d37779e16a92da7bd05eae50c64b36e2e2022eb441382be686fda4dbd1800e90

Sharing

Copy URL

Twitter E-mail

General

Target

d37779e16a92da7bd05eae50c64b36e2e2022eb441382be686fda4dbd1800e90
Size

538KB
MD5

524665cc265015fcc38888f65e756f56
SHA1

f17590f677f27ad46f1545de2be7c1ad133fe669
SHA256

d37779e16a92da7bd05eae50c64b36e2e2022eb441382be686fda4dbd1800e90
SHA512

fe0dc1fae3ff90cf06ee803e41978b7f1a411ff55a1cce06f6e6b25959a3d5405613100954133aebdd06d01c75027d910e71abe2fd9aa560fd1bd1b3db9e9cfa
SSDEEP

12288:nWjOc6h5CDNT940FEPxTbS0qznfemAyAaJP36sFrkx5p7LZh:kcQDNTJFEPZBqznmmAyAah36sFgx5pZh

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/WindowsCodecs.dll
unpack001/war .EXE

Files

d37779e16a92da7bd05eae50c64b36e2e2022eb441382be686fda4dbd1800e90
.zip
WindowsCodecs.dll
.dll windows:6 windows x64 arch:x64

e7f3de42c47ba0ee82ce3413611d03c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vcruntime140

memcpy
__std_type_info_destroy_list
__C_specific_handler
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
system

kernel32

GetCurrentThreadId
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
RtlVirtualUnwind
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
calc.cmd
war
.zip
war.docx
.docx office2007
war .EXE
.exe windows:6 windows x64 arch:x64

ca7337bd1dfa93fd45ff30b369488a37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellAboutW
ord165
ShellExecuteExW

shlwapi

ord225

gdiplus

GdipCloneImage
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipCloneBitmapAreaI
GdipSetPageUnit
GdipFillRectangleI
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDrawArcI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDeleteGraphics
GdipDrawLineI
GdipGetImageGraphicsContext

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegGetValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
EventUnregister
EventRegister
RegCloseKey
RegCreateKeyExW
EventWrite

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString
VariantInit

uxtheme

IsThemeActive

ole32

CoUninitialize
CoInitialize
CoCreateInstance

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
ord413
CreatePropertySheetPageW
PropertySheetW
ord380
ord410
ord392

ntdll

WinSqmAddToStreamEx
RtlInitUnicodeString
WinSqmAddToStream
WinSqmIncrementDWORD
NtQueryLicenseValue

kernel32

lstrlenA
GetStartupInfoW
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
WideCharToMultiByte
GetVersionExA
DeleteCriticalSection
GetCurrentProcessId
LeaveCriticalSection
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetSystemTime
WaitForSingleObject
CreateEventW
CreateThread
ResetEvent
SetEvent
CloseHandle
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcmpW
MulDiv
GlobalFindAtomW
GetLastError
MultiByteToWideChar
GetLocalTime
GetDateFormatW
GetLocaleInfoW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
LoadLibraryW
GetProcAddress
GetLocaleInfoEx
FreeLibrary
LoadLibraryExA
DelayLoadFailureHook
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
Wow64DisableWow64FsRedirection
GetVersionExW
Wow64RevertWow64FsRedirection
GetFileAttributesW
GetModuleFileNameW
FreeLibraryAndExitThread
IsWow64Process
LocalFree
LocalAlloc
LocalReAlloc
GetProfileStringW
lstrlenW
CompareStringW
RegisterApplicationRecoveryCallback
ApplicationRecoveryInProgress
Sleep
ApplicationRecoveryFinished
RegisterApplicationRestart
GetTempFileNameW
SystemTimeToFileTime
CompareFileTime
FileTimeToSystemTime
CreateFileW
DeleteFileW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
EnterCriticalSection
InitializeCriticalSection

user32

SetWindowLongW
SetWindowLongPtrW
GetWindowLongPtrW
EnableWindow
GetWindowTextLengthW
GetWindowTextW
PostMessageW
IsWindowEnabled
CharNextA
IsClipboardFormatAvailable
GetMenuState
GetFocus
OpenClipboard
GetClipboardData
InvalidateRect
CloseClipboard
EmptyClipboard
SetClipboardData
PostQuitMessage
DefWindowProcW
LoadAcceleratorsW
InsertMenuItemW
RegisterClassExW
SetWindowPlacement
SetForegroundWindow
GetMessageW
TranslateAcceleratorW
GetMessageExtraInfo
TranslateMessage
DispatchMessageW
GetKeyState
IsDialogMessageW
GetClassNameW
GetDC
ReleaseDC
GetSystemMetrics
GetWindowLongW
DrawTextW
EnumChildWindows
SetPropW
SystemParametersInfoW
GetWindowPlacement
UpdateWindow
SendDlgItemMessageW
IsDlgButtonChecked
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetClassLongW
GetNextDlgTabItem
MonitorFromWindow
GetMonitorInfoW
OffsetRect
EqualRect
MonitorFromRect
GetClassWord
EnumDesktopWindows
EnumDisplayMonitors
IntersectRect
CopyRect
CreateDialogParamW
GetProcessDefaultLayout
CreatePopupMenu
TrackPopupMenu
GetAncestor
FindWindowW
DialogBoxParamW
CheckMenuItem
GetSysColor
SetClassLongPtrW
GetClassLongPtrW
EndDialog
SetWindowPos
GetDlgItem
GetWindowRect
SendMessageW
MessageBeep
LoadCursorW
SetCursor
DrawMenuBar
SetMenuItemInfoW
AppendMenuW
LoadStringW
GetSubMenu
RemoveMenu
CheckMenuRadioItem
SetFocus
MapWindowPoints
EnableMenuItem
GetParent
GetMenu
GetClientRect
LoadImageW
UnregisterClassA
FillRect
SetWindowTextW
ShowWindow
CreateWindowExW
CheckRadioButton
DestroyWindow

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

gdi32

CreatePatternBrush
DeleteObject
SetBkMode
SelectObject
GetTextExtentPointW
DeleteDC
GetRgnBox
CreateSolidBrush
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
ExtCreatePen
MoveToEx
LineTo
CreateCompatibleBitmap
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
EqualRgn
CreateDIBSection
CreateFontIndirectW
CreateCompatibleDC
GetDeviceCaps
SetTextColor
GetStockObject
SetBkColor

msvcrt

_wcsdup
_i64tow_s
_wtoi64
sprintf_s
_strtoi64
_strtoui64
memchr
strcspn
wcsrchr
wcstoul
isalpha
time
difftime
memmove
memset
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
_callnewh
__CxxFrameHandler3
setlocale
__pctype_func
___lc_codepage_func
___lc_handle_func
localeconv
_errno
___mb_cur_max_func
__mb_cur_max
__crtGetStringTypeW
__crtLCMapStringW
__uncaught_exception
tolower
isspace
abort
isalnum
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
iswalpha
iswdigit
_wcslwr_s
_wcsnicmp
wcsncmp
_itow_s
calloc
wcschr
_wcsicmp
_itoa
_wtoi
_vsnwprintf
wcscat_s
wcscpy_s
wcstol
mbstowcs_s
exit
isdigit
isxdigit
toupper
_purecall
malloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
free
memcpy
_wcsrev

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
war.docx
.docx office2007

Sharing

General

Malware Config

Signatures

Files

e7f3de42c47ba0ee82ce3413611d03c5

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 432B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 44B

ca7337bd1dfa93fd45ff30b369488a37

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

gdiplus

advapi32

oleaut32

uxtheme

ole32

comctl32

ntdll

kernel32

user32

rpcrt4

winmm

version

gdi32

msvcrt

Sections

.text Size: 387KB - Virtual size: 387KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 19KB - Virtual size: 19KB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 394KB - Virtual size: 393KB

.reloc Size: 1024B - Virtual size: 892B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 432B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 44B

.text
Size: 387KB - Virtual size: 387KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 19KB - Virtual size: 19KB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 394KB - Virtual size: 393KB

.reloc
Size: 1024B - Virtual size: 892B