74a35ac66185d6b0a0a2c0283b6361648b9f2b31924a533fd96d28b70c50261e

Sharing

Copy URL

Twitter E-mail

General

Target

74a35ac66185d6b0a0a2c0283b6361648b9f2b31924a533fd96d28b70c50261e
Size

270KB
MD5

dcc9dd9c660a9aadc3720e9a6afe19f6
SHA1

1887f79ae70f0e29bfc6a8cd93f1b47da5fc0ed0
SHA256

74a35ac66185d6b0a0a2c0283b6361648b9f2b31924a533fd96d28b70c50261e
SHA512

b215a13eae6ced2b8072719c2b12ce85df447ca09ec2ee3cfdfe335531e1f6c635f3f4c9ff09f07963785452515234b92a540e9eff80a2ce9d0af304a233a49f
SSDEEP

6144:floMxw/Keu5nEXs21deGZIX5dSa87FpyiSbDL0CzeWo25AbA:6kw/KbVEXs2iIIXN87Fpg1zeQAU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74a35ac66185d6b0a0a2c0283b6361648b9f2b31924a533fd96d28b70c50261e

Files

74a35ac66185d6b0a0a2c0283b6361648b9f2b31924a533fd96d28b70c50261e
.exe windows x86

3893ed9203276747a3ff55d3055cb949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sbiedll

_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
_SbieApi_OpenProcess@8
_SbieDll_FindArgumentEnd@4
_SbieApi_ReloadConf@8
_SbieApi_SessionLeader@8
_SbieDll_CheckPatternInList@16
_SbieDll_CheckStringInList@12
_SbieApi_EnumBoxesEx@12
_SbieDll_DisableCHPE@0
_SbieDll_GetSettingsForName_bool@16
_SbieApi_CheckInternetAccess@12
_SbieDll_QueuePutRpl@16
_SbieDll_QueueGetReq@24
_SbieDll_QueueCreate@8
_SbieDll_FreeMem@4
_SbieDll_KillOne@4
_SbieApi_QueryPathList@20
_SbieApi_GetHomePath@16
_SbieApi_QueryProcessPath@28
_SbieDll_GetStringForStringList@20
_SbieDll_InjectLow@12
_SbieDll_InjectLow_InitSyscalls@4
_SbieDll_InjectLow_InitHelper@0
_SbieDll_PortName@0
_SbieDll_FormatMessage2@12
_SbieDll_GetServiceRegistryValue@12
_SbieDll_TranslateNtToDosPath@4
_SbieDll_RunStartExe@8
_SbieApi_GetUnmountHive@4
_SbieApi_SetUserName@8
_SbieApi_QueryConfBool@12
_SbieApi_QueryConf@20
_SbieApi_EnumProcessEx@20
_SbieApi_QueryBoxPath@28
_SbieApi_QueryProcessInfo@8
_SbieApi_QueryProcessEx2@28
_SbieApi_GetMessage@24
_SbieApi_GetVersionEx@8
SbieApi_Call
_SbieDll_RunSandboxed@24
_SbieApi_IsBoxEnabled@4
_SbieDll_IsOpenClsid@12
_SbieDll_ComCreateStub@16
_SbieDll_RunFromHome@16
_SbieApi_QueryProcess@20
SbieApi_LogEx
SbieApi_Log

ntdll

NtReplyWaitReceivePort
NtRequestPort
NtCreatePort
NtUnloadKey
NtOpenKey
NtClose
NtAcceptConnectPort
RtlInitUnicodeString
RtlUnwind
NtLoadDriver
RtlCreateVirtualAccountSid
RtlSetDaclSecurityDescriptor
NtCreateFile
NtSetInformationFile
NtDuplicateObject
NtOpenProcess
NtAdjustPrivilegesToken
NtSetInformationProcess
NtOpenDirectoryObject
NtReadFile
NtCompleteConnectPort
NtImpersonateClientOfPort
RtlNtStatusToDosError
NtRequestWaitReplyPort
NtConnectPort
NtFilterToken
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtSetInformationThread
NtAllocateVirtualMemory
RtlInitializeSid
RtlSubAuthoritySid
NtSetInformationToken
NtQueryInformationProcess
RtlCreateSecurityDescriptor
NtLoadKey
NtQuerySystemInformation
NtWriteFile

kernel32

GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStringTypeW
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
EncodePointer
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
CloseHandle
GetLastError
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
Sleep
WaitForMultipleObjects
ExitProcess
CreateThread
GetCurrentThread
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
GetEnvironmentVariableW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
WriteFile
SetLastError
DeviceIoControl
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
SetThreadPriority
TerminateThread
OpenProcess
GetLocalTime
GetVersionExW
VirtualAlloc
VirtualFree
LocalAlloc
GetSystemWindowsDirectoryW
DuplicateHandle
ResetEvent
QueueUserAPC
GetCurrentThreadId
OpenThread
ProcessIdToSessionId
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
QueryInformationJobObject
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalSize
RegisterWaitForSingleObject
UnregisterWait
AllocConsole
GetConsoleWindow
GetConsoleProcessList
GetFileSizeEx
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetSystemInfo
GetFinalPathNameByHandleW
CancelIo
DefineDosDeviceW
TlsAlloc
TlsGetValue
TlsSetValue
ResumeThread
WriteProcessMemory
GetModuleFileNameW
QueueUserWorkItem
GetExitCodeProcess
DeleteFileW
GetFileAttributesW
ReadFile
SetEndOfFile
SetFileAttributesW
GetWindowsDirectoryW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
SuspendThread
CreateProcessW
ReadProcessMemory
MulDiv
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringW
FreeEnvironmentStringsW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer
TerminateProcess
WriteConsoleW

user32

GetMonitorInfoW
EndPaint
BeginPaint
ShowWindow
RegisterClassExW
PackDDElParam
GetRawInputDeviceInfoW
GetRawInputDeviceInfoA
UserHandleGrantAccess
GetWindowInfo
MonitorFromWindow
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
GetIconInfo
GetWindow
GetWindowThreadProcessId
GetClassNameW
GetClassNameA
EnumThreadWindows
EnumWindows
GetShellWindow
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnumChildWindows
GetParent
GetDesktopWindow
GetClassLongW
GetClassLongA
GetWindowLongW
GetWindowLongA
ClipCursor
MapWindowPoints
ScreenToClient
ClientToScreen
SetCursorPos
GetWindowRect
GetClientRect
GetPropW
GetPropA
SetPropW
ReleaseDC
GetDC
SetForegroundWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
EnumClipboardFormats
PostMessageW
wsprintfW
GetMessageW
DispatchMessageW
SetTimer
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CreateDesktopW
SetThreadDesktop
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
SendMessageA
GetClipboardData
GetClipboardSequenceNumber
IsZoomed
SendMessageW
SendMessageTimeoutW
SendNotifyMessageA
IsIconic
IsWindowVisible
SetWindowPos
IsWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
DestroyWindow
PostMessageA
SendNotifyMessageW

advapi32

LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
CreateProcessAsUserW
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
LsaFreeMemory
LsaManageSidNameMapping
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetTokenInformation
SetSecurityInfo
ControlService
EnumServicesStatusExW
StartServiceW
OpenEventLogW
ReportEventW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RevertToSelf
SetThreadToken
AddAccessAllowedAce
DuplicateToken
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
EnumServicesStatusW
QueryServiceConfig2W
AccessCheck
GetSecurityInfo
QueryServiceConfigW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW

ole32

CoSetProxyBlanket
CoInitializeEx
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoInitializeSecurity
CoQueryProxyBlanket
CoInitialize
CoCopyProxy
StringFromGUID2
CoTaskMemFree
CoGetObject
CoRegisterClassObject
CoRevokeClassObject
CreateStreamOnHGlobal

crypt32

CryptUnprotectData
CryptProtectData

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

TextOutW
DeleteDC
CreateCompatibleDC
SetTextColor
SetBkColor
SelectObject
GetDeviceCaps
CreateFontW
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateSolidBrush
GetDIBits

netapi32

NetUseAdd

wtsapi32

WTSQueryUserToken

rpcrt4

RpcBindingToStringBindingW
UuidFromStringW
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
RpcStringFreeW

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptDestroyKey
BCryptImportKeyPair
BCryptGetProperty
BCryptCloseAlgorithmProvider

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3893ed9203276747a3ff55d3055cb949

Headers

DLL Characteristics

File Characteristics

Imports

sbiedll

ntdll

kernel32

user32

advapi32

psapi

ole32

crypt32

userenv

gdi32

netapi32

wtsapi32

rpcrt4

bcrypt

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB