blister | colorui[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

colorui.dll
Size

879KB
MD5

a91ba8f4a339a98fa94e810831e83d96
SHA1

871e52778597185f98eb0a57127024bcd094cf07
SHA256

0a7778cf6f9a1bd894e89f282f2e40f9d6c9cd4b72be97328e681fe32a1b1a00
SHA512

ac6fb57225f0765f40ee298e12d430d45e5d9b59f16742cb4c32f56b5663c244dad47d7c80a1919e09f4f9edc3ad0ac4645ee6aff9925c5d860651593f0b1a3e
SSDEEP

24576:AoqhXglZsUW76pC+BUZP5IVjt8Ib09JAIX:AoqXgl+R+BUZP5IXb0v

Score

10^/10

loader blister

Malware Config

Signatures

Blister family
blister

Detect Blister loader x32 1 IoCs

loader

resource	yara_rule
sample	family_blister_x32

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
colorui.dll

Files

colorui.dll
.dll regsvr32 windows x86

819bafeed839d2c395e6015fe119e65b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
memcpy_s
wcsncpy_s
??_U@YAPAXI@Z
memset
??3@YAXPAX@Z
_wcsicmp
_vsnwprintf
_ltow_s
??2@YAPAXI@Z
??_V@YAXPAX@Z
_purecall
malloc
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
LocalFree
CloseHandle
ReleaseMutex
WaitForSingleObject
GetLastError
CreateMutexW
GetCommandLineW
lstrlenW
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetModuleHandleW
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
DeactivateActCtx
FindResourceW
LoadLibraryExW
GetModuleFileNameW
SetFileAttributesW
GetFileAttributesW
lstrcmpW
GetCurrentProcessId
SetLastError
FormatMessageW
GetDateFormatW
GetCurrentProcess
GetVersionExA
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
CreateActCtxW
ReleaseActCtx
LoadResource
ActivateActCtx
GetProcAddress

shell32

ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
ord258
SHGetDesktopFolder

winspool.drv

EnumPrintersW
OpenPrinterW
ClosePrinter

user32

TrackPopupMenuEx
RemoveMenu
GetSubMenu
GetWindowRect
EnableWindow
SendMessageW
GetMonitorInfoW
EnumDisplayMonitors
GetParent
SetWindowTextW
EnumDisplayDevicesW
SetFocus
GetSystemMetrics
PostMessageW
RegisterClipboardFormatW
EndDialog
PostQuitMessage
UnregisterClassA
CharPrevW
LoadCursorW
RegisterClassW
UpdateWindow
SetTimer
DestroyWindow
GetWindowTextW
GetClientRect
BeginPaint
EndPaint
GetDC
SetWindowRgn
ReleaseDC
DefWindowProcW
LoadMenuW
LoadIconW
GetWindowLongW
SetWindowLongW
GetDlgItem
GetWindowPlacement
SetWindowPlacement
ShowWindow
SetDlgItemTextW
ChangeWindowMessageFilterEx
OpenIcon
SetForegroundWindow
SetWindowPos
CallWindowProcW
CharNextW
RegisterWindowMessageW
FindWindowW
GetWindowThreadProcessId
AllowSetForegroundWindow
SendMessageTimeoutW
CreateWindowExW
DialogBoxParamW
LoadStringW
RedrawWindow

ole32

HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoGetObject
StringFromGUID2
ReleaseStgMedium
CoUninitialize

gdi32

PatBlt
SelectObject
GetTextExtentPointW
SetTextColor
CreateFontIndirectW
PathToRegion
StrokePath
DeleteObject
CreatePen
EndPath
TextOutW
SetBkMode
BeginPath

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
GetTokenInformation
GetFileSecurityW
OpenProcessToken
DuplicateToken
AccessCheck
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW

shlwapi

StrRetToStrW
PathFindFileNameW

mscms

InternalRefreshCalibration
InternalGetDeviceConfig
WcsGetUsePerUserProfiles
ColorCplSetUsePerUserProfiles
WcsGetDefaultColorProfile
ColorCplHasSystemWideAssociationListChanged
ColorCplResetSystemWideAssociationListChangedWarning
ColorCplMergeAssociationLists
ColorCplOverwritePerUserAssociationList
ColorCplSaveAssociationList
ColorCplGetDefaultProfileScope
ColorCplGetDefaultRenderingIntentScope
ColorCplReleaseProfileProperties
WcsGetCalibrationManagementState
GetColorDirectoryW
WcsEnumColorProfilesSize
WcsEnumColorProfiles
InstallColorProfileW
UninstallColorProfileW
InternalWcsAssociateColorProfileWithDevice
WcsDisassociateColorProfileFromDevice
WcsSetDefaultColorProfile
WcsSetDefaultRenderingIntent
InternalSetDeviceConfig
ColorCplLoadAssociationList
WcsSetCalibrationManagementState
ColorCplUninitialize
WcsGetDefaultRenderingIntent
WcsGpCanInstallOrUninstallProfiles
ColorCplGetProfileProperties
ColorCplInitialize

oleaut32

SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString

rpcrt4

IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW

ntdll

WinSqmAddToStream

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
LaunchColorCpl

Sections

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 807KB - Virtual size: 806KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

819bafeed839d2c395e6015fe119e65b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

shell32

winspool.drv

user32

ole32

gdi32

advapi32

shlwapi

mscms

oleaut32

rpcrt4

setupapi

ntdll

Exports

Exports

Sections

.orpc Size: 512B - Virtual size: 51B

.text Size: 64KB - Virtual size: 63KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 807KB - Virtual size: 806KB

.reloc Size: 6KB - Virtual size: 5KB

.orpc
Size: 512B - Virtual size: 51B

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 807KB - Virtual size: 806KB

.reloc
Size: 6KB - Virtual size: 5KB