zNrD4[.]cpl | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zNrD4.cpl
Size

1.6MB
MD5

a17308fd611cd38a739b8b162df77253
SHA1

76d00c0d452b65467ed93e5be217173eeb571d00
SHA256

7bee08f220fd65b07d9831150618bcd076cf668a25ee8744b449a2ba5c628906
SHA512

8876d2a7d0b25ec2ada494262cbdc5a1984357c19f732eadd9501488114fbed68e141ffc8778b8ff53b8e54fb2b9de1001297b1fd4cac56213a8bdc93d031f22
SSDEEP

24576:rTSw7RrYx203eHOzCsrc3V+51XE3CHpbpeqcrdUp/4jWOfr23sYI:rew71YxN31zC7F2tEyJBcZq4ic2c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zNrD4.cpl

Files

zNrD4.cpl
.dll windows x86

d91aa11218db699e18a612c82b368740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumDisplayDevicesA
GetClipboardViewer
VkKeyScanA
ShowCursor
SetDlgItemTextA
GetKeyboardState
IntersectRect

wintrust

CryptCATAdminAcquireContext
IsCatalogFile

crypt32

CryptStringToBinaryA
CertCloseStore

ole32

CoUnmarshalInterface
OleIsCurrentClipboard
CoResumeClassObjects
CoFileTimeNow
CoWaitForMultipleHandles
ReadClassStg

winscard

g_rgSCardT0Pci

imm32

ImmRegisterWordW
ImmSetCompositionFontW

advapi32

RegQueryValueExW
RegisterEventSourceW
SaferGetLevelInformation
AddAuditAccessAce
AreAnyAccessesGranted
GetSidSubAuthorityCount
SaferRecordEventLogEntry
RegCloseKey
RegRestoreKeyA
RegConnectRegistryA

gdi32

StartPage
GetCharABCWidthsW
PaintRgn
SetPaletteEntries
PathToRegion
ResetDCW

setupapi

SetupIterateCabinetW
SetupDiSetDeviceRegistryPropertyA

iphlpapi

GetRTTAndHopCount

shlwapi

UrlGetPartA
AssocGetPerceivedType
PathFindExtensionA

msvcrt

rand
strtol
memset

winmm

midiStreamRestart
sndPlaySoundW

kernel32

LoadLibraryW
GetBinaryTypeA
WaitForSingleObjectEx
GetUserDefaultLangID
GetModuleFileNameA
WaitForDebugEvent
TerminateJobObject
GetModuleFileNameW
GetAtomNameA
SetLocaleInfoW
CreateDirectoryA
lstrcpyW
IsProcessInJob
GetVolumePathNameW
GetComputerNameExW
RemoveDirectoryA
GetStringTypeA
LocalLock
lstrcpynA
SetConsoleCursorPosition
GetCurrencyFormatW

ws2_32

getsockopt

oleaut32

VarBoolFromI4
SafeArrayGetElemsize

winspool.drv

WaitForPrinterChange
SetPrinterW

esent

JetTerm2

comctl32

ImageList_LoadImageA
ImageList_SetIconSize

shell32

DragQueryFileA
SHCreateDirectoryExW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d91aa11218db699e18a612c82b368740

Headers

DLL Characteristics

File Characteristics

Imports

user32

wintrust

crypt32

ole32

winscard

imm32

advapi32

gdi32

setupapi

iphlpapi

shlwapi

msvcrt

winmm

kernel32

ws2_32

oleaut32

winspool.drv

esent

comctl32

shell32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 64KB - Virtual size: 66KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 64KB - Virtual size: 66KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 26KB