msi.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cd9c11e3d4e36f7f39c66c98bae32779.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
cd9c11e3d4e36f7f39c66c98bae32779.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
cd9c11e3d4e36f7f39c66c98bae32779
-
Size
2.7MB
-
MD5
cd9c11e3d4e36f7f39c66c98bae32779
-
SHA1
2e4b819f15299589553ace0f3547cd149600510c
-
SHA256
98bf87b604bc99ca07559c5160594eedc97b5dac649239e9293973c04c3f40b9
-
SHA512
64587aa02ce83c3d43e734d785a7be104abf70173ae1dc2b08e16fbf3bfee7a6840d69a8f1976b88aa164756bb913238c1f8886c8f8e59b9c344d188e883c8a3
-
SSDEEP
49152:8OPZ+D+2hvGJKt7o4mUvWIK8871LAwLIo:8Y+D+2ZGJI7rOIK/7iwL
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cd9c11e3d4e36f7f39c66c98bae32779
Files
-
cd9c11e3d4e36f7f39c66c98bae32779.dll regsvr32 windows:5 windows x86 arch:x86
84f8d40fd3b86b50db410252ade3dd7c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
RegFlushKey
DuplicateToken
AddAccessDeniedAce
GetSidSubAuthorityCount
GetSidLengthRequired
LookupAccountNameW
RegSetKeySecurity
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegGetKeySecurity
PrivilegeCheck
EqualSid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
ConvertSidToStringSidW
CopySid
GetFileSecurityW
MakeAbsoluteSD
GetUserNameW
RegEnumKeyW
CreateServiceW
ChangeServiceConfigW
DeleteService
QueryServiceConfigW
StartServiceW
IsValidSecurityDescriptor
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetLengthSid
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegConnectRegistryW
RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
SetThreadToken
OpenThreadToken
SetTokenInformation
GetTokenInformation
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetServiceDisplayNameW
QueryServiceStatus
ControlService
EnumDependentServicesW
gdi32
GetTextExtentPoint32W
CreateFontW
EnumFontFamiliesExW
GetDeviceCaps
CreateFontIndirectW
GetTextFaceW
DeleteObject
RemoveFontResourceW
AddFontResourceW
GetTextMetricsW
SelectObject
kernel32
DuplicateHandle
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
ResetEvent
DosDateTimeToFileTime
FileTimeToDosDateTime
GetFileSizeEx
GetFileTime
SetFileTime
EnumResourceNamesW
EnumResourceLanguagesW
SizeofResource
GetDiskFreeSpaceExW
QueryPerformanceCounter
UnhandledExceptionFilter
MoveFileW
InterlockedExchange
GetLastError
CloseHandle
GetCurrentProcess
Sleep
GetVersionExW
GetEnvironmentVariableW
GetExitCodeThread
lstrlenW
lstrcmpW
lstrcmpiW
GlobalFree
GetSystemDefaultLangID
GlobalAlloc
GetSystemInfo
SetLastError
GetModuleFileNameW
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
InitializeCriticalSection
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetTickCount
FreeLibrary
LockResource
LoadResource
FindResourceExW
LoadLibraryExW
FormatMessageW
CreateDirectoryW
GetTempPathW
TlsFree
GetCurrentThreadId
DisableThreadLibraryCalls
DeleteCriticalSection
CompareStringW
FileTimeToSystemTime
GetUserDefaultLCID
GetFileAttributesW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileSize
GetFileType
CreateFileW
LeaveCriticalSection
lstrcpynA
lstrcpynW
LocalFree
EnterCriticalSection
ExpandEnvironmentStringsA
SetErrorMode
lstrcmpA
GetProcAddress
lstrcmpiA
GetModuleFileNameA
GetLocalTime
InterlockedIncrement
SetEvent
GetSystemDirectoryW
InterlockedDecrement
WaitForSingleObject
ResumeThread
GetCurrentProcessId
IsDebuggerPresent
LoadLibraryW
TlsSetValue
TlsAlloc
CreateEventW
CreateThread
GetCurrentThread
TerminateProcess
GetShortPathNameW
FindClose
FindFirstFileW
GetPrivateProfileStringW
GetProfileStringW
SetUnhandledExceptionFilter
MoveFileExW
CreateMutexW
WriteFile
FindNextFileW
GetACP
UnlockFile
SetEndOfFile
LockFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
DebugBreak
GetTempFileNameW
ExitThread
GetExitCodeProcess
CreateProcessW
VirtualFree
GetOverlappedResult
FlushFileBuffers
LocalAlloc
MulDiv
VirtualAlloc
FreeLibraryAndExitThread
WaitForMultipleObjects
TerminateThread
RaiseException
GetLocaleInfoW
GetUserDefaultLangID
ReadFile
WriteProfileStringW
WritePrivateProfileStringW
GetComputerNameW
GlobalMemoryStatus
RemoveDirectoryW
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
ReleaseMutex
GetWindowsDirectoryW
TlsGetValue
SetFileAttributesW
GetVolumeInformationW
GetCurrentDirectoryW
OpenMutexW
ExitProcess
OpenProcess
OutputDebugStringA
FormatMessageA
OutputDebugStringW
GetNumberFormatW
GlobalUnlock
GlobalLock
GlobalReAlloc
IsValidCodePage
GetDriveTypeW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
msvcrt
_vsnprintf
_wtoi
_ui64tow
wcsstr
_wtoi64
strtol
memmove
_itoa
isdigit
_itow
iswdigit
_vsnwprintf
_ultow
wcstoul
qsort
_except_handler3
wcschr
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_wcsnicmp
wcstol
_i64tow
ntdll
NtQueryInformationProcess
rpcrt4
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllGetClassObject
NdrClientCall2
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerRelease
user32
CharUpperW
PostThreadMessageW
GetActiveWindow
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
MessageBoxW
ExitWindowsEx
PostQuitMessage
CharPrevW
SendMessageTimeoutW
PostMessageW
DefWindowProcW
CreateWindowExW
RegisterClassW
UnregisterClassW
DestroyWindow
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CharNextA
GetWindowLongW
GetDlgItemTextW
GetDlgItem
InvalidateRect
ReleaseDC
SendMessageW
GetDC
EnableWindow
SetCursor
LoadCursorW
IsWindowEnabled
IsWindowVisible
LoadIconW
SetForegroundWindow
CharPrevA
SetFocus
MoveWindow
CreateDialogParamW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
SetWindowPos
CharLowerW
EndDialog
GetClientRect
MapWindowPoints
DrawTextW
CopyRect
RemoveMenu
GetSystemMenu
GetFocus
RegisterWindowMessageW
DialogBoxParamW
CharUpperBuffW
SetUserObjectSecurity
GetWindowThreadProcessId
GetWindow
EnumWindows
CharNextW
LoadStringW
IsCharLowerW
GetProcessWindowStation
GetUserObjectInformationW
SetWindowLongW
ShowWindow
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer
Migrate10CachedPackagesA
Migrate10CachedPackagesW
MsiAdvertiseProductA
MsiAdvertiseProductExA
MsiAdvertiseProductExW
MsiAdvertiseProductW
MsiAdvertiseScriptA
MsiAdvertiseScriptW
MsiApplyMultiplePatchesA
MsiApplyMultiplePatchesW
MsiApplyPatchA
MsiApplyPatchW
MsiCloseAllHandles
MsiCloseHandle
MsiCollectUserInfoA
MsiCollectUserInfoW
MsiConfigureFeatureA
MsiConfigureFeatureFromDescriptorA
MsiConfigureFeatureFromDescriptorW
MsiConfigureFeatureW
MsiConfigureProductA
MsiConfigureProductExA
MsiConfigureProductExW
MsiConfigureProductW
MsiCreateAndVerifyInstallerDirectory
MsiCreateRecord
MsiCreateTransformSummaryInfoA
MsiCreateTransformSummaryInfoW
MsiDatabaseApplyTransformA
MsiDatabaseApplyTransformW
MsiDatabaseCommit
MsiDatabaseExportA
MsiDatabaseExportW
MsiDatabaseGenerateTransformA
MsiDatabaseGenerateTransformW
MsiDatabaseGetPrimaryKeysA
MsiDatabaseGetPrimaryKeysW
MsiDatabaseImportA
MsiDatabaseImportW
MsiDatabaseIsTablePersistentA
MsiDatabaseIsTablePersistentW
MsiDatabaseMergeA
MsiDatabaseMergeW
MsiDatabaseOpenViewA
MsiDatabaseOpenViewW
MsiDecomposeDescriptorA
MsiDecomposeDescriptorW
MsiDeleteUserDataA
MsiDeleteUserDataW
MsiDetermineApplicablePatchesA
MsiDetermineApplicablePatchesW
MsiDeterminePatchSequenceA
MsiDeterminePatchSequenceW
MsiDoActionA
MsiDoActionW
MsiEnableLogA
MsiEnableLogW
MsiEnableUIPreview
MsiEnumClientsA
MsiEnumClientsW
MsiEnumComponentCostsA
MsiEnumComponentCostsW
MsiEnumComponentQualifiersA
MsiEnumComponentQualifiersW
MsiEnumComponentsA
MsiEnumComponentsW
MsiEnumFeaturesA
MsiEnumFeaturesW
MsiEnumPatchesA
MsiEnumPatchesExA
MsiEnumPatchesExW
MsiEnumPatchesW
MsiEnumProductsA
MsiEnumProductsExA
MsiEnumProductsExW
MsiEnumProductsW
MsiEnumRelatedProductsA
MsiEnumRelatedProductsW
MsiEvaluateConditionA
MsiEvaluateConditionW
MsiExtractPatchXMLDataA
MsiExtractPatchXMLDataW
MsiFormatRecordA
MsiFormatRecordW
MsiGetActiveDatabase
MsiGetComponentPathA
MsiGetComponentPathW
MsiGetComponentStateA
MsiGetComponentStateW
MsiGetDatabaseState
MsiGetFeatureCostA
MsiGetFeatureCostW
MsiGetFeatureInfoA
MsiGetFeatureInfoW
MsiGetFeatureStateA
MsiGetFeatureStateW
MsiGetFeatureUsageA
MsiGetFeatureUsageW
MsiGetFeatureValidStatesA
MsiGetFeatureValidStatesW
MsiGetFileHashA
MsiGetFileHashW
MsiGetFileSignatureInformationA
MsiGetFileSignatureInformationW
MsiGetFileVersionA
MsiGetFileVersionW
MsiGetLanguage
MsiGetLastErrorRecord
MsiGetMode
MsiGetPatchInfoA
MsiGetPatchInfoExA
MsiGetPatchInfoExW
MsiGetPatchInfoW
MsiGetProductCodeA
MsiGetProductCodeFromPackageCodeA
MsiGetProductCodeFromPackageCodeW
MsiGetProductCodeW
MsiGetProductInfoA
MsiGetProductInfoExA
MsiGetProductInfoExW
MsiGetProductInfoFromScriptA
MsiGetProductInfoFromScriptW
MsiGetProductInfoW
MsiGetProductPropertyA
MsiGetProductPropertyW
MsiGetPropertyA
MsiGetPropertyW
MsiGetShortcutTargetA
MsiGetShortcutTargetW
MsiGetSourcePathA
MsiGetSourcePathW
MsiGetSummaryInformationA
MsiGetSummaryInformationW
MsiGetTargetPathA
MsiGetTargetPathW
MsiGetUserInfoA
MsiGetUserInfoW
MsiInstallMissingComponentA
MsiInstallMissingComponentW
MsiInstallMissingFileA
MsiInstallMissingFileW
MsiInstallProductA
MsiInstallProductW
MsiInvalidateFeatureCache
MsiIsProductElevatedA
MsiIsProductElevatedW
MsiLoadStringA
MsiLoadStringW
MsiLocateComponentA
MsiLocateComponentW
MsiMessageBoxA
MsiMessageBoxExA
MsiMessageBoxExW
MsiMessageBoxW
MsiNotifySidChangeA
MsiNotifySidChangeW
MsiOpenDatabaseA
MsiOpenDatabaseW
MsiOpenPackageA
MsiOpenPackageExA
MsiOpenPackageExW
MsiOpenPackageW
MsiOpenProductA
MsiOpenProductW
MsiPreviewBillboardA
MsiPreviewBillboardW
MsiPreviewDialogA
MsiPreviewDialogW
MsiProcessAdvertiseScriptA
MsiProcessAdvertiseScriptW
MsiProcessMessage
MsiProvideAssemblyA
MsiProvideAssemblyW
MsiProvideComponentA
MsiProvideComponentFromDescriptorA
MsiProvideComponentFromDescriptorW
MsiProvideComponentW
MsiProvideQualifiedComponentA
MsiProvideQualifiedComponentExA
MsiProvideQualifiedComponentExW
MsiProvideQualifiedComponentW
MsiQueryComponentStateA
MsiQueryComponentStateW
MsiQueryFeatureStateA
MsiQueryFeatureStateExA
MsiQueryFeatureStateExW
MsiQueryFeatureStateFromDescriptorA
MsiQueryFeatureStateFromDescriptorW
MsiQueryFeatureStateW
MsiQueryProductStateA
MsiQueryProductStateW
MsiRecordClearData
MsiRecordDataSize
MsiRecordGetFieldCount
MsiRecordGetInteger
MsiRecordGetStringA
MsiRecordGetStringW
MsiRecordIsNull
MsiRecordReadStream
MsiRecordSetInteger
MsiRecordSetStreamA
MsiRecordSetStreamW
MsiRecordSetStringA
MsiRecordSetStringW
MsiReinstallFeatureA
MsiReinstallFeatureFromDescriptorA
MsiReinstallFeatureFromDescriptorW
MsiReinstallFeatureW
MsiReinstallProductA
MsiReinstallProductW
MsiRemovePatchesA
MsiRemovePatchesW
MsiSequenceA
MsiSequenceW
MsiSetComponentStateA
MsiSetComponentStateW
MsiSetExternalUIA
MsiSetExternalUIRecord
MsiSetExternalUIW
MsiSetFeatureAttributesA
MsiSetFeatureAttributesW
MsiSetFeatureStateA
MsiSetFeatureStateW
MsiSetInstallLevel
MsiSetInternalUI
MsiSetMode
MsiSetPropertyA
MsiSetPropertyW
MsiSetTargetPathA
MsiSetTargetPathW
MsiSourceListAddMediaDiskA
MsiSourceListAddMediaDiskW
MsiSourceListAddSourceA
MsiSourceListAddSourceExA
MsiSourceListAddSourceExW
MsiSourceListAddSourceW
MsiSourceListClearAllA
MsiSourceListClearAllExA
MsiSourceListClearAllExW
MsiSourceListClearAllW
MsiSourceListClearMediaDiskA
MsiSourceListClearMediaDiskW
MsiSourceListClearSourceA
MsiSourceListClearSourceW
MsiSourceListEnumMediaDisksA
MsiSourceListEnumMediaDisksW
MsiSourceListEnumSourcesA
MsiSourceListEnumSourcesW
MsiSourceListForceResolutionA
MsiSourceListForceResolutionExA
MsiSourceListForceResolutionExW
MsiSourceListForceResolutionW
MsiSourceListGetInfoA
MsiSourceListGetInfoW
MsiSourceListSetInfoA
MsiSourceListSetInfoW
MsiSummaryInfoGetPropertyA
MsiSummaryInfoGetPropertyCount
MsiSummaryInfoGetPropertyW
MsiSummaryInfoPersist
MsiSummaryInfoSetPropertyA
MsiSummaryInfoSetPropertyW
MsiUseFeatureA
MsiUseFeatureExA
MsiUseFeatureExW
MsiUseFeatureW
MsiVerifyDiskSpace
MsiVerifyPackageA
MsiVerifyPackageW
MsiViewClose
MsiViewExecute
MsiViewFetch
MsiViewGetColumnInfo
MsiViewGetErrorA
MsiViewGetErrorW
MsiViewModify
Sections
.orpc Size: 512B - Virtual size: 308B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 955KB - Virtual size: 955KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 81KB - Virtual size: 81KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE