971def093820e87af17845bdc8549122

Sharing

Copy URL Twitter E-mail

General

Target

971def093820e87af17845bdc8549122
Size

160KB
MD5

971def093820e87af17845bdc8549122
SHA1

0c1b5180cffd9d3751a92ef377e08f2f01b56b4f
SHA256

9e5b3c9148f7d49f883eaec35ad7e16ce24327d831729b18e106032d83be8eb4
SHA512

bcbcabfd533580a5abd28cd8cbcb96588dcc09374febf8f81fe79ada2f1bab835d65f86dbf100957b8c49c074870e4b1490bd9fbe102f872eac83e95346dc4c3
SSDEEP

3072:RBn38ci0luWXDrk99gGTmYUlx0EVuOV845MvqgrjY:Hn20Iak95SblxdwOq0Qt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
971def093820e87af17845bdc8549122

Files

971def093820e87af17845bdc8549122
.dll regsvr32 windows:5 windows x86 arch:x86

d810eae9f809dfeab509e75190e68676

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

qutil.pdb

Imports

msvcrt

wcsrchr
_CxxThrowException
?what@exception@@UBEPBDXZ
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
realloc
malloc
__CxxFrameHandler
free
wcslen
_except_handler3
??0exception@@QAE@ABV0@@Z

ntdll

RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
wcscpy
memset
wcsncpy
memcmp
_vsnwprintf
_snprintf
memmove

advapi32

OpenThreadToken
RevertToSelf
SetThreadToken
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCreateKeyExW
RegSetValueExW
RegCloseKey

kernel32

GetModuleHandleExW
HeapSize
InterlockedExchangeAdd
HeapDestroy
HeapCreate
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
CloseHandle
TerminateThread
HeapAlloc
SetEvent
WaitForMultipleObjects
GetLastError
CreateThread
CreateEventW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
VirtualProtect
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
lstrcpynW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
GetVersionExA
lstrlenA
GetModuleFileNameA
UnmapViewOfFile
VirtualAlloc
IsBadReadPtr
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
GetVersion
HeapFree
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime

ole32

CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr

rpcrt4

NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer_Release
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrDllCanUnloadNow
CStdStubBuffer_CountRefs

user32

CharNextW

msvcp60

?length@?$char_traits@G@std@@SAIPBG@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??_7bad_alloc@std@@6B@
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
?_Doraise@bad_alloc@std@@MBEXXZ
?_Xlen@std@@YAXXZ
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?nothrow@std@@3Unothrow_t@1@B

Exports

Exports

ServiceMain
AllocCountedString
AllocFixupInfo
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FreeConnections
FreeCountedString
FreeFixupInfo
FreeIsolationInfo
FreeIsolationInfoEx
FreeNapComponentRegistrationInfoArray
FreeNetworkSoH
FreePrivateData
FreeSoH
FreeSoHAttributeValue
FreeSystemHealthAgentState
InitializeNapAgentNotifier
UninitializeNapAgentNotifier

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 107B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d810eae9f809dfeab509e75190e68676

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

kernel32

ole32

oleaut32

rpcrt4

user32

msvcp60

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.orpc Size: 512B - Virtual size: 107B

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 87KB - Virtual size: 87KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.orpc
Size: 512B - Virtual size: 107B

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 87KB - Virtual size: 87KB

.reloc
Size: 7KB - Virtual size: 6KB