f30000[.]dllhost[.]exe[.]infected

Sharing

Copy URL Twitter E-mail

General

Target

f30000.dllhost.exe.infected
Size

296KB
MD5

d478a6d6888c955444632af34b346c08
SHA1

3e6ce53f31ea2e7221153f933a44a47f9d85af0f
SHA256

ac32b761b7a6becbc048168f9872108823b31f6be0cd50271e07c2967826fdaf
SHA512

0ec4faa4503b46e05ce9ef805fa6801e50f87b5a78c2ff46677e1f9c7bbac650f4f17a26b57b8da19163f73b63b9ddff0792e1e332b5ffc7fc117eb37b4ee942
SSDEEP

6144:B2FqPmLCMV2Wl0Pstuf4b/ofVnA9XUSG6OrH:QTLCM2WlwstofRmUt64H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f30000.dllhost.exe.infected

Files

f30000.dllhost.exe.infected
.exe windows x86

d26a7cfd56ad2c728d97488541fee955

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetFileAttributesW
CreateFileMappingW
MapViewOfFile
SetFilePointer
SetEndOfFile
OpenFileMappingW
GetLocalTime
GlobalLock
GlobalUnlock
CreateDirectoryW
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
SetFileTime
FindClose
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileTime
FlushFileBuffers
HeapFree
GetProcessHeap
GetCurrentThreadId
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleOutputCP
FreeConsole
GetOverlappedResult
ConnectNamedPipe
GetSystemInfo
RemoveDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
OutputDebugStringW
GetWindowsDirectoryW
GetComputerNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
DisconnectNamedPipe
ResetEvent
lstrcmpA
ExitThread
CreateThread
OutputDebugStringA
LocalAlloc
LocalFree
CreateIoCompletionPort
PostQueuedCompletionStatus
TerminateThread
GetCurrentThread
GetQueuedCompletionStatus
LocalLock
LocalUnlock
LocalReAlloc
QueueUserAPC
InitializeCriticalSection
GetModuleHandleA
GetSystemDefaultLCID
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
DeleteFileW
lstrcmpiW
OpenProcess
GetVersionExW
WriteProcessMemory
SetUnhandledExceptionFilter
WideCharToMultiByte
GetFileSize
MultiByteToWideChar
SetFileAttributesW
CreateFileW
WriteFile
lstrlenW
ReadFile
lstrcmpW
GetTickCount
lstrcpyA
CreateEventW
WaitForMultipleObjects
lstrcpynW
CreateProcessW
DeleteCriticalSection
CreateRemoteThread
VirtualAllocEx
GetExitCodeThread
ResumeThread
LeaveCriticalSection
VirtualAlloc
VirtualFree
EnterCriticalSection
GlobalMemoryStatus
lstrcpynA
GetSystemTime
GetCurrentProcessId
ExitProcess
GetProcAddress
CloseHandle
Process32FirstW
LoadLibraryA
SetEvent
Process32NextW
GetLastError
CreateToolhelp32Snapshot
WaitForSingleObject
lstrlenA
TerminateProcess
GetCurrentProcess
Sleep

user32

GetWindowThreadProcessId
GetMessageW
DefWindowProcW
GetKeyState
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
DispatchMessageW
SetTimer
GetForegroundWindow
ExitWindowsEx
MessageBoxW
DestroyIcon
UnhookWindowsHookEx
TranslateMessage
SetWindowsHookExW
SetWindowLongW
KillTimer
PostQuitMessage
GetIconInfo
SetCursorPos
OpenWindowStationW
GetProcessWindowStation
SetCapture
mouse_event
LoadCursorW
OpenInputDesktop
SetProcessWindowStation
GetThreadDesktop
SetThreadDesktop
WindowFromPoint
PostMessageA
keybd_event
CloseWindowStation
GetWindowTextW
CloseDesktop
CreateDesktopW
OpenClipboard
CloseClipboard
GetClipboardData
GetSystemMetrics
wsprintfW
wsprintfA
GetClassNameW

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GdiFlush
GetDeviceCaps
CreateDCW
GetDIBits
DeleteDC
DeleteObject
BitBlt

advapi32

RegCloseKey
CloseServiceHandle
OpenSCManagerW
DeleteService
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
OpenServiceW
RegDeleteValueA
InitiateSystemShutdownA
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
QueryServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
ControlService
GetTokenInformation
LookupAccountSidW
GetUserNameW
GetLengthSid
FreeSid
OpenProcessToken
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
SetTokenInformation
RegEnumValueA
ImpersonateLoggedOnUser
RegOverridePredefKey
RegOpenCurrentUser
RevertToSelf
RegEnumValueW
RegOpenKeyA

shell32

ExtractIconExW
SHFileOperationW

odbc32

ord136
ord157
ord141
ord9
ord2
ord43
ord111
ord61
ord18
ord127
ord75
ord13
ord24
ord31
ord171

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

userenv

CreateEnvironmentBlock

ws2_32

getsockname
WSASocketA
closesocket
WSARecvFrom
WSACleanup
WSAStartup
WSAIoctl
htons
setsockopt
bind
WSASendTo
WSAGetLastError

Exports

Exports

?nuefubybysda@@YGKXZ

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d26a7cfd56ad2c728d97488541fee955

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

odbc32

wtsapi32

userenv

ws2_32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 8KB - Virtual size: 8KB