3d19f3d9381047576c14036b3278e8c4

Sharing

Copy URL Twitter E-mail

General

Target

3d19f3d9381047576c14036b3278e8c4
Size

418KB
MD5

3d19f3d9381047576c14036b3278e8c4
SHA1

9415c2f44aa042c45106b2e1fa6dc1d56a989fda
SHA256

dd5e4c7d5a19f6f99be9f2b005ccfce2812d843dd1ffb6aa7487a1b30f5b53dd
SHA512

eef675ab26280ed825a08bda5e3283fc30fafdedb00530305334d9e2cb891ad0d61a083247fd9c2685c902198c01bca4ec1e5e0b486c5b95b177dac6d87b4ebf
SSDEEP

6144:TDo5unMX1eckE5b9rUIYT1yGOUEms767RoWVE4UZMpRKZ/:TDo59ecky9QIYTUTGsmlbeX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d19f3d9381047576c14036b3278e8c4

Files

3d19f3d9381047576c14036b3278e8c4
.dll windows:5 windows x86 arch:x86

6dc2ae0411360caf6938333d400863ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

toupper
isalpha
wcstoul
wcscpy
_ultow
wcslen
iswctype
wcspbrk
_ftol
_vsnwprintf
ceil
wcsncpy
_vsnprintf
_wcsicmp
strchr
_snwprintf
wcsncmp
_wtoi
wcsstr
wcscat
??3@YAXPAX@Z
__CxxFrameHandler
tolower
_except_handler3
_wcsnicmp
??2@YAPAXI@Z

ntdll

RtlFreeUnicodeString
RtlInitUnicodeString
RtlCopySid
NtQueryInformationToken
RtlConvertSidToUnicodeString
RtlAdjustPrivilege
RtlGetNtProductType
NtQuerySystemInformation
NtCreatePagingFile
RtlGetSetBootStatusData
RtlLockBootStatusData
RtlUnlockBootStatusData
NtSetSystemInformation
NtClose
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlLengthSid

user32

GetDlgItemTextW
SetWindowLongW
SetDlgItemTextW
GetFocus
SetFocus
EnableWindow
wsprintfW
GetWindowLongW
WinHelpW
DialogBoxParamW
SendDlgItemMessageW
DestroyIcon
EndDialog
GetSystemMetrics
ShowCursor
LoadCursorW
SetCursor
GetDlgItem
GetDC
ReleaseDC
wvsprintfW
SendMessageW
MessageBoxW
RegisterWindowMessageW
LoadStringW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
PostMessageW
GetParent
GetDlgItemInt
SetDlgItemInt
CharUpperW
MapDialogRect
SendMessageTimeoutW
GetClientRect
MessageBeep
IsWindowEnabled
SetWindowTextW
GetKeyboardType
SendMessageA
CharLowerW
SetTimer
SetWindowPos
MapWindowPoints
GetWindowRect
ShowWindow
LoadImageW
RegisterClipboardFormatW
ScreenToClient
GetWindowTextLengthW
LoadIconW
GetMessagePos

gdi32

GetDeviceCaps
SelectObject
DeleteObject
CreateFontIndirectW
GetTextExtentPointW
GetObjectW

ole32

CoInitialize
CoCreateInstance
ReleaseStgMedium
CoInitializeSecurity
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString

comctl32

CreatePropertySheetPageW
ord365
ord358
PropertySheetW
ord361
ord359
ord355
ord363
InitCommonControlsEx
ord362

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetTempPathW
GetTempFileNameW
CopyFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetFileAttributesExW
GlobalUnlock
SetLastError
LoadLibraryExW
GetACP
GetSystemDefaultLangID
_lopen
_llseek
_lread
_lclose
SetFileAttributesA
_lcreat
_lwrite
GetFullPathNameW
GetWindowsDirectoryW
lstrcpynW
WritePrivateProfileStringW
WideCharToMultiByte
WritePrivateProfileSectionA
GetSystemDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
GlobalLock
LoadLibraryExA
FreeLibrary
LoadLibraryW
lstrcmpW
CloseHandle
LocalFree
LocalReAlloc
LocalAlloc
GetCurrentProcess
lstrlenW
FindClose
FindNextFileW
DeleteFileW
RemoveDirectoryW
lstrcmpiW
SetFileAttributesW
GetLastError
FindFirstFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalFree
GlobalReAlloc
GlobalAlloc
lstrcpyW
CreateDirectoryW
GetVolumeInformationW
GetProcAddress
lstrcatW
FormatMessageW
LocalLock
LocalUnlock
LocalHandle
CreateMutexW
GetVersionExW
DeviceIoControl
CreateFileW
GetDriveTypeW
QueryDosDeviceW
GetDiskFreeSpaceW
GetSystemInfo
GetFileAttributesW
GlobalMemoryStatusEx
GetLogicalDrives
GetEnvironmentVariableW
ExpandEnvironmentStringsW
lstrlenA
lstrcatA
MultiByteToWideChar

advapi32

OpenProcessToken
RegSaveKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegUnLoadKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
RegCloseKey
RegSetKeySecurity
RegCreateKeyW
RegOpenKeyW
RegEnumKeyW
RegGetKeySecurity
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
CopySid
LookupAccountSidW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigW
StartServiceW
GetUserNameW
RegFlushKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ord195
ShellExecuteExW
ord680
ExtractIconW
ord100
ord258
ord168
ord167
ord730
ord169
ord259

shlwapi

StrCmpIW
StrFormatByteSizeW
PathFileExistsW
ord16
StrCatBuffW
SHRegGetUSValueW
SHRegSetUSValueW
ord437
StrToIntExW
AssocQueryStringW
SHGetValueW
wnsprintfW
StrCpyNW
SHRegGetBoolUSValueW

userenv

ord124
DeleteProfileW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

imm32

ImmAssociateContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comdlg32

GetOpenFileNameW

usp10

ScriptIsComplex

imagehlp

UnMapAndLoad
MapAndLoad

setupapi

pSetupDoesUserHavePrivilege
pSetupIsUserAdmin

Exports

Exports

CPlApplet
EnableExecuteProtectionSupportW
ModifyExecuteProtectionSupportW
NoExecuteAddFileOptOutList
NoExecuteAddFileOptOutListW
NoExecuteProcessExceptionW
NoExecuteRemoveFileOptOutList
NoExecuteRemoveFileOptOutListW

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dc2ae0411360caf6938333d400863ea

Headers

File Characteristics

Imports

msvcrt

ntdll

user32

gdi32

ole32

oleaut32

comctl32

kernel32

advapi32

shell32

shlwapi

userenv

rpcrt4

imm32

version

comdlg32

usp10

imagehlp

setupapi

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 113KB

.data Size: 5KB - Virtual size: 27KB

.rsrc Size: 289KB - Virtual size: 289KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 114KB - Virtual size: 113KB

.data
Size: 5KB - Virtual size: 27KB

.rsrc
Size: 289KB - Virtual size: 289KB

.reloc
Size: 8KB - Virtual size: 7KB