cba319e102ad0996563723854579e802

Sharing

Copy URL Twitter E-mail

General

Target

cba319e102ad0996563723854579e802
Size

1.4MB
MD5

cba319e102ad0996563723854579e802
SHA1

ce74223b57b62f656b5a5356a41e45d6bfa354ea
SHA256

4f279f325eba8053099c72aedf1423f88b75636c0b1380c017c968dbd3a49bce
SHA512

243dcf0c430f97f67d4dcc7b3efad47cf9eb28a8f26bd5a1bdfeee1ef05876d9dd9c966c1d607fd307868312c2a588842635787f842024ce9182ef00c52ebb55
SSDEEP

24576:GOXbacCK2O4xKafYYyN5PO3Tq0K9Z+pJ9Ces:BvCK2yyM5v0ZJ9Ces

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cba319e102ad0996563723854579e802

Files

cba319e102ad0996563723854579e802
.dll regsvr32 windows:4 windows x86 arch:x86

69ffd1f9f0a3f9aa948f04f88924c79c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Softomate\Toolbar3\Release_bin\tbcore3U.pdb

Imports

wininet

FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

shlwapi

PathFileExistsW
PathFindExtensionW
PathRemoveFileSpecW

winmm

PlaySoundW

setupapi

SetupIterateCabinetW

dbghelp

SymGetModuleBase
SymGetSymFromAddr
StackWalk
SymFunctionTableAccess
SymGetLineFromAddr
SymSetOptions
SymGetOptions
SymCleanup
SymInitialize
SymLoadModule

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
SetLastError
GetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
GetCurrentThreadId
RaiseException
InterlockedDecrement
InterlockedIncrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThread
CloseHandle
HeapFree
CreateDirectoryW
GetTempPathW
SetCurrentDirectoryW
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalAlloc
DebugBreak
OutputDebugStringW
lstrlenA
lstrcmpW
lstrcpyW
MulDiv
IsBadCodePtr
SetUnhandledExceptionFilter
IsBadWritePtr
GetCurrentProcessId
lstrcpynW
FormatMessageW
IsBadReadPtr
ReadProcessMemory
GetVersionExW
OpenProcess
MultiByteToWideChar
WideCharToMultiByte
WinExec
VerLanguageNameW
RemoveDirectoryW
MoveFileExW
DeleteFileW
WriteFile
CreateFileA
GetTempPathA
CopyFileW
MoveFileW
GetTempFileNameW
FreeLibrary
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
GlobalFree
Sleep
GetTickCount
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
TerminateProcess
ReadFile
TlsSetValue
TlsFree
TlsAlloc
GetModuleFileNameA
QueryPerformanceCounter
GetCommandLineA
GetSystemTimeAsFileTime
GetFullPathNameW
GetCurrentDirectoryW
SetEnvironmentVariableW
CreateThread
ResumeThread
ExitThread
HeapReAlloc
RtlUnwind
ExitProcess
GetVersionExA
LocalFree
LocalAlloc
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
FlushFileBuffers
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA
SetConsoleCtrlHandler
SetEndOfFile
GetLocaleInfoW
TlsGetValue
VirtualQuery
CompareStringA
CompareStringW
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
VirtualAlloc
CreateFileW
VirtualProtect
GetSystemInfo
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetCPInfo
HeapSize

user32

GetAsyncKeyState
SetWindowRgn
InflateRect
IsWindowEnabled
SystemParametersInfoW
GetCapture
GetDlgCtrlID
AdjustWindowRectEx
GetMenu
DrawFocusRect
DrawEdge
DrawFrameControl
LoadBitmapW
GetCursorPos
PostMessageW
EndMenu
DrawTextW
CopyRect
KillTimer
UpdateWindow
LoadImageW
GetKeyState
SetWindowsHookExW
TrackPopupMenu
UnhookWindowsHookEx
CharLowerW
RegisterHotKey
UnregisterHotKey
GetSystemMetrics
DialogBoxIndirectParamW
wsprintfA
IsWindowVisible
CallNextHookEx
SetCursor
DestroyCursor
SetDlgItemTextW
IsDlgButtonChecked
CheckDlgButton
EndDialog
SetActiveWindow
MapWindowPoints
PtInRect
WindowFromDC
OffsetRect
GetMenuItemInfoW
EnableMenuItem
CharUpperW
GetWindowRect
TranslateMessage
DispatchMessageW
LoadMenuW
DialogBoxParamW
GetActiveWindow
SetLastErrorEx
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetDC
ReleaseDC
GetDesktopWindow
GetClassNameW
SetWindowPos
RedrawWindow
GetClientRect
BeginPaint
FillRect
EndPaint
IsChild
SetFocus
GetSysColor
DestroyAcceleratorTable
CallWindowProcW
CharNextW
wvsprintfW
GetWindowTextLengthW
GetWindowTextW
GetWindowLongW
DefWindowProcW
RegisterWindowMessageW
SetTimer
LoadCursorFromFileW
CharLowerBuffW
GetWindow
OpenClipboard
EmptyClipboard
CloseClipboard
MessageBoxW
UnregisterClassW
SetWindowLongW
RegisterClassExW
LoadCursorW
wsprintfW
GetClassInfoExW
LoadStringW
GetParent
ShowWindow
MoveWindow
SetWindowTextW
CreateWindowExW
SendMessageW
GetFocus
IsWindow
DestroyWindow
DestroyMenu
CreatePopupMenu
AppendMenuW
WindowFromPoint
ClientToScreen
GetSubMenu
InsertMenuW
PeekMessageW
GetMessagePos
CharUpperBuffW
ScreenToClient
UnregisterClassA
InvalidateRect

gdi32

GetTextExtentPoint32W
SelectObject
ExtTextOutW
SetBkMode
CreateRectRgn
GetTextMetricsW
CreateBrushIndirect
CreateRectRgnIndirect
SetBkColor
SelectClipRgn
GetClipBox
RestoreDC
SaveDC
SetTextColor
GetTextExtentPointW
CreatePen
CreatePatternBrush
Rectangle
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
DeleteObject
CreateFontW

shell32

SHAddToRecentDocs
SHEmptyRecycleBinW
ShellExecuteA
ShellExecuteW
DragQueryFileW
SHGetFolderPathW

ole32

OleLockRunning
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoGetClassObject
RegisterDragDrop
ReleaseStgMedium
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
SysAllocStringByteLen
VariantInit
SysStringByteLen
VariantClear
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
DispCallFunc
SafeArrayPutElement
SafeArrayCreate
VariantCopy
VariantChangeType
VarUI4FromStr
RegisterTypeLi
VarBstrCat
GetErrorInfo
SetErrorInfo
CreateErrorInfo

Exports

Exports

CanReload
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TBStudioReg

Sections

.text
Size: 944KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69ffd1f9f0a3f9aa948f04f88924c79c

Headers

File Characteristics

PDB Paths

Imports

wininet

shlwapi

winmm

setupapi

dbghelp

version

kernel32

user32

gdi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 944KB - Virtual size: 941KB

.rdata Size: 184KB - Virtual size: 182KB

.data Size: 20KB - Virtual size: 30KB

.SHARED Size: 204KB - Virtual size: 202KB

.rsrc Size: 20KB - Virtual size: 16KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 944KB - Virtual size: 941KB

.rdata
Size: 184KB - Virtual size: 182KB

.data
Size: 20KB - Virtual size: 30KB

.SHARED
Size: 204KB - Virtual size: 202KB

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 48KB - Virtual size: 44KB