dfce6e2f713a61d4ecafc520c5c21c19baeea2f70dc3f6c5c056971a29e85c6a

Sharing

Copy URL Twitter E-mail

General

Target

dfce6e2f713a61d4ecafc520c5c21c19baeea2f70dc3f6c5c056971a29e85c6a
Size

241KB
MD5

65d81d7981af3fce5c34e52b0ed34b95
SHA1

dcf551d958f5cac2247df5e979246e599c94bc8a
SHA256

dfce6e2f713a61d4ecafc520c5c21c19baeea2f70dc3f6c5c056971a29e85c6a
SHA512

36b0b25ad2b19c11a8e341e1af8812a4e38ec60435fa5f783bf3cb3657fe1020068dd1154afad84ae075f5747e234d8c83e5d1dfc99229a9e7169e06c5c3c052
SSDEEP

3072:JM8lPYaCdOxkXwl0emt5w6cdQ9vDdkAhLFMwFDx0T9TBf68D4kmyunOKnI6lCpbY:FUoSc69vDdlhpFV+9TBi1nOKI6lC+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfce6e2f713a61d4ecafc520c5c21c19baeea2f70dc3f6c5c056971a29e85c6a

Files

dfce6e2f713a61d4ecafc520c5c21c19baeea2f70dc3f6c5c056971a29e85c6a
.dll windows:5 windows x86 arch:x86

ccc9a097b057142e81fadb4f9a5dfda9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

xlluaruntime

lua_pushinteger
lua_pushstring
luaL_checklstring
luaL_checkudata
XLLRT_PushXLObject
XLLRT_RegisterGlobalObj
XLLRT_GetEnv
lua_topointer
lua_pushboolean
lua_tolstring
lua_pushlstring
XLLRT_RegisterClass

kernel32

SetEnvironmentVariableW
GetLastError
MoveFileW
Sleep
CreateFileW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GetPrivateProfileSectionW
GetPrivateProfileIntW
WaitForSingleObject
CreateProcessW
CopyFileW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
HeapFree
GetProcessHeap
GetCommandLineW
GetModuleFileNameW
GetEnvironmentVariableW
RaiseException
LocalFree
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetVersionExW
IsWow64Process
GetCurrentProcess
GetExitCodeProcess
CreateFileA
FreeLibrary
LoadLibraryW
WritePrivateProfileStringW
GetFileSize
lstrlenW
GetDriveTypeW
GetStartupInfoW
SetFilePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
GetDiskFreeSpaceExW
CreateThread
TerminateThread
WaitForMultipleObjects
GetSystemDefaultLangID
GetTempPathA
InterlockedIncrement
InterlockedDecrement
lstrlenA
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
HeapReAlloc
HeapSize
CloseHandle
WriteFile
GetCurrentThread
ReadFile
GlobalFree
OutputDebugStringA
InterlockedExchange
GetWindowsDirectoryW

user32

PostMessageW
CharNextW
FindWindowW
GetWindowThreadProcessId
MessageBoxW
wsprintfW
SetClassLongW
LoadImageW
GetSystemMetrics

advapi32

CryptCreateHash
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
OpenThreadToken
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
RegCloseKey
CryptAcquireContextW
CreateProcessAsUserW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
SetEntriesInAclW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW

shell32

SHBrowseForFolderW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
SHChangeNotify
ord165
SHGetPathFromIDListW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
SysFreeString

msvcr90

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
vsprintf_s
_vscprintf
_vswprintf_c_l
_wtoi
wcscpy_s
iswdigit
wcstol
_wcslwr_s
_wcsnicmp
wcsncmp
memmove_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_recalloc
calloc
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??2@YAPAXI@Z
_time64
fopen
fseek
fgets
fclose
_wrename
memcpy_s
wcsncpy
wcsstr
wcscmp
_snwprintf
_swprintf
wcschr
atoi
_wcsupr
_vswprintf
wcscat
sprintf
wcscpy
free
malloc
_wcsicmp
wcslen
strlen
__CxxFrameHandler3
??_U@YAPAXI@Z
memset
??_V@YAXPAX@Z
_CxxThrowException
??3@YAXPAX@Z
_itoa
_stricmp
memcpy
?terminate@@YAXXZ

msvcp90

?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

shlwapi

PathCombineA
PathCombineW
PathAddBackslashW
PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveBackslashW
PathRemoveFileSpecW

setupapi

SetupIterateCabinetW

cabinet

ord21
ord23
ord20

userenv

UnloadUserProfile

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

Exports

Exports

RegistLuaClass

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccc9a097b057142e81fadb4f9a5dfda9

Headers

File Characteristics

Imports

urlmon

version

xlluaruntime

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcr90

msvcp90

shlwapi

setupapi

cabinet

userenv

winhttp

Exports

Exports

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 11KB - Virtual size: 14KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 11KB - Virtual size: 14KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 11KB - Virtual size: 11KB