PluginManager_v1[.]4[.]12_x64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

PluginManager_v1.4.12_x64.zip
Size

474KB
MD5

50876d98e7c98a86dddd411d7464ddf9
SHA1

875ecdcda17b26c75e93ad7b2ee9c145eab0222c
SHA256

fec6d4dab3095c074c38002f36e6090343e3f95fabcf4af8a798832e116681fe
SHA512

a3f1a01c93c9f4c681bb4199184b202c479ef936a99728f179c8c162df08ad912cd29e6e29646563d5d009af87c7f73832833ec3e83588719dad63d18fe415a0
SSDEEP

12288:4QuBQ2Mdk1BgWXIU3aYyGgNToS+oI3ZTyZJlvgwS:4Da2NhXhTyGgNTop34Z7vgp

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/plugins/PluginManager.dll
unpack001/updater/gpup.exe

Files

PluginManager_v1.4.12_x64.zip
.zip
plugins/PluginManager.dll
.dll windows x64

ef256d4058703dc2f4d0946bc18fb211

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

PathIsDirectoryW
StrTrimW
StrTrimA
PathFileExistsW
PathAppendW
PathFindFileNameW
PathCombineW

kernel32

GetCurrentThreadId
GetProcessHeap
FreeLibrary
GetProcAddress
CreateThread
SetEvent
WaitForSingleObject
FindClose
CreateEventW
LoadLibraryW
CreateDirectoryW
FindFirstFileW
FindNextFileW
CloseHandle
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateFileW
DeleteFileW
GetCommandLineW
RemoveDirectoryW
LockResource
LoadResource
FindResourceW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetTempFileNameW
CopyFileW
GetVersionExW
ResetEvent
WaitForMultipleObjects
OutputDebugStringW
GetLastError
lstrlenW
lstrcpyW
SizeofResource
InitializeSListHead
GlobalFree
GlobalLock
WriteFile
SetFilePointer
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapReAlloc
WaitForSingleObjectEx
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapFree
HeapAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ExitProcess
WriteConsoleW
GetModuleFileNameW
GetModuleFileNameA
RtlPcToFileHeader
RaiseException
SetStdHandle
HeapSize
SetEndOfFile
GlobalAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
LoadLibraryExW
InterlockedFlushSList
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

user32

GetClientRect
InvalidateRect
DefWindowProcW
SendMessageW
MessageBoxW
ShowWindow
MoveWindow
IsWindowVisible
GetWindowRect
CreateDialogParamW
DestroyWindow
GetSystemMetrics
MessageBoxA
SystemParametersInfoW
wsprintfW
GetParent
ClientToScreen
GetWindowInfo
CreateDialogIndirectParamW
SetWindowPos
CallWindowProcW
DialogBoxParamW
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowTextA
SetWindowTextW
SetWindowTextA
EnableWindow
GetDlgItem
EndDialog
UpdateWindow

advapi32

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW

wininet

InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetOpenW
InternetErrorDlg
InternetReadFile

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updater/gpup.exe
.exe windows x64

a3907a20a9ba037462669ab6b21dac2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

InitCommonControlsEx

kernel32

CreateProcessW
GetModuleHandleW
CopyFileW
GetExitCodeProcess
GetLastError
CreateEventW
SetEvent
GetTempFileNameW
FindFirstFileW
FindNextFileW
FindClose
GetVersionExW
RemoveDirectoryW
CreateDirectoryW
ResetEvent
WaitForMultipleObjects
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
DeleteFileW
lstrlenW
lstrcpyW
WriteFile
SetFilePointer
SetEndOfFile
HeapSize
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
Sleep
GetVersion
OpenProcess
WaitForSingleObject
GetModuleFileNameW
CloseHandle
ReadFile
CreateThread
WaitForSingleObjectEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
SetFilePointerEx
HeapAlloc
FlushFileBuffers
HeapFree
GetConsoleMode
GetConsoleCP
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetProcAddress
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitProcess
GetACP
RtlUnwind

user32

GetDlgItem
GetDesktopWindow
GetWindowThreadProcessId
FindWindowExW
MessageBoxW
SendMessageW
GetClientRect
ClientToScreen
wsprintfW
CreateDialogParamW
CloseWindow
GetWindowRect
SetWindowPos
SetWindowLongPtrW
SetWindowTextW
GetWindowLongPtrW

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW

shell32

ShellExecuteExW

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathCombineW

wininet

InternetOpenW
InternetSetStatusCallbackW
InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW
InternetErrorDlg
InternetReadFile

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef256d4058703dc2f4d0946bc18fb211

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

kernel32

user32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 375KB - Virtual size: 375KB

.rdata Size: 158KB - Virtual size: 157KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 4KB - Virtual size: 4KB

a3907a20a9ba037462669ab6b21dac2e

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 262KB - Virtual size: 261KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 375KB - Virtual size: 375KB

.rdata
Size: 158KB - Virtual size: 157KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB