SppExtComObj[.]Exe

Sharing

Copy URL

Twitter E-mail

General

Target

SppExtComObj.Exe
Size

559KB
MD5

85736209d1f90d35662b24c5e3dbcfa0
SHA1

f4cd5bea3cb1ef8924ed5f6f11fff7a8e289eae1
SHA256

c5f835f35836b0f1f7ac500304dab3cd49ffdc447ac497b0fc25fd160a39f732
SHA512

c8127df99c19577247a571e3b3e1c37444648c2208ac1b0a61526264170578bdc527ea0c25557319b90098b7f2e99637834d46c0e35926a46f7c7ae4ea20f2c9
SSDEEP

12288:FTosXwsszUu47gFeOHgskuzvABNK7PCxIZLx59kIQbwz8Dm:FbYzU/EFPPxzv2N4PCx1

Score

1^/10

Malware Config

Signatures

Files

SppExtComObj.Exe
.exe windows x64

e362c37d171448e3932b48a0360badce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegEnumKeyW
RegSetKeySecurity
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

kernel32

EncodePointer
GetCurrentProcessId
CreateProcessW
OpenEventW
DecodePointer
LocalAlloc
LocalFree
SetLastError
CreateEventW
GetCurrentProcess
VirtualAlloc
RtlAddFunctionTable
InitializeCriticalSection
HeapSetInformation
RaiseFailFastException
GetCurrentThread
DeleteCriticalSection
GetModuleHandleW
RtlDeleteFunctionTable
LoadLibraryExW
SetThreadPriority
SetEvent
CloseHandle
GetModuleFileNameW
GetLastError
GetCommandLineW
GetSystemDirectoryW
FreeLibrary
WaitForMultipleObjects
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetComputerNameExW
VirtualQuery
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
WaitForSingleObject
VirtualFree
FreeLibraryAndExitThread

msvcrt

memcmp
memmove
memcpy
_vsnwprintf
memset
_unlock
_wcsicmp
_purecall
srand
rand
wcschr
towupper
__C_specific_handler
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
wcscmp
_lock
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation

rpcrt4

UuidToStringW
I_RpcMapWin32Status
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
UuidFromStringW
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
Ndr64AsyncServerCallAll
RpcStringFreeW
NdrAsyncServerCall
Ndr64AsyncClientCall
NdrDllGetClassObject
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcBindingFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
RpcServerUseProtseqEpW
RpcServerRegisterIf2
RpcServerUnregisterIf
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect

oleaut32

BSTR_UserUnmarshal
BSTR_UserSize
VariantClear
VariantInit
BSTR_UserFree
LPSAFEARRAY_UserSize
BSTR_UserUnmarshal64
BSTR_UserMarshal
LPSAFEARRAY_UserMarshal64
SysFreeString
SysAllocString
LPSAFEARRAY_UserMarshal
BSTR_UserFree64
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
BSTR_UserSize64
SafeArrayDestroy
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
LPSAFEARRAY_UserFree64
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
CoRegisterClassObject
CoRevertToSelf
CoImpersonateClient
CoReleaseServerProcess
CoRevokeClassObject
CoUninitialize
CoInitializeEx
CoAddRefServerProcess
CoSuspendClassObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ole32

CoRegisterPSClsid
ObjectStublessClient3
ObjectStublessClient5
ObjectStublessClient4

shell32

CommandLineToArgvW

ws2_32

FreeAddrInfoW
WSAAddressToStringW
WSAGetLastError
WSACleanup
WSAStartup
GetAddrInfoW

dnsapi

DnsQuery_W
DnsNameCompare_W
DnsModifyRecordsInSet_W
DnsFree

activeds

ord20
ord9
ord15

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e362c37d171448e3932b48a0360badce

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ole32

shell32

ws2_32

dnsapi

activeds

Sections

.text Size: 431KB - Virtual size: 430KB

?g_Encry Size: 11KB - Virtual size: 11KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 431KB - Virtual size: 430KB

?g_Encry
Size: 11KB - Virtual size: 11KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB