aaf651f50bb7fa85b2e07a8ad5851e3d

Sharing

Copy URL Twitter E-mail

General

Target

aaf651f50bb7fa85b2e07a8ad5851e3d
Size

353KB
MD5

aaf651f50bb7fa85b2e07a8ad5851e3d
SHA1

a6bd1fa6439715b988635c6f4134ad0696492d0d
SHA256

e702211f3f6d76c8153b3390e1a256c21bee18944d9b3a3a7b27c3f05c13f0c9
SHA512

78f92034baccf62a56533fdc983ae988a253e466b90d2e09f4f04446bc7980b6da5c19dc9228fd2f729eba6e286347a81c5e074f242aea3fb41e23364696f4bc
SSDEEP

6144:jDpFNCb9WDwee3pXOFDJ+mUHtQ2mUfzdvbwN/Bvuzv:jDpFNCb9OIc+urEzdjwNC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaf651f50bb7fa85b2e07a8ad5851e3d

Files

aaf651f50bb7fa85b2e07a8ad5851e3d
.dll windows:5 windows x86 arch:x86

fedbef9f6a6c7f3971cc75dee37a7744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\OOO320\src\fpicker\wntmsci12.pro\bin\fps.pdb

Imports

cppu3

cppu_unsatisfied_iquery_msg
uno_type_sequence_assign
uno_type_assignData
uno_type_any_construct
uno_type_sequence_realloc
typelib_static_type_init
uno_type_any_assign
uno_any_destruct
uno_any_construct
typelib_typedescriptionreference_equals
uno_type_sequence_reference2One
uno_type_destructData
uno_type_sequence_construct
typelib_static_sequence_type_init
typelib_static_type_getByTypeClass

cppuhelper3msc

?disposing@WeakComponentImplHelperBase@cppu@@MAAXXZ
?acquire@WeakComponentImplHelperBase@cppu@@UAAXXZ
?release@WeakComponentImplHelperBase@cppu@@UAAXXZ
?dispose@WeakComponentImplHelperBase@cppu@@UAAXXZ
?addEventListener@WeakComponentImplHelperBase@cppu@@UAAXABV?$Reference@VXEventListener@lang@star@sun@com@@@uno@star@sun@com@@@Z
??0WeakComponentImplHelperBase@cppu@@IAE@AAVMutex@osl@@@Z
?removeInterface@OMultiTypeInterfaceContainerHelper@cppu@@QAAJABVType@uno@star@sun@com@@ABV?$Reference@VXInterface@uno@star@sun@com@@@4567@@Z
?addInterface@OMultiTypeInterfaceContainerHelper@cppu@@QAAJABVType@uno@star@sun@com@@ABV?$Reference@VXInterface@uno@star@sun@com@@@4567@@Z
?getContainer@OMultiTypeInterfaceContainerHelper@cppu@@QBAPAVOInterfaceContainerHelper@2@ABVType@uno@star@sun@com@@@Z
??1WeakComponentImplHelperBase@cppu@@UAE@XZ
?createSingleFactory@cppu@@YA?AV?$Reference@VXSingleServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@3456@ABVOUString@rtl@@P6A?AV?$Reference@VXInterface@uno@star@sun@com@@@3456@0@ZABV?$Sequence@VOUString@rtl@@@3456@PAU_rtl_ModuleCount@@@Z
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
?removeEventListener@WeakComponentImplHelperBase@cppu@@UAAXABV?$Reference@VXEventListener@lang@star@sun@com@@@uno@star@sun@com@@@Z
??1OInterfaceIteratorHelper@cppu@@QAE@XZ
?next@OInterfaceIteratorHelper@cppu@@QAAPAVXInterface@uno@star@sun@com@@XZ
??0OInterfaceIteratorHelper@cppu@@QAE@AAVOInterfaceContainerHelper@1@@Z
?WeakComponentImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVWeakComponentImplHelperBase@1@@Z
?WeakComponentImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
??1OMultiTypeInterfaceContainerHelper@cppu@@QAE@XZ
??0OMultiTypeInterfaceContainerHelper@cppu@@QAE@AAVMutex@osl@@@Z
?remove@OInterfaceIteratorHelper@cppu@@QAAXXZ

comphelp4msc

?readDirectKey@ConfigurationHelper@comphelper@@SA?AVAny@uno@star@sun@com@@V?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@4567@ABVOUString@rtl@@11J@Z
?getProcessServiceFactory@comphelper@@YA?AV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@XZ
?GetStorageFromURL@OStorageHelper@comphelper@@SA?AV?$Reference@VXStorage@embed@star@sun@com@@@uno@star@sun@com@@ABVOUString@rtl@@JABV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@4567@@Z
??1SequenceAsHashMap@comphelper@@QAE@XZ
??0SequenceAsHashMap@comphelper@@QAE@XZ
?writeDirectKey@ConfigurationHelper@comphelper@@SAXV?$Reference@VXMultiServiceFactory@lang@star@sun@com@@@uno@star@sun@com@@ABVOUString@rtl@@11ABVAny@4567@J@Z

