b6952069b70659254bcf77916087804a

Sharing

Copy URL

Twitter E-mail

General

Target

b6952069b70659254bcf77916087804a
Size

110KB
MD5

b6952069b70659254bcf77916087804a
SHA1

83d1b7203d790a2b3b26533d7f8107a0d9e80307
SHA256

8e1ccc729983a150aab2a3233c90a1f340feef3be0a67d0106419082ba000a8c
SHA512

e14a88efbf211bdad03a4bd5e7aae6b486e88465a6878ab47980c742414248b64cb477694ac8987b3f3be494b282203c4fe5d5f9a2cc6604a870f4c55d3c599a
SSDEEP

3072:FzZ9FJElWCXpK5TnAGE3iOU6YfiGk7ciR:FzZWWC5KZAGnIYf+x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6952069b70659254bcf77916087804a

Files

b6952069b70659254bcf77916087804a
.dll windows:5 windows x86 arch:x86

738892ed1f96fa712c8d4d13d4a49825

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

f:\nt_dnsrv\base\ntsetup\msoobci\obj\i386\msoobci.pdb

Imports

kernel32

CreateProcessW
GetCurrentProcess
SetFileAttributesW
SetLastError
GetSystemInfo
RemoveDirectoryW
lstrcmpW
MoveFileW
MoveFileExW
MultiByteToWideChar
UnmapViewOfFile
GetShortPathNameW
GetModuleFileNameW
GetSystemDirectoryW
MapViewOfFile
CreateFileMappingW
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryW
GetWindowsDirectoryW
LocalFree
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcatW
lstrlenW
lstrcpyW
GetVersionExW
Sleep
WaitForSingleObject
GetExitCodeProcess
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
GetPrivateProfileStructW
GetPrivateProfileStringW
WritePrivateProfileStructW
WritePrivateProfileStringW
CreateFileW
DeleteFileW
GetCurrentThread
CloseHandle
GetFileAttributesW
OutputDebugStringW
CreateDirectoryW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
lstrcpynW

msvcrt

wcscpy
_adjust_fdiv
_initterm
memmove
wcsrchr
strtol
_except_handler3
swprintf
wcstoul
wcsncmp
_wcsnicmp
realloc
_snwprintf
wcschr
wcslen
iswctype
_wcsicmp
wcscmp
malloc
wcstol
free

ntdll

RtlNtStatusToDosError
RtlFreeUnicodeString
RtlNtPathNameToDosPathName
RtlInitUnicodeString
RtlpEnsureBufferSize

setupapi

SetupQueueDeleteW
pSetupSetQueueFlags
SetupSetDirectoryIdW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupPromptForDiskW
SetupGetStringFieldW
SetupGetIntField
SetupFindNextLine
SetupFindFirstLineW
SetupCloseInfFile
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupFindNextMatchLineW
SetupGetFieldCount
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupPromptReboot
SetupDefaultQueueCallbackW
SetupQueryInfFileInformationW
SetupGetInfInformationW
SetupGetFileCompressionInfoW
SetupQueueCopyW
SetupQueueRenameW
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupCommitFileQueueW
SetupScanFileQueueW
SetupInstallFilesFromInfSectionW
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupOpenAppendInfFileW
SetupGetLineCountW
pSetupGetQueueFlags

advapi32

RegDeleteValueW
OpenThreadToken
AccessCheck
FreeSid
RevertToSelf
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
ImpersonateSelf
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW

user32

wvsprintfW
CharNextW
GetUserObjectInformationW
GetProcessWindowStation
CharPrevW
ExitWindowsEx

ole32

CoTaskMemFree
StringFromGUID2
IIDFromString
StringFromIID

Exports

Exports

DoInstall
DoInstallA
DoInstallW
DoUninstall
DoUninstallA
DoUninstallW
DriverInstallComponents
InstallComponentA
InstallComponentW
InstallInfSectionA
InstallInfSectionW
IsInteractiveWindowStation
IsUserAdmin
ProxyRemoteInstall
ProxyRemoteInstallA
ProxyRemoteInstallW
UninstallComponent

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

738892ed1f96fa712c8d4d13d4a49825

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ntdll

setupapi

advapi32

user32

ole32

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 64KB - Virtual size: 64KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB