64485bd43362d3e1499b5c01f991f141

Sharing

Copy URL Twitter E-mail

General

Target

64485bd43362d3e1499b5c01f991f141
Size

256KB
MD5

64485bd43362d3e1499b5c01f991f141
SHA1

350ec7edad4583c87c0e3ca3ed2d5d3f8c690e66
SHA256

e8581832f53e57c1cac0c8083c832a3ab98a49bcc0d6488f627119b4d5f2093e
SHA512

805af483670dc77fba2e1e60a57eca4ab1a8deb463e27d80e841e0a5231fb6746edb2c8930bc5808ad6e8b3fc7f95319a9e8bd63955df0e45ee97c8c3cff0064
SSDEEP

6144:WGeaNHn3MACu04826+6q9gCCl96P2VOrqisCRgS1byx+:WGe681W6+6q9HCbw0YiCn1Ox+

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
64485bd43362d3e1499b5c01f991f141
unpack001//tbu02772/desertnetwrokcab.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

64485bd43362d3e1499b5c01f991f141
.exe windows:4 windows x86 arch:x86

81c812ed76d4690c8678b3a4f0737a5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
SetErrorMode
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
GetModuleHandleA
LoadLibraryA
CreateThread
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
ExitProcess

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
PostQuitMessage
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
InvalidateRect

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/tbu02772/basis.xml
/tbu02772/desertNet.bmp
/tbu02772/desertnetwrokcab.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d4eca28bfb652c7989c9e9bda10c19ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

shlwapi

PathFileExistsA

wininet

DeleteUrlCacheEntry
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

setupapi

SetupIterateCabinetA

kernel32

RemoveDirectoryA
DeleteFileA
InterlockedIncrement
lstrlenA
GetVersionExA
WideCharToMultiByte
WriteFile
CreateFileA
GetTempPathA
MoveFileExA
lstrlenW
CloseHandle
GetModuleFileNameA
Sleep
GetCurrentProcessId
SetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
GetModuleHandleW
LoadLibraryA
GlobalUnlock
GlobalLock
WritePrivateProfileStringA
EnterCriticalSection
MultiByteToWideChar
InterlockedDecrement
lstrcpyA
lstrcatA
GetCurrentThreadId
GetVersion
DebugBreak
FindFirstFileA
FindNextFileA
FindClose
GetTempFileNameA
FlushInstructionCache
GetCurrentProcess
lstrcmpA
GetCurrentThread
HeapFree
HeapAlloc
GetProcessHeap
DisableThreadLibraryCalls
GetShortPathNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetLastError
FreeLibrary
SetEndOfFile
CompareStringA
CompareStringW
GlobalAlloc
TerminateThread
LeaveCriticalSection
ReadFile
GetOEMCP
LCMapStringA
GetDriveTypeA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
GetCommandLineA
HeapReAlloc
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
CreateDirectoryA
GetFullPathNameA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsSetValue
CreateThread
ResumeThread
RtlUnwind
RaiseException
LocalAlloc
InterlockedExchange
LocalFree
GetStringTypeW
GetACP
GetStringTypeA
GetCPInfo
LCMapStringW
SetHandleCount
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle

user32

SendMessageA
wsprintfA
LoadCursorA
GetParent
CharLowerA
CallWindowProcA
DefWindowProcA
IsWindowVisible
CloseClipboard
GetClipboardData
OpenClipboard
GetSysColor
SetWindowTextA
GetSystemMetrics
DestroyCursor
EnableMenuItem
PostMessageA
UnregisterClassA
TranslateMessage
DispatchMessageA
SetActiveWindow
MoveWindow
GetWindowRect
EmptyClipboard
LoadCursorFromFileA
CreateWindowExA
GetDlgItem
InvalidateRgn
ReleaseCapture
DestroyAcceleratorTable
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
EndPaint
IsChild
IsWindow
GetDC
ReleaseDC
FillRect
GetMenuItemInfoA
CopyRect
DestroyWindow
SetFocus
ShowWindow
LoadMenuA
GetSubMenu
InsertMenuA
LoadImageA
LoadStringA
wvsprintfA
MapWindowPoints
GetMessagePos
GetCursorPos
GetFocus
SetWindowsHookExA
WindowFromPoint
SetCursor
ScreenToClient
PtInRect
GetKeyState
GetClassNameA
CallNextHookEx
InvalidateRect
TrackPopupMenu
SetTimer
CreatePopupMenu
AppendMenuA
CheckMenuItem
DestroyMenu
CharNextA
MessageBoxA
KillTimer
UnhookWindowsHookEx
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowLongA
GetWindow
GetClassInfoExA
RegisterClassExA
RegisterWindowMessageA
OffsetRect
DrawEdge
SetCapture

gdi32

GetObjectA
GetTextExtentPointA
GetStockObject
GetDeviceCaps
CreateSolidBrush
DeleteObject
ExtTextOutA
GetTextExtentPoint32A
GetTextMetricsA
SetTextColor
SetBkColor
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBrushIndirect
DeleteDC
CreateFontA
BitBlt

shell32

SHAddToRecentDocs
DragQueryFileA
ShellExecuteA

ole32

OleInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoTaskMemRealloc
OleRun
CreateStreamOnHGlobal
CoInitialize

oleaut32

VariantClear
VariantInit
SysStringByteLen
VariantChangeType
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
LoadTypeLi
VariantCopy
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayCreate
LoadRegTypeLi
DispCallFunc
GetErrorInfo
VarUI4FromStr
SysAllocString
RegisterTypeLi
OleCreateFontIndirect

rpcrt4

UuidFromStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TBStudioReg

Sections

.text
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/tbu02772/desertnetwrokcab.inf
/tbu02772/icons.bmp
/tbu02772/version.txt

Sharing

General

Malware Config

Signatures

Files

81c812ed76d4690c8678b3a4f0737a5f

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 16KB - Virtual size: 20KB

d4eca28bfb652c7989c9e9bda10c19ca

Headers

File Characteristics

Imports

winmm

shlwapi

wininet

setupapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 360KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 32KB - Virtual size: 71KB

.SHARED Size: 4KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 32KB - Virtual size: 29KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 16KB - Virtual size: 20KB

.text
Size: 364KB - Virtual size: 360KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 32KB - Virtual size: 71KB

.SHARED
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 32KB - Virtual size: 29KB