e53cc7477c21f57aa91adb839da501088cf8a09eb1c93e6be6a5d0ff0e103e43

Sharing

Copy URL Twitter E-mail

General

Target

e53cc7477c21f57aa91adb839da501088cf8a09eb1c93e6be6a5d0ff0e103e43
Size

198KB
MD5

2c60062a1c33b37702f033b405e56c6b
SHA1

96632bf391dff2c10906925d312447b3a7b48b22
SHA256

e53cc7477c21f57aa91adb839da501088cf8a09eb1c93e6be6a5d0ff0e103e43
SHA512

2a82f910fd0283809c08d2c76c974e4134934425a1f558673d7104826b21938f82cfbd4ad9c97a008adecfc032eeed185cf0caf720646da29724d955b9c0f780
SSDEEP

6144:GbMubAlaMf+QJvoK3SBV+UdvrEFp7hKH7Wznx:GblbAJ+Q+KiBjvrEH7gWznx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e53cc7477c21f57aa91adb839da501088cf8a09eb1c93e6be6a5d0ff0e103e43

Files

e53cc7477c21f57aa91adb839da501088cf8a09eb1c93e6be6a5d0ff0e103e43
.dll windows x86

22d854c753b91ff832cc76d8016fa7ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileW
FindNextFileW
FindClose
LoadLibraryW
CreateProcessW
WaitForMultipleObjects
VirtualProtect
ExitProcess
OpenProcess
GetCurrentProcessId
CreateThread
OpenEventW
DuplicateHandle
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetDllDirectoryW
GetLocalTime
CopyFileW
GetModuleHandleExW
InitializeCriticalSectionEx
GetModuleFileNameW
MultiByteToWideChar
CreateHardLinkTransactedW
DeleteFileTransactedW
MoveFileExW
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
AreFileApisANSI
VirtualFree
InitializeSListHead
GetTickCount64
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
CreateDirectoryW
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetTickCount
GetCurrentProcess
LocalFree
GetProcessHeap
HeapSize
HeapDestroy
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
IsWow64Process
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
InitOnceExecuteOnce
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
CloseHandle
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
FindFirstFileW
WriteFile
VirtualAlloc
ReadFile
GetFileSize
InterlockedFlushSList
GlobalMemoryStatusEx
UnmapViewOfFile
CreateFileW
VirtualQuery

user32

TranslateMessage
DispatchMessageW
PostThreadMessageW
GetMessageW

advapi32

OpenProcessToken
InitializeSid
RegGetValueW
RegDeleteValueW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegUnLoadKeyW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetSidLengthRequired
GetTokenInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
ConvertSidToStringSidW
CopySid
GetSidSubAuthority

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ord680

ole32

CoCreateInstance
CoGetMalloc
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

shlwapi

PathSkipRootW
StrStrW
PathFindExtensionW
StrCmpW
StrCpyW
PathIsDirectoryEmptyW
PathFindFileNameW
ord437
StrStrIA
SHCreateStreamOnFileW
StrCatW
StrChrW
StrCmpNW
StrStrA
StrCmpIW
StrRChrW
StrCmpNIW
StrStrIW

ntdll

ZwQueryDirectoryFile
RtlImageNtHeader
NtClose
RtlAdjustPrivilege
RtlGetLastNtStatus
NtQueryInformationFile
NtCreateFile
NtOpenFile
NtReadFile
RtlNtStatusToDosError
NtSetInformationFile
NtQueryInformationProcess
RtlFreeUnicodeString
NtWriteFile
NtDeleteKey
RtlDosPathNameToNtPathName_U

cfgmgr32

CM_Locate_DevNodeW
CM_Reenumerate_DevNode

setupapi

SetupDiGetClassDescriptionW
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupUninstallOEMInfW

version

VerQueryValueW

msvcrt

swscanf
sscanf
_vscwprintf
vswprintf_s
realloc
?terminate@@YAXXZ
__CppXcptFilter
_msize
__CxxFrameHandler3
__DestructExceptionObject
memset
??3@YAXPAX@Z
memcpy
_errno
memmove
wcslen
wcsnlen
free
malloc
??2@YAPAXI@Z
memcmp
_wcsicmp
strlen
wcstoul
wcscpy
wcsrchr
calloc
??0exception@@QAE@ABV0@@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
wcscmp
_purecall
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_initterm
_initterm_e
_amsg_exit
_except_handler4_common
__getmainargs
bsearch
_invalid_parameter

Exports

Exports

CbsCreateTempDirectory2
CreateCbsHostHelper
DismGetScratchDir
DismWriteLog
GetConfig
RunCbsHostW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22d854c753b91ff832cc76d8016fa7ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ntdll

cfgmgr32

setupapi

version

msvcrt

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 5KB - Virtual size: 4KB