2ebe60f9685d4f39fb9c825c1546ca7cfd97dd87

Sharing

Copy URL Twitter E-mail

General

Target

2ebe60f9685d4f39fb9c825c1546ca7cfd97dd87
Size

2.5MB
MD5

8c632c0c123f6f82853fc78e9fbb0891
SHA1

2ebe60f9685d4f39fb9c825c1546ca7cfd97dd87
SHA256

506ead60339859e69b081580d024112c27f4b1b5acfc9d60481f097365f7923c
SHA512

36ed1356c42534d4804b94c0f6858c00eecfbd3351c050e0c5754b5bbf16def9e5c13a8131e9e78dd5fa101814779872542046ed6c9d8c237ade008dc2e39150
SSDEEP

49152:uxaOWVF2rwFyCzYCE0jSKwHstYzDjrIU6iqzE4T:Ql8Qstn+qE4T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ebe60f9685d4f39fb9c825c1546ca7cfd97dd87

Files

2ebe60f9685d4f39fb9c825c1546ca7cfd97dd87
.dll regsvr32 windows:5 windows x64 arch:x64

5dcc5db8bf8082c627826257bcc33ef9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\CODE\SHPptExt\SHPptExt\x64\Release\PPTViewerX64.pdb

Imports

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

SetEvent
CloseHandle
CreateEventA
LockResource
FindResourceExW
TlsAlloc
TlsFree
WideCharToMultiByte
CreateFileA
GetFileSize
TlsGetValue
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
WaitForSingleObject
SleepEx
WriteFile
TlsSetValue
TerminateThread
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
VerifyVersionInfoA
ReadFile
SetLastError
QueueUserAPC
ResetEvent
MoveFileA
WaitForMultipleObjects
CreateIoCompletionPort
CreateWaitableTimerA
DeleteFileA
WaitForSingleObjectEx
GetTickCount
GetModuleHandleA
GlobalMemoryStatus
Process32First
Process32Next
DeviceIoControl
GetSystemInfo
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
CreateFileW
CreateMutexW
ReadConsoleInputA
SetHandleCount
Sleep
PostQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetModuleHandleW
GetThreadLocale
SetThreadLocale
InitializeCriticalSection
SetEndOfFile
RaiseException
GetCPInfo
ExitProcess
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
RtlCaptureContext
RtlVirtualUnwind
DeleteCriticalSection
GetModuleFileNameW
GetPrivateProfileStringW
FlushConsoleInputBuffer
LoadLibraryW
GetVersion
lstrlenA
IsDBCSLeadByteEx
GetStringTypeExA
FormatMessageA
LocalFree
WaitForMultipleObjectsEx
SystemTimeToFileTime
OpenEventA
ReleaseSemaphore
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
IsDebuggerPresent
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
SetUnhandledExceptionFilter
GetFileType
SetConsoleMode
UnhandledExceptionFilter
GetCurrentProcess
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LoadLibraryA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapDestroy
HeapReAlloc
HeapSize
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
SetConsoleCtrlHandler
ExitThread
ResumeThread
CreateThread
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetDateFormatA
GetTimeFormatA
TerminateProcess
GetStartupInfoA

user32

GetUserObjectInformationW
GetProcessWindowStation
GetWindowTextA
GetDesktopWindow
GetWindow
InsertMenuW
CharNextW
MessageBoxW
LoadStringA

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegOpenKeyA
RegDeleteKeyW
RegQueryValueExA
RegQueryInfoKeyW

shell32

ShellExecuteExA
ShellExecuteExW
DragQueryFileW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc

oleaut32

VariantClear
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString

ws2_32

select
htons
ntohs
getsockname
freeaddrinfo
getsockopt
WSARecv
ioctlsocket
WSASend
WSAGetLastError
setsockopt
WSASetLastError
getaddrinfo
htonl
ntohl
inet_ntoa
connect
WSAStringToAddressA
accept
closesocket
WSACleanup
WSAStartup
listen
__WSAFDIsSet
bind
WSAAddressToStringA
WSAIoctl
WSASocketW
getpeername

iphlpapi

GetAdaptersInfo

rasapi32

RasEnumConnectionsA

wininet

InternetOpenA
HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
InternetWriteFile
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA
InternetCloseHandle

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 167KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dcc5db8bf8082c627826257bcc33ef9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

iphlpapi

rasapi32

wininet

version

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 592KB - Virtual size: 592KB

.data Size: 167KB - Virtual size: 190KB

.pdata Size: 120KB - Virtual size: 120KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 592KB - Virtual size: 592KB

.data
Size: 167KB - Virtual size: 190KB

.pdata
Size: 120KB - Virtual size: 120KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 22KB - Virtual size: 22KB