04012024_0940_CCleaner_pkb[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

04012024_0940_CCleaner_pkb.zip
Size

427KB
MD5

fec6caaffae1a95d9020062fec45ac7f
SHA1

3a303bec58c785f618164de13c1a5e9ff1eedb8e
SHA256

de7cf70d180813833469112c75dbe1b8d40f530395bb35b064a24bfdaf47e2ca
SHA512

031cde80b1126a69463773e50f8e7376a3c49618b329ead52a1682442a2a68556008fa24c0e7c765dad17986d62c0a5ac34099c01c11a82935332dce9783837d
SSDEEP

12288:w1aUM7pXy3Kda2CGV1nqgjBmr8ocsSLmgxrl:wi5yMDJV1qqQr8ojU9l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CCleaner_pkb.dll

Files

04012024_0940_CCleaner_pkb.zip
.zip

Password: infected
CCleaner_pkb.dll
.dll windows:6 windows x86 arch:x86

Password: infected

fc3b03af2d7d656c3fddb72d63bf5182

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadImageW
GetRawInputDeviceList
GetAncestor
IsIconic
SetCursorPos
ChildWindowFromPoint
ReleaseDC
GetCursorPos
GetGUIThreadInfo
BeginPaint
GetNextDlgTabItem
EndPaint
SendInput
EnableWindow
InvalidateRect
SetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
GetWindowTextLengthW
SetScrollInfo
GetMessageW
CreateDialogParamW
RegisterClipboardFormatW
DeferWindowPos
DefWindowProcW
GetSystemMenu
AdjustWindowRectEx
GetKeyState
GetMessageA
GetMessageExtraInfo
ShowScrollBar
CharLowerW
GetMessagePos
OpenIcon
AllowSetForegroundWindow
CallWindowProcW
PostMessageW
MapVirtualKeyW
MonitorFromPoint
GetWindow
DispatchMessageA
FindWindowExW
LoadCursorFromFileA
GetWindowRect
GetMenuItemID
GetMenu
SendMessageTimeoutW
GetFocus
DestroyWindow
InflateRect
GetDC
SetWindowPos
MessageBoxW
GetPropW
MonitorFromWindow
SetActiveWindow
EnumDisplayMonitors
FillRect
CreateWindowExW
GetIconInfo
DeleteMenu
ScreenToClient
SendMessageW
CallNextHookEx
WaitForInputIdle
EndDialog
RemovePropW
GetSystemMetrics
UnregisterClassW
SetWindowTextW
MessageBeep
CreatePopupMenu
NotifyWinEvent
GetScrollInfo
GetShellWindow
WaitMessage
MsgWaitForMultipleObjects
RegisterClassExW
WindowFromPoint
GetScrollPos
GetWindowPlacement
DrawIcon
DestroyCursor
TrackPopupMenu
LoadStringW
SetCaretPos
GetActiveWindow
ShowWindow
GetClassInfoW
SetClassLongW
InvalidateRgn
BeginDeferWindowPos
GetAsyncKeyState
OpenClipboard
OffsetRect
GetRawInputDeviceInfoW
GetCapture
DispatchMessageW
SetTimer
RedrawWindow
IsDialogMessageW
DestroyIcon
IsHungAppWindow
GetScrollRange
GetWindowInfo
GetMonitorInfoW
CopyRect
CreateIconIndirect
GetDlgCtrlID
ClientToScreen
CloseClipboard
DestroyAcceleratorTable
EmptyClipboard
ExitWindowsEx
QueryDisplayConfig
PeekMessageW
IsChild
CreateCaret
SetDlgItemTextW
RegisterClassW
MapWindowPoints
CallMsgFilterW
CountClipboardFormats
DrawStateW
TrackMouseEvent
FrameRect
GetQueueStatus
GetKeyboardLayout
SetMenuDefaultItem
GetWindowTextW
GetDlgItemTextW
SendDlgItemMessageW
MessageBoxA
GetSysColor
GetForegroundWindow
DialogBoxIndirectParamW
MoveWindow
EnumClipboardFormats
IsDlgButtonChecked
UnhookWindowsHookEx
EnumWindows
WinHelpW
CreateAcceleratorTableW
LoadBitmapW
DestroyMenu
DrawTextExW
IsRectEmpty
LockWindowUpdate
SetLayeredWindowAttributes
SetFocus
CharNextW
BringWindowToTop
SetPropW
GetUpdateRect
TranslateMessage
GetClipboardData
GetDisplayConfigBufferSizes
LoadIconW
SetWindowContextHelpId
DrawFocusRect
ScrollWindowEx
FindWindowW
RemoveClipboardFormatListener
EnumDisplayDevicesW
LoadCursorW
DestroyCaret
GetClassNameW
GetClipboardSequenceNumber
SetParent
SetCapture
GetWindowDC
AnimateWindow
EndDeferWindowPos
EnumThreadWindows
SetWindowsHookExW
InsertMenuW
SetClipboardData
SetCursor
GetUserObjectInformationW
wsprintfW
SetRectEmpty
EnableScrollBar
GetDlgItemInt
SetScrollRange
MapDialogRect
SetWindowLongW
SystemParametersInfoA
GetComboBoxInfo
GetClientRect
IsZoomed
GetDlgItem
AppendMenuW
AddClipboardFormatListener
GetClassLongW
IsClipboardFormatAvailable
UpdateLayeredWindow
DrawTextW
PostThreadMessageW
SetRect
DrawIconEx
KillTimer
CheckDlgButton
PostQuitMessage
GetDesktopWindow
EnumDisplaySettingsW
GetSysColorBrush
GetNextDlgGroupItem
SetScrollPos
CreateDialogIndirectParamW
EnableMenuItem
DrawEdge
SystemParametersInfoW
SetWinEventHook
CharLowerA
GetClassInfoExW
GetProcessWindowStation
RegisterWindowMessageW
DialogBoxParamW
PtInRect
UpdateWindow
DrawFrameControl
ReleaseCapture

