b4eb4c123bc387d0e908bede1c2d734568358b033fbcf6bc9441bb1a95777d2b

Sharing

Copy URL Twitter E-mail

General

Target

b4eb4c123bc387d0e908bede1c2d734568358b033fbcf6bc9441bb1a95777d2b
Size

1.1MB
MD5

502b594b8d98c783d1e4b44165946e85
SHA1

13895fb551d781d3acbd7944dc6a7adec0ba3483
SHA256

b4eb4c123bc387d0e908bede1c2d734568358b033fbcf6bc9441bb1a95777d2b
SHA512

516a1f8bda672fb638e451e1a139f4842e1bb02dfff49d6f40578f265ba566fa784d6d2a4c00d0e81a5d873f45737dc908003235eca22eeef8e5164b8ecbdee5
SSDEEP

12288:U+3N218sFl2u3U/OZMHnFRoN9Diizl4ySxuXks59vb0EPgtATs7Z60UUoJJjCZjW:UwI8sFFjel6Hf4ySxCI0JT2OjN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4eb4c123bc387d0e908bede1c2d734568358b033fbcf6bc9441bb1a95777d2b

Files

b4eb4c123bc387d0e908bede1c2d734568358b033fbcf6bc9441bb1a95777d2b
.dll regsvr32 windows x64

9957b001f80966630352ac922f374d36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

utilidl

?SetToolRunning@gtswAdminInterface@@QEAAXJ@Z
?ModifyUnBlock@gtswAdminInterface@@QEAAXJPEAUISldWorks@@@Z
?ModifyBlock@gtswAdminInterface@@QEAAXJPEAUISldWorks@@@Z
?UnSkipPlayBack@gtswAdminInterface@@QEAAXJPEAUISldWorks@@@Z
?GetToolRunning@gtswAdminInterface@@QEAA_NJ@Z
?SkipPlayBack@gtswAdminInterface@@QEAAXJPEAUISldWorks@@@Z
?IsValid@gtswAdminInterface@@SAHXZ
ord3
?ReSetToolRunning@gtswAdminInterface@@QEAAXJ@Z

mfc140u

ord7637
ord13016
ord5008
ord8050
ord13301
ord5607
ord5643
ord6605
ord4511
ord8731
ord6848
ord3595
ord3950
ord364
ord5750
ord8730
ord10703
ord6260
ord6313
ord8819
ord1057
ord3746
ord2906
ord8439
ord4081
ord5672
ord3058
ord6258
ord4722
ord7785
ord8468
ord7745
ord6247
ord2903
ord2396
ord2909
ord1428
ord13597
ord962
ord2987
ord8449
ord4655
ord1111
ord6303
ord13535
ord1420
ord3270
ord3161
ord6584
ord2155
ord4946
ord12240
ord261
ord5517
ord4462
ord4459
ord4461
ord7195
ord7188
ord1056
ord4218
ord362
ord6819
ord2297
ord14156
ord3731
ord5706
ord11921
ord7920
ord11933
ord11901
ord8167
ord5915
ord1450
ord8084
ord11929
ord10124
ord12606
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord983
ord2285
ord4444
ord7715
ord6513
ord5555
ord5577
ord1360
ord14191
ord5684
ord14193
ord9052
ord12210
ord850
ord6528
ord5084
ord5567
ord7347
ord9781
ord7923
ord3805
ord2545
ord12354
ord1858
ord8605
ord10091
ord9964
ord12532
ord3282
ord10711
ord9042
ord10888
ord7541
ord5364
ord5081
ord5228
ord13288
ord12827
ord3716
ord3213
ord9943
ord5553
ord1340
ord2785
ord11705
ord5024
ord7538
ord11597
ord10146
ord10148
ord4870
ord5108
ord14204
ord12441
ord8010
ord10042
ord10041
ord10416
ord9992
ord10855
ord9687
ord9188
ord9745
ord11051
ord10900
ord10905
ord10910
ord10036
ord10863
ord10862
ord10051
ord10050
ord10049
ord9988
ord10094
ord11211
ord10017
ord9972
ord8657
ord10443
ord9989
ord9959
ord9958
ord11342
ord9730
ord8703
ord8678
ord8666
ord10254
ord10256
ord10253
ord8843
ord9823
ord11115
ord8875
ord11058
ord11026
ord3865
ord5918
ord9430
ord10930
ord3996
ord5026
ord7709
ord820
ord7075
ord2224
ord2294
ord2279
ord5578
ord7353
ord9944
ord11896
ord8943
ord14205
ord1362
ord9712
ord10187
ord10068
ord10695
ord11118
ord853
ord7094
ord2281
ord3568
ord1442
ord1492
ord324
ord1040
ord2327
ord2369
ord2372
ord2338
ord2371
ord473
ord2234
ord2336
ord2161
ord2266
ord2360
ord290
ord12443
ord4954
ord8452
ord7068
ord812
ord1864
ord12289
ord1333
ord1983
ord12321
ord4516
ord7191
ord9820
ord539
ord8202
ord1633
ord12372
ord1160
ord5916
ord2786
ord12706
ord12720
ord13568
ord14128
ord9068
ord10119
ord11594
ord11584
ord4623
ord3598
ord2196
ord2340
ord2344
ord323
ord1039
ord6505
ord12030
ord14225
ord12087
ord14278
ord3143
ord4696
ord13767
ord7551
ord6254
ord3057
ord9984
ord4079
ord8437
ord8818
ord4832
ord4847
ord4771
ord1691
ord10314
ord10237
ord8161
ord2222
ord8507
ord13864
ord4335
ord13199
ord2212
ord6285
ord446
ord3071
ord3307
ord3308
ord3951
ord10163
ord11085
ord10704
ord1089
ord11854
ord8901
ord2697
ord13397
ord6000
ord11813
ord7233
ord5240
ord8830
ord280
ord296
ord5674
ord1641
ord6320
ord2475
ord3756
ord2270
ord6250
ord357
ord4721
ord12967
ord6342
ord3096
ord6775
ord8440
ord2907
ord3748
ord14194
ord2689
ord1157
ord8822
ord4656
ord6724
ord1033
ord286
ord8900
ord7922
ord5227
ord7450
ord7461
ord7460
ord5062
ord5229
ord5083
ord5339
ord9041
ord5552
ord5363
ord5080
ord6814
ord6251
ord3056
ord4078
ord1053
ord8817
ord7928
ord990
ord4726
ord11850
ord3172
ord3278
ord7394
ord2171
ord2172
ord3279
ord3812
ord11806
ord2629
ord5723
ord13354
ord11406
ord6631
ord14217
ord7651
ord14211
ord2967
ord4352
ord9384
ord5582
ord4360
ord4828
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord4853
ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord13513
ord3173
ord7387
ord8947
ord878
ord1369
ord6619
ord8058
ord8416
ord12563
ord1670
ord1667
ord1503
ord10691
ord6729
ord1501
ord11902
ord8656
ord14209
ord4181
ord11625
ord3713
ord3718
ord1631
ord11771
ord5709
ord11415
ord11414
ord5451
ord9979
ord285
ord2921
ord6256
ord9941
ord5749
ord2269
ord2187
ord9975
ord6361
ord3803
ord4725
ord2479
ord13999
ord4086
ord8441
ord6588
ord3164
ord4095
ord1424
ord8826
ord6555
ord3144
ord3266
ord9977
ord1383
ord3599
ord8049
ord9978
ord9976
ord13021
ord14360
ord13006
ord5006
ord4187
ord3728
ord1454
ord13955
ord2698
ord7913
ord9946
ord3209
ord3212
ord13401
ord6002
ord7190

kernel32

IsDebuggerPresent
WideCharToMultiByte
OutputDebugStringW
LeaveCriticalSection
GetModuleFileNameW
LoadLibraryW
LocalAlloc
IsProcessorFeaturePresent
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
TerminateProcess
EnterCriticalSection
DeleteCriticalSection
GetLastError
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
LocalFree

user32

IsWindow
GetCursorPos
LoadMenuW
GetFocus
SetWindowPos
ScreenToClient
RedrawWindow
LoadIconW
LoadCursorW
SetCursor
RemoveMenu
GetClientRect
PtInRect
UpdateWindow
InvalidateRect
GetWindowRect
GetDC
FillRect
CopyRect
DrawFocusRect
GetSysColor
ReleaseDC
SendMessageW
GetParent
EnableWindow
GetDesktopWindow
GetSubMenu

gdi32

CreateFontIndirectW
GetTextExtentPoint32W
CreateSolidBrush
GetObjectW

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExW
RegCreateKeyExW

ole32

CLSIDFromString
CLSIDFromProgID

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
VariantInit
LoadRegTypeLi
SysStringLen
SysAllocString
SafeArrayUnlock
SafeArrayPutElement
SafeArrayGetElement
SafeArrayAccessData
VariantClear
GetActiveObject
SysFreeString
SafeArrayUnaccessData

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__current_exception_context
_CxxThrowException
__std_type_info_destroy_list
memmove
__std_terminate
memcpy
__C_specific_handler
__std_exception_destroy
__std_exception_copy
_purecall
memset
__CxxFrameHandler3
memcmp
__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wsplitpath

api-ms-win-crt-stdio-l1-1-0

fseek
fclose
__stdio_common_vfwscanf
__stdio_common_vswscanf
_wfopen
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initterm
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

wcscmp
_wcsdup

api-ms-win-crt-utility-l1-1-0

ldiv
qsort

api-ms-win-crt-convert-l1-1-0

atof
strtod
_wtoi

api-ms-win-crt-math-l1-1-0

atan2
acos
atan
pow
sqrt
ceil
sin
tan
asin
cos
log10

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetToolObject
HasAutomationObject

Sections

.text
Size: 745KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9957b001f80966630352ac922f374d36

Headers

DLL Characteristics

File Characteristics

Imports

utilidl

mfc140u

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 745KB - Virtual size: 744KB

.rdata Size: 276KB - Virtual size: 276KB

.data Size: 10KB - Virtual size: 798KB

.pdata Size: 42KB - Virtual size: 42KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 745KB - Virtual size: 744KB

.rdata
Size: 276KB - Virtual size: 276KB

.data
Size: 10KB - Virtual size: 798KB

.pdata
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 9KB - Virtual size: 9KB