93f41ce66029b95757b69301a9388267b9b4ba2efd3ce151428531aceb1fcc62

Sharing

Copy URL Twitter E-mail

General

Target

93f41ce66029b95757b69301a9388267b9b4ba2efd3ce151428531aceb1fcc62
Size

198KB
MD5

e3c555c36c2abc926dcb55cebbc097bf
SHA1

9786e8461c390754b671ad8a9b360baa2a0f387e
SHA256

93f41ce66029b95757b69301a9388267b9b4ba2efd3ce151428531aceb1fcc62
SHA512

8823330502dcdad7fa772e02f507131633b65c2f678189cabb0d48f2d3a0da8b059bf429e7a08fcf6fbc7d40120e3403774f9dc17d1687340f70aed41020be6e
SSDEEP

6144:GbMuX3FyMf+HJvoK3SBV+UdvrEFp7hKa94I8:GblFD+H+KiBjvrEH7P+I8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93f41ce66029b95757b69301a9388267b9b4ba2efd3ce151428531aceb1fcc62

Files

93f41ce66029b95757b69301a9388267b9b4ba2efd3ce151428531aceb1fcc62
.dll windows x86

22d854c753b91ff832cc76d8016fa7ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileW
FindNextFileW
FindClose
LoadLibraryW
CreateProcessW
WaitForMultipleObjects
VirtualProtect
ExitProcess
OpenProcess
GetCurrentProcessId
CreateThread
OpenEventW
DuplicateHandle
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetDllDirectoryW
GetLocalTime
CopyFileW
GetModuleHandleExW
InitializeCriticalSectionEx
GetModuleFileNameW
MultiByteToWideChar
CreateHardLinkTransactedW
DeleteFileTransactedW
MoveFileExW
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
AreFileApisANSI
VirtualFree
InitializeSListHead
GetTickCount64
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
CreateDirectoryW
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetTickCount
GetCurrentProcess
LocalFree
GetProcessHeap
HeapSize
HeapDestroy
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
IsWow64Process
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
InitOnceExecuteOnce
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
CloseHandle
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
FindFirstFileW
WriteFile
VirtualAlloc
ReadFile
GetFileSize
InterlockedFlushSList
GlobalMemoryStatusEx
UnmapViewOfFile
CreateFileW
VirtualQuery

user32

TranslateMessage
DispatchMessageW
PostThreadMessageW
GetMessageW

advapi32

OpenProcessToken
InitializeSid
RegGetValueW
RegDeleteValueW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegUnLoadKeyW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetSidLengthRequired
GetTokenInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
ConvertSidToStringSidW
CopySid
GetSidSubAuthority

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ord680

ole32

CoCreateInstance
CoGetMalloc
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

shlwapi

PathSkipRootW
StrStrW
PathFindExtensionW
StrCmpW
StrCpyW
PathIsDirectoryEmptyW
PathFindFileNameW
ord437
StrStrIA
SHCreateStreamOnFileW
StrCatW
StrChrW
StrCmpNW
StrStrA
StrCmpIW
StrRChrW
StrCmpNIW
StrStrIW

ntdll

ZwQueryDirectoryFile
RtlImageNtHeader
NtClose
RtlAdjustPrivilege
RtlGetLastNtStatus
NtQueryInformationFile
NtCreateFile
NtOpenFile
NtReadFile
RtlNtStatusToDosError
NtSetInformationFile
NtQueryInformationProcess
RtlFreeUnicodeString
NtWriteFile
NtDeleteKey
RtlDosPathNameToNtPathName_U

cfgmgr32

CM_Locate_DevNodeW
CM_Reenumerate_DevNode

setupapi

SetupDiGetClassDescriptionW
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupUninstallOEMInfW

version

VerQueryValueW

msvcrt

swscanf
sscanf
_vscwprintf
vswprintf_s
realloc
?terminate@@YAXXZ
__CppXcptFilter
_msize
__CxxFrameHandler3
__DestructExceptionObject
memset
??3@YAXPAX@Z
memcpy
_errno
memmove
wcslen
wcsnlen
free
malloc
??2@YAPAXI@Z
memcmp
_wcsicmp
strlen
wcstoul
wcscpy
wcsrchr
calloc
??0exception@@QAE@ABV0@@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
wcscmp
_purecall
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_initterm
_initterm_e
_amsg_exit
_except_handler4_common
__getmainargs
bsearch
_invalid_parameter

Exports

Exports

CbsCreateTempDirectory2
CreateCbsHostHelper
DismGetScratchDir
DismWriteLog
GetConfig
RunCbsHostW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22d854c753b91ff832cc76d8016fa7ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ntdll

cfgmgr32

setupapi

version

msvcrt

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 5KB - Virtual size: 4KB