rpcrt4

RpcServerUseProtseqEpW
RpcIfInqId
RpcObjectSetType
UuidFromStringW
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
I_RpcBindingInqLocalClientPID
RpcBindingToStringBindingW
UuidToStringW
RpcBindingFromStringBindingW
RpcServerUnregisterIf
RpcStringBindingComposeW
RpcServerRegisterIf2
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcStringFreeW
UuidCreate
RpcEpRegisterW
RpcEpUnregister
RpcBindingFree
UuidFromStringA
RpcRevertToSelf
RpcImpersonateClient
RpcAsyncCancelCall
RpcStringBindingParseW
RpcMgmtEpEltInqNextW

ws2_32

getsockopt
recv
WSACleanup
__WSAFDIsSet
htons
bind
closesocket
gethostbyname
select
htonl
sendto
ioctlsocket
setsockopt
WSAGetLastError
accept
ntohl
shutdown
listen
WSASetLastError
WSAStartup
getpeername
getsockname
send
socket
ntohs
connect
inet_ntoa
recvfrom
gethostname
getservbyname

advapi32

CryptAcquireContextA
GetSidIdentifierAuthority
CryptReleaseContext
LookupAccountNameW
RegEnumKeyExA
RegQueryValueExW
CryptGetProvParam
ReportEventW
RegisterEventSourceW
RegEnumValueW
QueryServiceStatusEx
LookupAccountSidW
OpenThreadToken
DuplicateTokenEx
GetUserNameW
CryptGetHashParam
GetLengthSid
OpenServiceW
CryptSignHashW
MapGenericMask
QueryServiceConfig2W
RegDeleteValueW
ChangeServiceConfigW
QueryServiceConfigW
DuplicateToken
CreateProcessAsUserW
RegGetValueW
RegOpenKeyExW
InitializeAcl
RegOpenKeyExA
InitializeSecurityDescriptor
CheckTokenMembership
RegLoadKeyW
RegUnLoadKeyW
GetFileSecurityW
EnumServicesStatusExW
OpenEventLogW
StartServiceW
SetThreadToken
FreeSid
OpenProcessToken
CryptDestroyHash
AddAce
RegSetValueExW
IsValidSid
RegDeleteTreeW
EnumDependentServicesW
CryptSetHashParam
CryptHashData
ImpersonateSelf
CryptCreateHash
RegEnumKeyExW
GetSecurityDescriptorOwner
CryptExportKey
ControlService
DeleteService
CopySid
GetSecurityDescriptorControl
CloseEventLog
RegCreateKeyExW
CryptDecrypt
LookupPrivilegeNameW
ChangeServiceConfig2W
GetSidSubAuthority
GetSecurityDescriptorGroup
AllocateAndInitializeSid
RegDeleteKeyW
GetSidSubAuthorityCount
OpenSCManagerW
CryptGenRandom
ClearEventLogW
RegQueryValueExA
CloseServiceHandle
EqualSid
QueryServiceStatus
CryptEnumProvidersW
AccessCheck
RegQueryInfoKeyW
CryptAcquireContextW
CryptDestroyKey
LookupPrivilegeValueW
DeregisterEventSource
CryptGetUserKey
RegQueryMultipleValuesW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetTokenInformation
RevertToSelf
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
CreateServiceW
RegCloseKey
RegDeleteKeyExW
RegEnumKeyW

kernel32

SetFilePointerEx
GlobalLock
GetProcAddress
WriteConsoleW
GetWindowsDirectoryW
SetCurrentDirectoryW
SubmitThreadpoolWork
ReadDirectoryChangesW
GetThreadContext
UnlockFile
LocalSize
HeapDestroy
AddVectoredExceptionHandler
DecodePointer
UnregisterWaitEx
SwitchToThread
HeapCompact
GetOverlappedResult
SetStdHandle
FillConsoleOutputAttribute
GetCurrentDirectoryW
GetLocalTime
QueueUserAPC
FileTimeToLocalFileTime
GetCurrencyFormatW
WriteConsoleInputW
HeapAlloc
FindResourceW
LoadResource
GetWindowsDirectoryA
ResetEvent
FindResourceExW
CreateThread
CancelIoEx
LoadLibraryW
ReadFileEx
GetSystemInfo
RaiseException
GetNumberFormatW
CompareStringEx
GetNativeSystemInfo
ReleaseSRWLockShared
CloseHandle
HeapReAlloc
GlobalFree
DeleteFileW
GlobalAlloc
DeleteFileA
GetThreadPriority
QueryPerformanceFrequency
LockResource
GetVersionExA
TlsAlloc
WaitForSingleObjectEx
ReadConsoleW
LoadLibraryA
TerminateThread
GetSystemDirectoryA
AcquireSRWLockExclusive
InitOnceComplete
GetCurrentThread
GetDiskFreeSpaceExW
GetNamedPipeHandleStateW
FileTimeToSystemTime
SetEvent
GetUserDefaultLCID
CreateFileA
GlobalSize
FlushViewOfFile
ReadConsoleInputW
FillConsoleOutputCharacterW
MoveFileExA
OutputDebugStringW
SetFileInformationByHandle
GetBinaryTypeA
ReleaseSRWLockExclusive
GetFileAttributesExW
SetConsoleCursorInfo
TzSpecificLocalTimeToSystemTime
GetFileAttributesA
UpdateProcThreadAttribute
GetLastError
LCMapStringEx
CompareStringA
GetTickCount64
GetDiskFreeSpaceA
GetTimeZoneInformation
FormatMessageW
GetTempPathA
GetFileInformationByHandle
GetConsoleMode
Sleep
GetPrivateProfileStringW
ProcessIdToSessionId
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetLogicalDriveStringsW
IsValidCodePage
SetFileAttributesW
QueueUserWorkItem
GetVolumeNameForVolumeMountPointW
GetCommandLineA
PostQueuedCompletionStatus
GetVersion
HeapSize
OpenProcess
CreateFileMappingA
LocalFree
GetTimeFormatW
MoveFileExW
GetThreadId
LockFileEx
AcquireSRWLockShared
IsProcessorFeaturePresent
WTSGetActiveConsoleSessionId
GetFileSize
DeleteCriticalSection
ExitProcess
VerSetConditionMask
LCMapStringW
ReadProcessMemory
GetComputerNameW
FindVolumeClose
GetCurrentProcessId
UnhandledExceptionFilter
EnumSystemLocalesW
GetProcessHeap
SystemTimeToFileTime
GetNumberOfConsoleInputEvents
GlobalMemoryStatusEx
CreateProcessW
IsValidLocale
GetModuleHandleW
FreeLibrary
CreateSemaphoreW
TransactNamedPipe
CopyFileW
FlushInstructionCache
WideCharToMultiByte
GetVolumePathNamesForVolumeNameW
lstrcpyW
SleepEx
SleepConditionVariableSRW
VerifyVersionInfoW
TlsGetValue
GetThreadTimes
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
GetTempFileNameW
GetSystemTimeAsFileTime
GetFileType
TerminateJobObject
TlsFree
GetComputerNameExA
GetSystemTime
FormatMessageA
DebugBreak
SetProcessWorkingSetSize
GetTempFileNameA
CreateFileMappingW
BackupRead
InterlockedPushEntrySList
SetConsoleCursorPosition
MapViewOfFile
FindNextVolumeW
lstrcmpiW
BackupSeek
QueryPerformanceCounter
GetStringTypeW
GetDateFormatW
InitializeSListHead
