380f5e0ff2240e62605463f71bbd79a3113a29ace8c7035227adfd936c7ba55c

Sharing

Copy URL Twitter E-mail

General

Target

380f5e0ff2240e62605463f71bbd79a3113a29ace8c7035227adfd936c7ba55c
Size

798KB
MD5

facef75a0eb99e244196d56fdb9c55fd
SHA1

600fba60b7a5d185d4a6cc67bf867f919c96690e
SHA256

380f5e0ff2240e62605463f71bbd79a3113a29ace8c7035227adfd936c7ba55c
SHA512

d43c4734185dcc7935c2c9f3c802bcb8d3081d74302c35a38b74c50eaa3d5aec88e84ea7abe6f6bc256d200a8e384251d1c7a86910f6b2e283ee036586aa7fdb
SSDEEP

24576:DT+rpHbidoZZHoeNZ8c7mmGxsC3xbrEH7n:Dq9ei52yfusC3xW

Score

1^/10

Malware Config

Signatures

Files

380f5e0ff2240e62605463f71bbd79a3113a29ace8c7035227adfd936c7ba55c
.dll windows:10 windows x86 arch:x86

d3a4edc21d75d55d4a08edec8b2fed3f

Code Sign

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:07

Not After

08/08/2019, 20:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:12:da:62:50:fb:fa:d9:08:00:70:d8:14:dc:25:8c:20:af:15:23:19:68:3f:ad:26:db:10:e7:e7:e2:1c:97
Signer

Actual PE Digest

75:12:da:62:50:fb:fa:d9:08:00:70:d8:14:dc:25:8c:20:af:15:23:19:68:3f:ad:26:db:10:e7:e7:e2:1c:97

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismApi.pdb

Imports

msvcrt

_wcsnicmp
wcsrchr
wcsstr
towlower
_vsnwprintf
strrchr
iswctype
fclose
wcstok_s
realloc
_errno
_onexit
__dllonexit
_wfopen
_lock
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
wcscpy_s
_vscprintf
vsprintf_s
calloc
_vsnprintf
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
iswspace
swscanf_s
_wtoi
wcschr
_wcstoui64
wcstoul
fgetws
feof
_purecall
_wcsicmp
iswalpha
malloc
memcpy
memcmp
_ftol2
_wcslwr_s
_unlock
free
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
__CxxFrameHandler3
memset

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CheckTokenMembership
FreeSid
OpenProcessToken
AllocateAndInitializeSid
OpenThreadToken
GetTokenInformation
AddAccessAllowedAce
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetLengthSid
InitializeSecurityDescriptor

kernel32

MoveFileExW
ReadFile
SetFilePointer
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
GetSystemWindowsDirectoryW
GetVersionExW
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceExW
GetSystemInfo
GetLastError
GetCommandLineW
GetFileAttributesW
IsWow64Process
GetCurrentProcess
LoadLibraryExW
FreeLibrary
OutputDebugStringW
WaitForMultipleObjectsEx
WaitForSingleObject
FormatMessageW
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsGetValue
HeapFree
GetProcessHeap
GetModuleFileNameW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
WideCharToMultiByte
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
MultiByteToWideChar
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
DeviceIoControl
FindNextFileW
GetFullPathNameW
FindFirstFileW
SetLastError
TlsFree
GetLocaleInfoEx
GetSystemTime
GetTimeFormatEx
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetModuleFileNameA
WriteFile
CreateMutexW
CreateMutexA
ReleaseMutex
GetVersion
CreateFileA
DeleteFileA
CreateFileMappingA
DebugBreak
GetFileSizeEx
GetWindowsDirectoryW
IsDebuggerPresent
CreateEventW
ResumeThread
DuplicateHandle
GetTempFileNameW
ResetEvent
CreateThread
SetEvent
SetErrorMode
ExpandEnvironmentStringsW
DeleteFileW
CreateDirectoryW
GetCurrentThread
FlushFileBuffers
CopyFileExW
FindClose
CreateFileW
SetFileAttributesW
GetFileInformationByHandle
SearchPathW
CompareStringW
CloseHandle

ole32

CoCreateInstance
CoSetProxyBlanket
StringFromGUID2
CoUninitialize
CoInitializeEx

user32

CharLowerBuffW

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
GetErrorInfo
SafeArrayGetDim
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SafeArrayDestroy
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
VarBstrCat
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

ntdll

RtlReAllocateHeap
NtYieldExecution
RtlRaiseStatus
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlNtStatusToDosError
RtlGetVersion

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

Exports

Exports

DismAddCapability
DismAddDriver
DismAddPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetCapabilities
DismGetCapabilityInfo
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackageInfoEx
DismGetPackages
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveCapability
DismRemoveDriver
DismRemovePackage
DismRestoreImageHealth
DismShutdown
DismUnmountImage
_DismAddCapabilityEx
_DismAddDriverEx
_DismAddPackage2
_DismAddPackageFamilyToUninstallBlocklist
_DismAddProvisionedAppxPackage
_DismApplyCustomDataImage
_DismApplyFfuImage
_DismApplyProvisioningPackage
_DismCleanImage
_DismEnableDisableFeature
_DismExportDriver
_DismExportSource
_DismExportSourceEx
_DismGetCapabilitiesEx
_DismGetCapabilityInfoEx
_DismGetCurrentEdition
_DismGetDriversEx
_DismGetEffectiveSystemUILanguage
_DismGetFeaturesEx
_DismGetInstallLanguage
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetNonRemovableAppsPolicy
_DismGetOSUninstallWindow
_DismGetOsInfo
_DismGetProductKeyInfo
_DismGetProvisionedAppxPackages
_DismGetProvisioningPackageInfo
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetCompositionEditions
_DismGetTargetEditions
_DismGetTargetVirtualEditions
_DismGetUsedSpace
_DismInitiateOSUninstall
_DismOptimizeImage
_DismOptimizeProvisionedAppxPackages
_DismRemoveOSUninstall
_DismRemovePackageFamilyFromUninstallBlocklist
_DismRemoveProvisionedAppxPackage
_DismRemoveProvisionedAppxPackageAllUsers
_DismRevertPendingActions
_DismSetAllIntlSettings
_DismSetAppXProvisionedDataFile
_DismSetEdition
_DismSetEdition2
_DismSetFirstBootCommandLine
_DismSetMachineName
_DismSetOSUninstallWindow
_DismSetProductKey
_DismSetSkuIntlDefaults
_DismSplitFfuImage
_DismStage
_DismSysprepCleanup
_DismSysprepGeneralize
_DismSysprepSpecialize
_DismValidateProductKey

Sections

.text
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3a4edc21d75d55d4a08edec8b2fed3f

Code Sign

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

75:12:da:62:50:fb:fa:d9:08:00:70:d8:14:dc:25:8c:20:af:15:23:19:68:3f:ad:26:db:10:e7:e7:e2:1c:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

user32

oleaut32

ntdll

version

Exports

Exports

Sections

.text Size: 645KB - Virtual size: 645KB

.data Size: 8KB - Virtual size: 9KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 41KB - Virtual size: 40KB

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

75:12:da:62:50:fb:fa:d9:08:00:70:d8:14:dc:25:8c:20:af:15:23:19:68:3f:ad:26:db:10:e7:e7:e2:1c:97
Signer

.text
Size: 645KB - Virtual size: 645KB

.data
Size: 8KB - Virtual size: 9KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 41KB - Virtual size: 40KB