xlsfreeextension[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

xlsfreeextension.exe
Size

3.0MB
MD5

9b19a66ed7422d3bfd860e169d852114
SHA1

2882d9ce80b38419443920f9335f4b95494749cd
SHA256

9fdf59de1bd31e488de0c81a62f3b6ca9472e6b537c468622e8c23874eebaf1a
SHA512

7910503b90a47da7564414d418713cb5519aeae498159fe54f6c21a0909fd60d4340335330e2c5a60059e66290a9a3f17c06bf68785b1c9dfb2280d190bf1f98
SSDEEP

49152:VQuuaxz4ihQXO9OQDApQevhIQ8+TxNhYBJzQ2bpQtLkQA2JQC0GrcVS2EpoFJj12:/uCz4ik8gyQx7YBfQY2F067iFJj1xunD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xlsfreeextension.exe

Files

xlsfreeextension.exe
.exe windows:4 windows x86 arch:x86

4f301227cb5efd290b334b34683fb9e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetLastErrorW
WNetCancelConnection2W

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcessAffinityMask
GetProcessHeap
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemInfo
GetSystemTime
GetThreadPriority
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
GetDiskFreeSpaceExW
InterlockedExchangeAdd
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
lstrcmpA
lstrcmpiW
lstrcmpW
lstrlenA
lstrlenW
MoveFileW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
RemoveDirectoryW
ResetEvent
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesW
SetFileTime
SetHandleCount
SetLastError
SetProcessAffinityMask
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SetVolumeLabelW
SizeofResource
Sleep
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQueryEx
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WriteFileEx
WritePrivateProfileStringW
ReleaseMutex
CreateMutexA
GetDateFormatW
GetDateFormatA
GetCurrentDirectoryA
GetCPInfo
GetConsoleOutputCP
GetConsoleCP
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
ExitProcess
EnumSystemLocalesA
EnumResourceLanguagesW
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreatePipe
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
ConvertDefaultLocale
CompareStringW
CompareStringA
CloseHandle
GetStartupInfoA
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetLastError
GetCommandLineW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetConsoleMode
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement

user32

TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
ValidateRect
WinHelpW
wsprintfA
wsprintfW
MessageBoxA
SetWindowPos
SetWindowLongW
SetPropW
SetMenuItemBitmaps
SetMenu
SetForegroundWindow
SetCursor
SendMessageW
RemovePropW
ReleaseDC
RegisterWindowMessageW
RegisterClassW
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
ModifyMenuW
MessageBoxW
MapWindowPoints
LoadStringW
LoadIconW
LoadCursorW
LoadBitmapW
IsWindowVisible
AdjustWindowRectEx
CallNextHookEx
CallWindowProcW
CharNextW
IsWindowEnabled
IsWindow
IsIconic
GrayStringW
GetWindowThreadProcessId
GetWindowTextW
TabbedTextOutW
GetWindowPlacement
GetWindowLongW
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetPropW
GetParent
GetMessageW
GetMessageTime
GetMessagePos
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetClassInfoExW
GetCapture
GetActiveWindow
EnableWindow
EnableMenuItem
DrawTextW
SystemParametersInfoA
ShowWindow
CheckMenuItem
CopyRect
CreateWindowExW
DefWindowProcW
DestroyMenu
DestroyWindow
DispatchMessageW
DrawTextExW
SetWindowTextW
GetWindowRect
SetWindowsHookExW
ClientToScreen

gdi32

PtVisible
OffsetViewportOrgEx
GetStockObject
GetDeviceCaps
GetClipBox
ExtTextOutW
Escape
DeleteObject
DeleteDC
RectVisible
TextOutW
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetMapMode
SetBkColor
SelectObject
ScaleWindowExtEx
ScaleViewportExtEx
SaveDC
RestoreDC
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegSetValueExW
RegSetKeySecurity
RegQueryValueW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyW
RegGetKeySecurity
RegQueryValueExW
RegOpenKeyExW
AccessCheck
AddAccessAllowedAce
AddAce
AllocateAndInitializeSid
CopySid
DuplicateToken
EqualSid
FreeSid
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
LookupAccountNameW
MapGenericMask
OpenProcessToken
OpenThreadToken
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW

shell32

CommandLineToArgvW

ole32

CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
ProgIDFromCLSID
StringFromGUID2
CoInitialize

shlwapi

PathFindExtensionW
PathFindFileNameW

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__getmainargs
__p__fmode
__set_app_type
_controlfp
_acmdln
exit
_XcptFilter
_exit
_except_handler3
__p__commode

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_set_5
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f301227cb5efd290b334b34683fb9e9

Headers

File Characteristics

Imports

mpr

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

shlwapi

msvcrt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 4.0MB

.rsrc Size: 264KB - Virtual size: 263KB

_set_5 Size: 400KB - Virtual size: 400KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 4.0MB

.rsrc
Size: 264KB - Virtual size: 263KB

_set_5
Size: 400KB - Virtual size: 400KB