FreeLibraryWhenCallbackReturns
CreateIoCompletionPort
GetTickCount
GetEnvironmentStringsW
WaitNamedPipeW
GlobalUnlock
SetDllDirectoryW
AllocConsole
lstrcmpW
GetProcessHandleCount
MulDiv
LocalUnlock
MoveFileW
VirtualQuery
GetProcessTimes
GetDriveTypeW
InterlockedPopEntrySList
OpenThread
LoadLibraryExW
IsDebuggerPresent
ConnectNamedPipe
VirtualQueryEx
CheckRemoteDebuggerPresent
SetUnhandledExceptionFilter
IsBadStringPtrW
FlushFileBuffers
GetExitCodeProcess
CreateThreadpoolWork
VirtualProtectEx
AreFileApisANSI
SleepConditionVariableCS
CreateDirectoryW
GetStartupInfoW
ReadFile
GetModuleFileNameA
InitializeSRWLock
SizeofResource
QueryDosDeviceW
TryEnterCriticalSection
SetConsoleCtrlHandler
RemoveVectoredExceptionHandler
GetVolumeInformationW
SetInformationJobObject
GetLogicalDrives
CancelIo
LocalLock
CloseThreadpoolWork
SetNamedPipeHandleState
GetOEMCP
GetFileInformationByHandleEx
CompareFileTime
InitOnceBeginInitialize
GlobalHandle
FindFirstFileW
GetFileSizeEx
InitOnceExecuteOnce
SetHandleInformation
HeapCreate
WritePrivateProfileStringW
FindFirstFileExW
GetBinaryTypeW
SetWaitableTimer
CompareStringW
TlsSetValue
FindFirstVolumeW
GetSystemDefaultLCID
VirtualProtect
GetConsoleScreenBufferInfo
CreateNamedPipeA
HeapFree
SetLastError
SetConsoleTextAttribute
EnterCriticalSection
VirtualFree
GetCommandLineW
GetFullPathNameW
FindNextFileW
GetLongPathNameW
GetCurrentProcess
GetConsoleOutputCP
lstrlenW
GetStdHandle
CreateWaitableTimerW
ReleaseSemaphore
GetCPInfo
WriteFile
RegisterWaitForSingleObject
GetModuleHandleExW
ExpandEnvironmentStringsW
GetSystemDefaultUILanguage
UnregisterWait
GetShortPathNameW
GetDiskFreeSpaceW
SetConsoleMode
GetConsoleCursorInfo
GetPrivateProfileIntW
OutputDebugStringA
DeviceIoControl
VirtualAlloc
AssignProcessToJobObject
TerminateProcess
RemoveDirectoryW
GetProcessAffinityMask
WakeAllConditionVariable
LoadLibraryExA
SetFileTime
GetUserDefaultLangID
GetModuleFileNameW
WakeConditionVariable
CreateNamedPipeW
GetSystemTimes
WaitForMultipleObjects
InitializeProcThreadAttributeList
SetEnvironmentVariableW
GetThreadSelectorEntry
GetLocaleInfoEx
GetProcessId
CreateJobObjectW
EncodePointer
LockFile
SetThreadPriority
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
ExpandEnvironmentStringsA
SetErrorMode
InitializeConditionVariable
SetFilePointer
GetFullPathNameA
GetQueuedCompletionStatus
GetCompressedFileSizeW
GetEnvironmentVariableW
WriteFileEx
SetEndOfFile
UnlockFileEx
PeekNamedPipe
GetTempPathW
CreateMutexW
InitializeCriticalSectionEx
GetPrivateProfileSectionW
WaitForMultipleObjectsEx
CreateHardLinkW
GetEnvironmentVariableA
FindClose
GetLocaleInfoW
GetVolumePathNameW
WaitForSingleObject
LocalAlloc
CreateFileW
GetFileAttributesW
FreeLibraryAndExitThread
GetCurrentThreadId
lstrcmpA
GetVersionExW
GetPrivateProfileSectionNamesW
QueryThreadCycleTime
ReleaseMutex
SuspendThread
ReadConsoleA
GetSystemDirectoryW
FreeEnvironmentStringsW
ResumeThread
UnmapViewOfFile
DuplicateHandle
HeapValidate
ExitThread
GetModuleHandleA
GetACP
FreeResource

gdi32

CombineRgn
SetTextAlign
GetCurrentObject
CreateFontIndirectW
CreateBitmap
SetMapMode
CreateSolidBrush
DeleteObject
RestoreDC
Ellipse
SetBkColor
MoveToEx
ExcludeClipRect
GetTextColor
GetObjectW
GetGlyphIndicesW
SelectClipRgn
SetViewportOrgEx
Rectangle
CreatePen
LineTo
SetBkMode
EndPath
SetTextColor
GetTextExtentPoint32W
TextOutW
DeleteDC
CreateRectRgn
CreatePatternBrush
ExtTextOutW
GetDeviceCaps
StrokeAndFillPath
GetDIBits
CreateRectRgnIndirect
GetClipBox
GetStockObject
CreateFontW
SetLayout
CreateDCW
StretchDIBits
EndDoc
BeginPath
GetClipRgn
StretchBlt
EnumFontFamiliesExW
PatBlt
CreateCompatibleDC
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
StartPage
SelectObject
SaveDC
PolylineTo
GetFontUnicodeRanges
CreateCompatibleBitmap
AddFontMemResourceEx
BitBlt
GetBkColor
RoundRect
StartDocW
GetObjectA
EndPage
GetTextMetricsW
UnrealizeObject

comdlg32

GetSaveFileNameW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameW

ole32

RegisterDragDrop
CoSetProxyBlanket
CoInitializeSecurity
IIDFromString
CoFreeUnusedLibraries
CoTaskMemRealloc
CLSIDFromString
OleLockRunning
CoInitializeEx
RevokeDragDrop
OleInitialize
CreateStreamOnHGlobal
DoDragDrop
CoTaskMemFree
CLSIDFromProgID
StgIsStorageFile
CoUninitialize
ReleaseStgMedium
OleUninitialize
CoCreateGuid
CoTaskMemAlloc
OleDuplicateData
PropVariantClear
CoInitialize

oleaut32

VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime
DispCallFunc
VarBstrCmp
VarBstrFromI4
VarBstrFromR8
VariantInit
LoadTypeLi
SysFreeString
SysAllocString
VarUI4FromStr

bcrypt

BCryptGenerateSymmetricKey
BCryptSecretAgreement
BCryptSetProperty
BCryptImportKeyPair
BCryptDestroySecret
BCryptDeriveKey
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGenerateKeyPair
BCryptEncrypt
BCryptDestroyKey
BCryptFinalizeKeyPair

winmm

timeEndPeriod
timeGetTime
timeSetEvent
timeBeginPeriod
timeKillEvent

urlmon

FindMimeFromData

imm32

ImmAssociateContextEx
ImmIsIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmNotifyIME

Exports

Exports

Enter
on_avast_dll_unload

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
launcher.bat

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fc3b03af2d7d656c3fddb72d63bf5182

Headers

DLL Characteristics

File Characteristics

Imports

user32

rpcrt4

ws2_32

advapi32

kernel32

gdi32

comdlg32

ole32

oleaut32

bcrypt

winmm

urlmon

imm32

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 110KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 14KB - Virtual size: 13KB

.rsrc Size: 337KB - Virtual size: 336KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 337KB - Virtual size: 336KB

.reloc
Size: 9KB - Virtual size: 9KB