Release_x64[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Release_x64.zip
Size

175KB
MD5

e05a626edd2752c343e6d73bcf6c3d9d
SHA1

534f297e4c0aa9ebd7baf71c8caa3eaaab952352
SHA256

3cca114c75af65c84a534612c1b3fe5e4dca3462c2d13d7bc4b691e171a91b1e
SHA512

12afd80a1c0b15d6c260d65e4a895574a1d429337656d6c58fcb246cfff7b8dec93ea64ade54c8925aae90185dd6cfd34a9861ff10fb93aca9d38c3d8e209a2c
SSDEEP

3072:81F1akLaocHlmQCUDJcsxyOBfJWNr3Ht28ffbqx6v2D7SO:85JcFJCiVxyMMI8ffb6sy7SO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Release/ExplorerBlurMica.dll

Files

Release_x64.zip
.zip
ReadMe.txt
Release/ExplorerBlurMica.dll
.dll regsvr32 windows:6 windows x64 arch:x64

d0d32871167807990e71ec2e2330a8a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapDestroy
GetThreadContext
GetThreadId
SetThreadContext
OpenThread
GetModuleFileNameA
IsBadStringPtrA
UnmapViewOfFile
CreateFileA
CreateFileMappingFromApp
MapViewOfFileFromApp
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary
GetPrivateProfileStringW
OutputDebugStringW
SetUnhandledExceptionFilter
WaitForSingleObjectEx
GetExitCodeThread
MultiByteToWideChar
HeapReAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLastError
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
Thread32First
CreateMutexW
Thread32Next
HeapFree
HeapCreate
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
FlushInstructionCache
GetModuleHandleA
SetLastError
VirtualProtect
GetCurrentProcessId
K32GetModuleBaseNameW
GetCurrentProcess
CreateFileW
GetFileSizeEx
GetModuleHandleW
GetSystemTimeAsFileTime
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
InterlockedPushEntrySList
GetProcessHeap
FormatMessageW
LoadLibraryExW
GetProcAddress
GetAtomNameW
QueryPerformanceCounter
CompareStringOrdinal
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RaiseException
RtlUnwindEx
UnhandledExceptionFilter

user32

EnumChildWindows
EndPaint
BeginPaint
FillRect
RedrawWindow
GetWindowRect
EnumWindows
GetClassNameW
RegisterWindowMessageW
PostMessageW
GetWindow
DefWindowProcW
FindWindowExW
SetWindowPos
SendMessageW
OffsetRect
IsRectEmpty
SetLayeredWindowAttributes
IsZoomed
DrawTextW
GetDC
CopyImage
WindowFromDC
GetAncestor
ReleaseDC
GetKeyState
IsWindow
GetWindowThreadProcessId
GetParent

gdi32

GetBkColor
GetTextCharacterExtra
CreateRectRgn
SetTextCharacterExtra
CreateDIBSection
CreateCompatibleDC
StretchDIBits
GetDCBrushColor
GetDIBits
DeleteDC
GetTextColor
DeleteObject
CreateSolidBrush
GetObjectType
GetDeviceCaps
SaveDC
SelectObject
ExcludeClipRect
RestoreDC
GetCurrentObject
IntersectClipRect
GetStockObject
GetClipBox

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

ole32

CoCreateFreeThreadedMarshaler

oleaut32

SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
SetErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmExtendFrameIntoClientArea
DwmSetWindowAttribute

comctl32

ord413
ord410
ord411
ord412

shlwapi

PathFindFileNameA
PathFileExistsW
SHDeleteKeyW

uxtheme

EndBufferedPaint
GetBufferedPaintBits
BufferedPaintSetAlpha
BeginBufferedPaint

gdiplus

GdipDrawLineI
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawRectangleI
GdiplusShutdown
GdiplusStartup
GdipAddPathArc
GdipFillPath
GdipCreateSolidFill
GdipCreatePath
GdipDeletePath
GdipSetClipPath
GdipAddPathLine
GdipResetClip
GdipDeleteBrush
GdipClosePathFigures
GdipSetSmoothingMode

dbghelp

ImageDirectoryEntryToData

ucrtbase

__C_specific_handler
_purecall
_CxxThrowException
memcpy
memmove
memset
memcmp
__current_exception
__std_exception_copy
__std_type_info_destroy_list
_CreateFrameInfo
_IsExceptionObjectToBeDestroyed
_FindAndUnlinkFrame
__processing_throw
__NLG_Dispatch2
__AdjustPointer
__FrameUnwindFilter
__DestructExceptionObject
__TypeMatch
__std_exception_destroy
_local_unwind
__current_exception_context
__NLG_Return2
__std_type_info_compare

api-ms-win-crt-math-l1-1-0

_ldclass
_ldsign
_dsign
_fdclass
_dclass
ceilf
_fdsign
lroundf

api-ms-win-crt-string-l1-1-0

iswspace
wcsncpy_s
_wcsicmp
_stricmp

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
abort
terminate
_initialize_onexit_table
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_configure_narrow_argv
_initterm_e
_initterm
_beginthreadex
_cexit
_crt_atexit
_execute_onexit_table
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
calloc

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-locale-l1-1-0

localeconv
_lock_locales
___mb_cur_max_func
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_unlock_locales
setlocale

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Release/config.ini
Release/register.cmd
Release/uninstall.cmd

Sharing

General

Malware Config

Signatures

Files

d0d32871167807990e71ec2e2330a8a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

api-ms-win-core-winrt-string-l1-1-0

dwmapi

comctl32

shlwapi

uxtheme

gdiplus

dbghelp

ucrtbase

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 24KB - Virtual size: 29KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 24KB - Virtual size: 29KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB