CloudStorageWizard[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CloudStorageWizard.exe
Size

153KB
MD5

1eda2d9ea8ec4fc8d4b177c91bea6c8f
SHA1

dc154f12fad21f6bfb5615f39ad131e97b5b3d30
SHA256

5916b4157c504c0220ec74080aec9d932f4445376ae4cde41f5b6b32067734cd
SHA512

4b19e81b72200a436352a940db053f9b9753afdf3f169271df16dcc891d4073c47ccec760cd2efb9572d3b28abef3c025b5dd8a6c2a1c509d554359c3b8a199c
SSDEEP

3072:KgL6+UaoShvEmsuvyKITkwHvGmY00anPlEEeQLy5MpU78:KgL61ShvBAbvGmYranPqLyy5v8

Score

1^/10

Malware Config

Signatures

Files

CloudStorageWizard.exe
.exe windows x86

149e97c48c9fd389d776b85364999f1e

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2015, 17:15

Not After

18/11/2016, 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:98:99:24:f6:53:c3:0a:1f:b4:23:df:f3:41:9d:47:2d:41:e1:33:cb:d2:66:8c:5c:77:e7:d6:db:18:5b:58
Signer

Actual PE Digest

92:98:99:24:f6:53:c3:0a:1f:b4:23:df:f3:41:9d:47:2d:41:e1:33:cb:d2:66:8c:5c:77:e7:d6:db:18:5b:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
_ftol2_sse
??_V@YAXPAX@Z
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
floor
_CxxThrowException
_except_handler4_common
_controlfp
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
realloc
_get_errno
_set_errno
_purecall
memmove_s
malloc
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
??0exception@@QAE@ABQBD@Z
_wcsnicmp
memmove
wcschr
_callnewh
memset

shcore

IUnknown_SetSite
ord222
IUnknown_QueryService
SHGetThreadRef
SHStrDupW
CommandLineToArgvW
SHSetThreadRef
SHStrDupA
SHCreateThreadRef

shlwapi

StrChrW
ord225
ord165
PathAppendW
ord487
PathRemoveFileSpecW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
LockResource
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleHandleA
FindResourceExW

api-ms-win-core-synch-l1-2-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
CreateEventExW
InitializeSRWLock
AcquireSRWLockExclusive
CreateSemaphoreExW
SetEvent
InitOnceComplete
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjectsEx
CreateMutexExW
InitOnceBeginInitialize
ReleaseMutex
Sleep
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-2

OpenProcess
GetStartupInfoW
TlsGetValue
GetCurrentProcess
TerminateProcess
OpenProcessToken
TlsSetValue
CreateThread
GetCurrentThreadId
TlsFree
TlsAlloc
GetCurrentProcessId

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocString
LoadRegTypeLi
LoadTypeLi
VariantInit
SetErrorInfo
VariantClear

api-ms-win-core-com-l1-1-1

CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoWaitForMultipleObjects
CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
CoTaskMemAlloc
CoResumeClassObjects
CoGetApartmentType
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoRegisterClassObject
PropVariantClear
CoCreateInstance
CoTaskMemFree
CoGetMalloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString
WindowsIsStringEmpty

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoOriginateErrorW
RoTransformError

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CallbackMayRunLong
CloseThreadpoolTimer

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventWriteTransfer
EventActivityIdControl
EventRegister
EventSetInformation

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

WinSqmAddToStreamEx
RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString

ole32

CreateBindCtx

user32

DestroyMenu
GetMenuDefaultItem
SendMessageW
GetKeyState
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetAncestor
GetParent
UpdateWindow
PostMessageW
GetWindowRect
NotifyWinEvent
PostQuitMessage
CreatePopupMenu
GetWindowBand
LoadCursorW
MsgWaitForMultipleObjectsEx
PostThreadMessageW
TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor

dui70

?OnSysChar@HWNDHost@DirectUI@@UAE_NG@Z
??1CritSecLock@DirectUI@@QAE@XZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?GetExtent@Element@DirectUI@@QAEPBUtagSIZE@@PAPAVValue@2@@Z
?SetWidth@Element@DirectUI@@QAEJH@Z
?SetHeight@Element@DirectUI@@QAEJH@Z
?SetID@Element@DirectUI@@QAEJPBG@Z
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?SetAccRole@Element@DirectUI@@QAEJH@Z
?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
?EraseBkgnd@HWNDHost@DirectUI@@MAE_NPAUHDC__@@PAJ@Z
?SetWindowDirection@HWNDHost@DirectUI@@UAEXPAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
??1ClassInfoBase@DirectUI@@UAE@XZ
??0ClassInfoBase@DirectUI@@QAE@XZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
?Register@HWNDHost@DirectUI@@SGJXZ
?FireEvent@Element@DirectUI@@QAEXPAUEvent@2@_N1@Z
?KeyboardNavigate@Element@DirectUI@@SG?AVUID@@XZ
?OnPropertyChanged@HWNDHost@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
??1HWNDHost@DirectUI@@UAE@XZ
??0HWNDHost@DirectUI@@QAE@XZ
?Initialize@HWNDHost@DirectUI@@QAEJIIPAVElement@2@PAK@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SGPAUIClassInfo@2@XZ
?ExtentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?Release@Value@DirectUI@@QAEXXZ
?GetTopLevel@Element@DirectUI@@QAEPAV12@XZ
?SetXMLFromResourceWithTheme@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@00@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJPBGPAUHINSTANCE__@@1@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?GetSheet@DUIXmlParser@DirectUI@@QAEJPBGPAPAVValue@2@@Z
UnInitThread
InitThread
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SGPAV12@PBGPAUHINSTANCE__@@@Z
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?AccNameProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?SetBackgroundColor@Element@DirectUI@@QAEJK@Z
?SetClass@Element@DirectUI@@QAEJPBG@Z
?Add@Element@DirectUI@@QAEJPAV12@@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
StrToID
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?GetClassInfoPtr@RichText@DirectUI@@SGPAUIClassInfo@2@XZ
UnInitProcessPriv
InitProcessPriv
?EndDefer@Element@DirectUI@@QAEXK@Z
?StartDefer@Element@DirectUI@@QAEXPAK@Z
GetScaleFactor
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
?OnInput@HWNDHost@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
?OnEvent@HWNDHost@DirectUI@@UAEXPAUEvent@2@@Z
?Paint@HWNDHost@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UAEJPAPAUIAccessible@@@Z
?OnNotify@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

149e97c48c9fd389d776b85364999f1e

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

92:98:99:24:f6:53:c3:0a:1f:b4:23:df:f3:41:9d:47:2d:41:e1:33:cb:d2:66:8c:5c:77:e7:d6:db:18:5b:58Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shcore

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-synch-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-apiquery-l1-1-0

ntdll

ole32

user32

dui70

api-ms-win-core-delayload-l1-1-1

Sections

.text Size: 110KB - Virtual size: 110KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 14KB - Virtual size: 14KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 7KB - Virtual size: 7KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

92:98:99:24:f6:53:c3:0a:1f:b4:23:df:f3:41:9d:47:2d:41:e1:33:cb:d2:66:8c:5c:77:e7:d6:db:18:5b:58
Signer

.text
Size: 110KB - Virtual size: 110KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 14KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 7KB - Virtual size: 7KB