA

oleaut32

VarR8FromCy
VarBstrFromR8
CreateErrorInfo

gdi32

EnumMetaFile
SetViewportExtEx
GetTextExtentPoint32W
RemoveFontResourceW
GetObjectType
FillPath
LPtoDP
EnumObjects

advapi32

ChangeServiceConfig2W
RegisterEventSourceW
LookupPrivilegeDisplayNameW
CloseEventLog
ChangeServiceConfigW
AbortSystemShutdownA
UnlockServiceDatabase
RegDeleteKeyA
QueryUsersOnEncryptedFile
FreeEncryptionCertificateHashList
CryptEnumProviderTypesW

clusapi

ClusterRegSetValue

msvfw32

ICDrawBegin
ICLocate
DrawDibDraw
DrawDibStop

avifil32

AVIFileExit

ntdsapi

DsFreePasswordCredentials

shlwapi

PathRemoveExtensionW
PathFileExistsA
StrChrIW
SHRegWriteUSValueW
StrFromTimeIntervalW

rpcrt4

RpcRevertToSelf
RpcIfInqId
RpcServerInqBindings
IUnknown_Release_Proxy
I_RpcAsyncSetHandle
NdrAsyncServerCall

ws2_32

gethostbyaddr
recv

wininet

InternetAttemptConnect
DeleteUrlCacheEntryW

winscard

SCardReleaseContext
SCardTransmit

esent

JetCloseDatabase
JetRetrieveColumn

pdh

PdhOpenQueryH

shell32

SHSetLocalizedName
SHGetSpecialFolderPathW
ExtractIconExA
SHGetPathFromIDListW
SHGetInstanceExplorer
ExtractIconW

crypt32

CertGetCRLFromStore
CryptFreeOIDFunctionAddress
CryptUnregisterOIDFunction
CryptImportPublicKeyInfo
CryptSIPRemoveProvider

wintrust

WintrustRemoveActionID
CryptCATCDFEnumCatAttributes

netapi32

NetServerSetInfo

winmm

mmioDescend
waveOutWrite
mixerMessage

kernel32

ResetEvent
SetCommTimeouts
GlobalFindAtomA
FindNextFileA
ReplaceFileA
GlobalReAlloc
WaitForSingleObject
FindResourceExW
DecodePointer
GetTempFileNameW
GetPrivateProfileStringW
SearchPathA
TlsGetValue
GetQueuedCompletionStatus
SetProcessShutdownParameters
ConvertThreadToFiber
BuildCommDCBW
Module32NextW
GetLastError
LoadLibraryW
GetUserDefaultLCID
MapViewOfFile
GetModuleFileNameW
GetProcessAffinityMask
GetBinaryTypeW
WaitForMultipleObjectsEx

msvcrt

iswalpha
strtoul
_mktime64
ungetwc
wcstod
fgetpos

ole32

CoWaitForMultipleHandles
CoInitializeEx
ReadClassStg

setupapi

SetupDiGetDeviceInfoListDetailA
SetupDiGetClassDevsA
CM_Get_Device_ID_Size_Ex
SetupOpenInfFileW
CM_Set_DevNode_Registry_PropertyW
SetupGetSourceInfoW
SetupGetStringFieldW
CM_Query_Resource_Conflict_List
SetupDiGetDeviceRegistryPropertyW
SetupDiInstallDevice
CMP_WaitNoPendingInstallEvents
SetupInstallFromInfSectionW

winspool.drv

AddPrinterDriverA

lz32

LZOpenFileW

comctl32

CreateStatusWindowW

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3aeb8ea5d0e86b21208a09e3faecaa8

Headers

DLL Characteristics

File Characteristics

Imports

user32

opengl32

rasapi32

oleaut32

gdi32

advapi32

clusapi

msvfw32

avifil32

ntdsapi

shlwapi

rpcrt4

ws2_32

wininet

winscard

esent

pdh

shell32

crypt32

wintrust

netapi32

winmm

kernel32

msvcrt

ole32

setupapi

winspool.drv

lz32

comctl32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 28KB - Virtual size: 27KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 28KB - Virtual size: 27KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB