dlbcunst[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dlbcunst.exe
Size

556KB
MD5

1383bc63a6aca5621e989a93dd63d8c5
SHA1

592574180dfcd2b6287a75938d8289b6e622f3a8
SHA256

7db06c14fdd51e1275688a51ab42e850747eb4eb903ff3cf3e2893cfee32cb16
SHA512

a50626529caf1726dce89ace32e0bc644831968ba5a5e6bee7246e5081fe1379b2f34bb5a48a699aa406ad10727e7d1d87a7355d0873c306a34e4062927f031c
SSDEEP

6144:gH1ipzyngWAH1HFZAixHZedGoO3ncDPnsX9mcvDmuWYrE1x/7PmtVN1mO3fKgqW8:gk9yg/FNQIoecDCqYoaUOCgqWgjyEPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dlbcunst.exe

Files

dlbcunst.exe
.exe windows:4 windows x86 arch:x86

0e0659d8eaac3260f3255cea6fa4fe4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\clients\lexmark\dell\dellstat\uninstaller\Release\uninstaller.pdb

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
IsBadWritePtr
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
SetErrorMode
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetModuleHandleA
SetLastError
FormatMessageW
LocalFree
GlobalFlags
GlobalUnlock
GlobalFree
InterlockedDecrement
InterlockedIncrement
lstrcpynW
lstrcatW
WritePrivateProfileStringW
GlobalAddAtomW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
LoadLibraryW
GetLocaleInfoW
Sleep
CreateMutexW
ReleaseMutex
CloseHandle
GetLastError
GetModuleFileNameW
CopyFileW
FindFirstFileW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
GetLocaleInfoA
GetACP
VirtualProtect
InterlockedExchange

user32

LoadIconW
MapWindowPoints
SetForegroundWindow
GetClientRect
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
UnregisterClassW
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongW
GetDlgItem
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
GetMenuItemID
GetSubMenu
GetMessagePos
UnhookWindowsHookEx
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextW
SetWindowTextW
GetClassNameW
GetMenuItemCount
LoadCursorW
GetCapture
ClientToScreen
SetMenuItemBitmaps
GetFocus
SendMessageW
RegisterWindowMessageW
PostMessageW
DestroyMenu
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetMessageTime
DestroyWindow
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
wsprintfW
WinHelpW
CreateWindowExW
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
TabbedTextOutW
GetTopWindow
GetMenu

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
GetStockObject
CreateBitmap
GetDeviceCaps
DeleteObject
SaveDC

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetFolderPathW

comctl32

ord17

shlwapi

SHDeleteKeyW
PathFindExtensionW
PathFindFileNameW
SHDeleteValueW

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e0659d8eaac3260f3255cea6fa4fe4f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

oleacc

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 436KB - Virtual size: 433KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 436KB - Virtual size: 433KB