sal3

rtl_uString_acquire
rtl_ustr_compare_WithLength
rtl_ustr_indexOfChar_WithLength
osl_createMutex
osl_destroyMutex
osl_acquireMutex
rtl_uString_new
rtl_uString_new_WithLength
rtl_uStringbuffer_insert
rtl_uStringbuffer_insert_ascii
osl_incrementInterlockedCount
rtl_str_getLength
osl_getGlobalMutex
rtl_string2UString
rtl_str_compare
rtl_freeMemory
rtl_allocateMemory
rtl_uString_assign
rtl_uString_release
osl_releaseMutex
rtl_uString_newFromAscii
rtl_ustr_indexOfStr_WithLength
rtl_ustr_compareIgnoreAsciiCase_WithLength
osl_getFileURLFromSystemPath
rtl_ustr_lastIndexOfChar_WithLength
osl_scheduleThread
osl_getThreadIdentifier
osl_joinWithThread
osl_terminateThread
osl_suspendThread
osl_destroyThread
osl_checkCondition
osl_waitCondition
osl_setCondition
osl_getSystemPathFromFileURL
rtl_ustr_lastIndexOfStr_WithLength
rtl_uString_newConcat
rtl_ustr_getLength
rtl_uStringbuffer_ensureCapacity
rtl_ustr_hashCode_WithLength
rtl_uString_newFromStr
osl_createSuspendedThread
osl_resumeThread
osl_isThreadRunning
osl_resetCondition
osl_destroyCondition
osl_createCondition
rtl_uString_newFromStr_WithLength

vclmi

?Yield@Application@@SAX_N@Z
?GetSolarMutex@Application@@SAAAVIMutex@vos@@XZ
?GetUILocale@AllSettings@@QBEABULocale@lang@star@sun@com@@XZ
?GetSettings@Application@@SAABVAllSettings@@XZ
?ReleaseSolarMutex@Application@@SAKXZ
?AcquireSolarMutex@Application@@SAXK@Z

tlmi

??1String@@QAE@XZ
?ReadString@SimpleResMgr@@QAE?AVString@@K@Z
??0SimpleResMgr@@QAE@PBDABULocale@lang@star@sun@com@@@Z
??1SimpleResMgr@@UAE@XZ
??BString@@QBE?AVOUString@rtl@@XZ

uwinapi

GetWindowLongW
SHCreateItemFromParsingName
EnableWindow
GetWindowTextW
FindWindowExW
DrawTextW
GetTextMetricsW
DefWindowProcW
CreateWindowExW
GetOpenFileNameW
SetWindowTextW
PostMessageW
SetPropW
RemovePropW
SetWindowLongW
CallWindowProcW
GetPropW
SendMessageW
CreateEventW
GetModuleHandleW
GetSaveFileNameW
SetCurrentDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
RegisterWindowMessageW
FindFirstFileW
GetClassNameW
GetVersionExW
UnregisterClassW
LoadCursorW
RegisterClassExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx
OleUninitialize
OleInitialize
CoTaskMemFree

gdi32

GetStockObject
PatBlt
UnrealizeObject
SetTextColor
SetBkColor
DeleteObject
SelectObject
CreatePen
CreateSolidBrush
CreatePatternBrush
CreateBitmap
StretchDIBits
SetStretchBltMode
Rectangle
GetDeviceCaps

comdlg32

CommDlgExtendedError

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
CloseHandle
WaitForSingleObject
GetCurrentThreadId
WaitForMultipleObjects
GetCurrentProcessId
FindClose
GetVersion
IsBadReadPtr
IsDebuggerPresent

msvcr90

_wcsicmp
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBDH@Z
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
fprintf
__iob_func
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_purecall
_beginthreadex
memset
__RTDynamicCast
memmove
wcsrchr
_snwprintf
memcpy
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_encode_pointer
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_malloc_crt
_except_handler4_common
__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free

user32

ReleaseCapture
GetWindowThreadProcessId
GetDesktopWindow
GetForegroundWindow
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
IsWindow
GetParent
GetDlgItem
MoveWindow
ScreenToClient
GetDlgCtrlID
GetFocus
EnumChildWindows
GetMessagePos
SetRect
GetSysColor
FillRect
InvalidateRect
IsWindowVisible
UpdateWindow
ShowWindow
GetClientRect
DestroyWindow
BeginPaint
SetCapture
EndPaint

stlport_vc7145

??0__Named_exception@_STL@@QAE@ABV01@@Z
??0runtime_error@_STL@@QAE@ABV01@@Z
??1runtime_error@_STL@@UAE@XZ
??0?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@PBDABV?$allocator@D@1@@Z
??0__Named_exception@_STL@@QAE@ABV?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@1@@Z
??_7runtime_error@_STL@@6B@
??1?$allocator@D@_STL@@QAE@XZ
??1?$basic_string@DV?$char_traits@D@_STL@@V?$allocator@D@2@@_STL@@QAE@XZ
??1__Named_exception@_STL@@UAE@XZ
?__stl_throw_out_of_range@_STL@@YAXPBD@Z
?get_allocator@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QBE?AV?$allocator@PAX@2@XZ
??0?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@IABQAXABV?$allocator@PAX@1@@Z
?swap@?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAEXAAV12@@Z
??1?$vector@PAXV?$allocator@PAX@_STL@@@_STL@@QAE@XZ
??1?$allocator@PAX@_STL@@QAE@XZ
?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z
?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z

Exports

Exports

GetVersionInfo
component_getFactory
component_getImplementationEnvironment
component_writeInfo

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 178KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fedbef9f6a6c7f3971cc75dee37a7744

Headers

File Characteristics

PDB Paths

Imports

cppu3

cppuhelper3msc

comphelp4msc

sal3

vclmi

tlmi

uwinapi

ole32

gdi32

comdlg32

kernel32

msvcr90

user32

stlport_vc7145

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 11KB - Virtual size: 10KB

.text Size: 178KB - Virtual size: 180KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 178KB - Virtual size: 180KB