9aebd31292a6f1793ba00cf14a201424

Sharing

Copy URL Twitter E-mail

General

Target

9aebd31292a6f1793ba00cf14a201424
Size

228KB
MD5

9aebd31292a6f1793ba00cf14a201424
SHA1

1625be5d7bbd1b0ca302c2af639af7f2a6835623
SHA256

56e80d998d8b981a6c7b94b88ace51ae882c5ef037d942052681244b34e04edd
SHA512

63fd8f7d3d9b68c7aedc8a291b7e113e0b233a8962d09e327e64b9ff1437e43df163d384d500b4313f4d86f209542e404d3342815b153c7cc5aca17c3ec6897e
SSDEEP

6144:hYnteispgXTadfoUG3ExR+vJzli4pJg8qkB2o1e:Stei2gXTadrxR+vJzli4pBld1e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9aebd31292a6f1793ba00cf14a201424

Files

9aebd31292a6f1793ba00cf14a201424
.dll windows:5 windows x86 arch:x86

30c72e9b672c7802ac4d896661aea380

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Shai\Crossrider\cr-ie-plugin\output\ButtonUtil.pdb

Imports

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetCrackUrlA
InternetSetOptionA
InternetOpenA

kernel32

GetVersion
GetLastError
GetModuleFileNameA
ExpandEnvironmentStringsA
CreateFileA
ReadFile
SetLastError
LocalFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalFlags
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
SetEvent
lstrcpyA
CreateEventA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
LocalAlloc
WriteFile
SetFilePointer
FindResourceA
FreeLibrary
LoadResource
SizeofResource
IsDBCSLeadByte
lstrlenW
RaiseException
lstrcmpiA
LoadLibraryExA
GetCommandLineA
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetConsoleCP
ReleaseMutex
WaitForSingleObject
VirtualQuery
CloseHandle
OpenMutexA
CreateMutexA
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
DebugBreak
InterlockedIncrement
InterlockedDecrement
lstrlenA
EncodePointer
DecodePointer
GetLocalTime
GetSystemTimeAsFileTime
HeapFree
GetConsoleMode
FlushFileBuffers
CreateFileW
GetProcessHeap
SetEndOfFile
SetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
LoadLibraryW
LCMapStringW
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
RtlUnwind
WriteConsoleW

user32

UnhookWindowsHookEx
SetWindowsHookExA
SetWindowPos
GetWindowRect
ReleaseDC
GetDC
DestroyIcon
PostMessageA
GetParent
CallNextHookEx
GetWindowThreadProcessId
GetDesktopWindow
SendMessageA
GetWindowTextA
FindWindowExA
CharNextA
wvsprintfA
LoadStringA
InvalidateRect
DestroyWindow

gdi32

GetTextExtentPoint32A
SelectObject
DeleteObject
GetObjectA
CreateFontA

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
RegDeleteValueA
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExA
GetSidSubAuthority
GetSidSubAuthorityCount

shell32

SHGetFolderPathA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VariantClear
VarUI4FromStr

comctl32

ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Remove

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCloneBitmapAreaI
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipFillPath
GdipGraphicsClear
GdipDrawPath
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipSetPathGradientFocusScales
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipWindingModeOutline
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30c72e9b672c7802ac4d896661aea380

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 17KB - Virtual size: 16KB