2bf3206d6aa5c6d7a0fbf64424521564065e5f30187646992d06c134d3f2319d

Sharing

Copy URL Twitter E-mail

General

Target

2bf3206d6aa5c6d7a0fbf64424521564065e5f30187646992d06c134d3f2319d
Size

425KB
MD5

e56d2498235d55ec48749e42d71cfd8b
SHA1

d10a53905871044a212a773138d24c359cbb27e8
SHA256

2bf3206d6aa5c6d7a0fbf64424521564065e5f30187646992d06c134d3f2319d
SHA512

0210eceeb92232555246111e37fd65e45be3a39310d7babcda7bf995c8058c1b0a9139bff6b1544933a4484141346f3989e29593e7ccba3afa2c4a1e6ad0fc13
SSDEEP

12288:vwpZYheZZUFjd0INUz1YutpNVEWIbtMYeOpUQ:4zYhen2jdx+z1fpNqWCeO2Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e_upwj01.dll

Files

2bf3206d6aa5c6d7a0fbf64424521564065e5f30187646992d06c134d3f2319d
.cab
e_upwj01.dll
.dll windows:5 windows x86 arch:x86

dbf1d6381b6041583787cff1f4c7bec5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E_UPWJ01.pdb

Imports

kernel32

InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
InterlockedIncrement
GlobalGetAtomNameW
GetAtomNameW
GetFileAttributesExW
GetFileSizeEx
GlobalFlags
GetPrivateProfileIntW
GetCurrentDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
CreateDirectoryA
ExitProcess
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCommandLineA
RtlUnwind
RaiseException
HeapReAlloc
SetStdHandle
GetFileType
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GlobalHandle
IsValidCodePage
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapCreate
HeapDestroy
FatalAppExitA
GetStdHandle
GetModuleFileNameA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
WaitForMultipleObjects
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
FreeResource
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalAddAtomW
CreateEventW
SetEvent
SetThreadPriority
lstrlenA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
lstrcmpW
GetModuleHandleA
FileTimeToLocalFileTime
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
MoveFileW
InterlockedDecrement
CopyFileW
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
Sleep
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetPrivateProfileSectionW
GetWindowsDirectoryW
WriteFile
SetFilePointer
GetCurrentProcessId
GetUserDefaultLCID
GetExitCodeThread
SuspendThread
ResumeThread
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateFileA
WritePrivateProfileStringW
ReadFile
GetFileSize
CreateFileW
GetUserDefaultLangID
FindNextFileW
ExpandEnvironmentStringsW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
SetLastError
DeleteFileW
GetVersionExW
GetPrivateProfileSectionNamesW
GlobalSize
GlobalAlloc
lstrlenW
GetLastError
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetPrivateProfileStringW
GlobalFree
FindClose
FindFirstFileW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetSystemDefaultLCID
GetStringTypeExW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
WideCharToMultiByte
MultiByteToWideChar
HeapSize
HeapFree
HeapAlloc
GetProcessHeap
GetTickCount
GetFileAttributesW
GetTempPathW
VirtualFree
VirtualAlloc
lstrcmpA
LocalFree
LocalAlloc
FindResourceW
LoadResource
LockResource
GetOEMCP
SizeofResource

user32

SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowThreadProcessId
SendDlgItemMessageW
EnableWindow
SetParent
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetSysColor
EndPaint
BeginPaint
GetWindowDC
BeginDeferWindowPos
GetAsyncKeyState
IsWindow
SetForegroundWindow
GetLastActivePopup
GetWindowLongW
SetWindowLongW
SetWindowPos
SendMessageW
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
CharUpperW
GetSystemMetrics
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfW
LoadIconW
RegisterWindowMessageW
UnregisterClassW
GetSysColorBrush
LoadCursorW
CheckDlgButton
CheckRadioButton
SetCapture
LockWindowUpdate
GetDCEx
IsWindowEnabled
UnionRect
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetDesktopWindow
GetSystemMenu
IsRectEmpty
MapVirtualKeyW
GetKeyNameTextW
WindowFromPoint
KillTimer
SetTimer
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuW
GetMenuBarInfo
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorW
GetDialogBaseUnits
InvalidateRect
SetRectEmpty
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
DestroyIcon
DeleteMenu
InflateRect
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
MessageBoxW
GetDlgItemInt

gdi32

StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
GetPixel
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32W
GetCharWidthW
CreateFontW
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsW
GetBkColor
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
RestoreDC
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
CreateCompatibleDC
GetDeviceCaps
SaveDC
CreateDCW
CopyMetaFileW
SetBkColor

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW
GetPrinterDriverW
EnumPrintersW
XcvDataW
EnumPortsW
GetPrinterW

advapi32

RegQueryValueExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExW
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW

shell32

SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW

shlwapi

PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathRemoveFileSpecW

ole32

WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
SetConvertStg
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
CoTaskMemFree
CoUninitialize
CoInitialize
ReadClassStg
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoInitializeEx

oleaut32

SafeArrayPtrOfIndex
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
SafeArrayCopy

wintrust

WinVerifyTrust

crypt32

CryptQueryObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptBinaryToStringW

wininet

InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetQueryOptionW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

WSAStartup
WSACleanup
gethostbyname
inet_ntoa

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

Exports

Exports

AuthenticatePassword
CheckInternetConnection
CheckPasswordEnabled
DL_Cancel
Download
FWUnLockEnd
FWUnLockStart
GetProductSoftwareInfo

Sections

.text
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbf1d6381b6041583787cff1f4c7bec5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

wintrust

crypt32

wininet

version

ws2_32

oleacc

Exports

Exports

Sections

.text Size: 678KB - Virtual size: 678KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 14KB - Virtual size: 29KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 678KB - Virtual size: 678KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 14KB - Virtual size: 29KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 41KB - Virtual size: 40KB