b58eab5faf7f4d5deb8c5359770a9f2e

Sharing

Copy URL

Twitter E-mail

General

Target

b58eab5faf7f4d5deb8c5359770a9f2e
Size

1012KB
MD5

b58eab5faf7f4d5deb8c5359770a9f2e
SHA1

008e142bf11becbc34c957ec22162c0b8cf9ed70
SHA256

8abb425a5dec48a913417bc31297544d2162b52172dbda0ea457e600f07f9c35
SHA512

77a5d16ab089d916d3d03037b43511f9e5a8002c4bf96eafc57ac451050aedd72a1f4667479a77217e1c0363806d735c6902312dcd97ce5bfb0d91a5ef499674
SSDEEP

24576:r/+XgMluSlGlsEqCTtOUNzeDu168U084ZB2DEX4H8eT4pJ3Y:rExcT8UkDq68UCUZTk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b58eab5faf7f4d5deb8c5359770a9f2e

Files

b58eab5faf7f4d5deb8c5359770a9f2e
.dll windows:5 windows x86 arch:x86

bdca8f76b0e50f76f0457bd2c27a58ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Clients\ExploreAnywhere\FusionEngine\HookDialog\Release\HookDialog.pdb

Imports

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

fltlib

FilterLoad
FilterSendMessage
FilterConnectCommunicationPort

kernel32

OpenEventW
QueryDosDeviceW
WaitForMultipleObjects
LocalFree
GetFullPathNameW
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
ReadFile
CreateProcessW
GetFileAttributesW
GetEnvironmentVariableA
GetEnvironmentVariableW
CreateDirectoryW
SetFileAttributesW
GetTickCount
TerminateProcess
OutputDebugStringA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateEventA
lstrlenA
SetEvent
ResetEvent
OutputDebugStringW
GetCurrentThreadId
CreateFileA
DeviceIoControl
InterlockedCompareExchange
InterlockedExchange
OpenFileMappingW
ReadProcessMemory
SetFilePointer
GetCurrentThread
CopyFileW
VirtualQueryEx
GetFullPathNameA
SetEndOfFile
InterlockedIncrement
QueryPerformanceCounter
UnlockFile
LockFile
GetSystemTimeAsFileTime
FormatMessageA
WideCharToMultiByte
GetVersionExW
GetFileAttributesA
MultiByteToWideChar
FlushFileBuffers
LockFileEx
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
IsBadWritePtr
InterlockedDecrement
Process32FirstW
GetModuleHandleW
Sleep
DuplicateHandle
SetEnvironmentVariableA
CompareStringW
VirtualAllocEx
CreateProcessA
GetExitCodeProcess
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetStdHandle
SetConsoleCtrlHandler
GetTimeZoneInformation
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
ExitProcess
HeapSize
VirtualAlloc
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsDebuggerPresent
GetConsoleMode
UnhandledExceptionFilter
GetConsoleCP
GetCommandLineA
FindFirstFileA
GetDriveTypeA
FindClose
GetDateFormatA
GetTimeFormatA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
CreateThread
WriteFile
CreateFileW
GetSystemDirectoryW
GetCurrentProcess
FreeLibrary
LoadLibraryW
FindVolumeClose
FindFirstVolumeW
HeapFree
FlushInstructionCache
VirtualProtectEx
GetProcessHeap
HeapAlloc
LoadLibraryA
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WriteProcessMemory
CreateToolhelp32Snapshot
DeleteFileW
GetTempFileNameW
GetTempPathW
SizeofResource
LockResource
LoadResource
FindResourceW
OpenProcess
CloseHandle
CompareStringA
Process32NextW
RtlUnwind
HeapReAlloc
IsBadReadPtr
VirtualQuery
SetUnhandledExceptionFilter

user32

SetFocus
SendMessageW
LoadImageW
GetKeyNameTextA
FindWindowExW
GetClassNameW
GetWindowTextW
SendMessageTimeoutW
GetWindowThreadProcessId
OpenDesktopW
EnumDesktopWindows
CloseDesktop
OpenWindowStationW
EnumDesktopsW
CloseWindowStation
RegisterWindowMessageW
EnumWindowStationsW
RegisterClipboardFormatW
GetForegroundWindow
MessageBoxW
GetDesktopWindow
DefWindowProcW
UpdateWindow
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
PostQuitMessage
LoadCursorW
RegisterClassExW
GetWindowDC
GetWindowTextA
GetActiveWindow
GetDC
MoveWindow
GetWindowRect
EndDialog
SetForegroundWindow
SetWindowTextW
SystemParametersInfoW
GetDlgItem
DialogBoxParamW
MapVirtualKeyExW
GetAsyncKeyState
GetKeyboardLayout
GetKeyState
GetLastInputInfo
GetCursorPos
GetThreadDesktop
GetProcessWindowStation
InvalidateRect
DestroyWindow
CloseWindow
SetWindowPos
ShowWindow
CreateWindowExW
SwitchDesktop
SetThreadDesktop
OpenInputDesktop
SetProcessWindowStation
ReleaseDC
GetSystemMetrics

gdi32

SetBrushOrgEx
SetStretchBltMode
GetObjectW
DeleteObject
CreateDIBSection
GetDIBits
CreateFontW
Polyline
FillRgn
CreatePolygonRgn
GetStockObject
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
SetTextColor
LineTo
MoveToEx
CreatePen
CreateSolidBrush
SetBkMode
StretchBlt

advapi32

OpenThreadToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidW
ConvertStringSidToSidW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ImpersonateSelf

ole32

CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitialize
OleInitialize
OleGetClipboard
CoSetProxyBlanket

oleaut32

VariantClear
SysAllocStringLen
VariantInit
SysFreeString

rpcrt4

UuidCreateSequential

urlmon

URLDownloadToCacheFileW

wsock32

bind
htons
ioctlsocket
socket
inet_ntoa
inet_addr
WSAGetLastError
getsockname
WSACleanup
listen
accept
ntohs
sendto
select
setsockopt
connect
htonl
closesocket
recv
send
WSAStartup

Exports

Exports

swill_allow
swill_deny
swill_directory
swill_file
swill_fprintf
swill_getargs
swill_getdouble
swill_getheader
swill_getint
swill_getrequest
swill_getvar
swill_handle
swill_init_ssl
swill_log
swill_logprintf
swill_netscape
swill_poll
swill_printf
swill_printurl
swill_remove
swill_serve
swill_setheader
swill_setresponse
swill_shutdown
swill_ssl_set_certfile
swill_title
swill_user
swill_vfprintf
swill_vprintf

Sections

.text
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdca8f76b0e50f76f0457bd2c27a58ca

Headers

File Characteristics

PDB Paths

Imports

psapi

fltlib

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

urlmon

wsock32

Exports

Exports

Sections

.text Size: 813KB - Virtual size: 812KB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 10KB - Virtual size: 23KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 813KB - Virtual size: 812KB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 10KB - Virtual size: 23KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 24KB - Virtual size: 23KB