98ae154fb0ab5b904028514ab33c2e51c204c747c336b271b2b4aa8b92bbe385

Sharing

Copy URL Twitter E-mail

General

Target

98ae154fb0ab5b904028514ab33c2e51c204c747c336b271b2b4aa8b92bbe385
Size

205KB
MD5

5afb6b09e734515c5875188748e4cd51
SHA1

a9c25368236662de2c752dfbbd3d4c47466a1541
SHA256

98ae154fb0ab5b904028514ab33c2e51c204c747c336b271b2b4aa8b92bbe385
SHA512

7c208d1ef75a4631ddd7d4d074bb81e469dde1d8fbdabd996cb54bf0193ad65660a91c06988d8efdc3aa213c62ca0d1dbe140d6891ca42fe0681bd78b1041c23
SSDEEP

6144:U6fFzQ5SPBfqSossHK3DbYBV+UdvrEFp7hKHlZ:USFzQ5SPBfhiK4BjvrEH7IlZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98ae154fb0ab5b904028514ab33c2e51c204c747c336b271b2b4aa8b92bbe385

Files

98ae154fb0ab5b904028514ab33c2e51c204c747c336b271b2b4aa8b92bbe385
.dll windows:6 windows x86 arch:x86

4e1b0aea0bd597227b3ae9d27fe1a9e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\用户数据\Documents\Visual Studio 2015\Projects\Dism++\Release\Config\x86\CBSHost.pdb

Imports

kernel32

GetLastError
SetLastError
GetSystemTimeAsFileTime
GetNativeSystemInfo
IsWow64Process
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
LocalFree
GetCurrentProcess
TerminateProcess
CloseHandle
GetTickCount
GetCurrentThreadId
CreateDirectoryW
SetEvent
CreateEventW
WaitForSingleObject
GetModuleFileNameW
GlobalMemoryStatusEx
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateFileW
GetFileSize
ReadFile
WriteFile
VirtualAlloc
VirtualFree
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
LoadLibraryW
CreateProcessW
WaitForMultipleObjects
SetUnhandledExceptionFilter
ExitProcess
OpenProcess
GetCurrentProcessId
CreateThread
OpenEventW
DuplicateHandle
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetDllDirectoryW
GetLocalTime
CopyFileW
InitializeCriticalSectionEx
GetSystemDirectoryW
UnmapViewOfFile
CreateHardLinkTransactedW
DeleteFileTransactedW
MoveFileExW
DeleteCriticalSection
GetModuleHandleW
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
InitializeSListHead
GetTickCount64
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
SleepConditionVariableCS
WakeAllConditionVariable
InitializeConditionVariable
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
InterlockedFlushSList

ntdll

NtWriteFile
NtDeleteKey
RtlFreeUnicodeString
NtQueryInformationProcess
RtlDosPathNameToNtPathName_U
ZwQueryDirectoryFile
RtlImageNtHeader
NtClose
NtOpenFile
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlGetLastNtStatus
NtSetInformationFile
RtlAdjustPrivilege

msvcrt

??3@YAXPAX@Z
memcpy
_errno
memset
memmove
wcslen
wcsnlen
free
malloc
??2@YAPAXI@Z
memcmp
_wcsicmp
vswprintf_s
_vscwprintf
strlen
sscanf
swscanf
wcstoul
wcscpy
bsearch
wcsrchr
wcscmp
calloc
_purecall
??_V@YAXPAX@Z
wcschr
??_U@YAPAXI@Z
_CxxThrowException
_cexit
_initterm
_initterm_e
??0exception@@QAE@ABQBD@Z
_except_handler4_common
__getmainargs
atexit
_lock
__dllonexit
__CxxFrameHandler3
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
__CppXcptFilter
?terminate@@YAXXZ
_unlock
_invalid_parameter

Exports

Exports

CbsCreateTempDirectory2
CreateCbsHostHelper
DismGetScratchDir
DismWriteLog
GetConfig
RunCbsHostW

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e1b0aea0bd597227b3ae9d27fe1a9e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

msvcrt

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB