8daceb1c8a6950c7b52b85fbf21bf3916c925609c73aaa9644dcd57e358a9500

Sharing

Copy URL Twitter E-mail

General

Target

8daceb1c8a6950c7b52b85fbf21bf3916c925609c73aaa9644dcd57e358a9500
Size

553KB
MD5

deffff84f4186dbc16f19b8478824813
SHA1

4d5c649d95577b4a7111d04adf708c503372dc72
SHA256

8daceb1c8a6950c7b52b85fbf21bf3916c925609c73aaa9644dcd57e358a9500
SHA512

a383b2e859dd85ea932eb32d2c70cd6d829600377f2a29bc5418a36c075ebfa78e3b0da4c27ade619b45cfcb01296fb3a0e646096f5c111ebfba34cc2eb7f1b0
SSDEEP

12288:tEeL+IItct6eEI4lt5G/ePLPp/a38bllnb:vBTBEtlzceTxu8b3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8daceb1c8a6950c7b52b85fbf21bf3916c925609c73aaa9644dcd57e358a9500

Files

8daceb1c8a6950c7b52b85fbf21bf3916c925609c73aaa9644dcd57e358a9500
.dll regsvr32 windows:6 windows x86 arch:x86

04985526b88f5f6d306e1bd7b737f57f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dbs\el\da1\target\x86\ship\misc_tcd\x-none\ieawsdc.pdb

Imports

setupapi

SetupIterateCabinetW

kernel32

ExpandEnvironmentStringsW
RemoveDirectoryW
SetFilePointer
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
GlobalAlloc
DeleteFileW
GlobalFree
CreateThread
GlobalLock
GetFileSize
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
FindNextFileW
MoveFileW
CompareStringEx
GetModuleFileNameW
SetLastError
GetCurrentThreadId
GetCurrentProcess
GetSystemTimeAsFileTime
TerminateProcess
GetShortPathNameA
GetCurrentProcessId
FreeEnvironmentStringsW
FindFirstFileW
ReadFile
CreateDirectoryW
LoadLibraryExW
lstrcmpiA
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
DecodePointer
LoadResource
IsDBCSLeadByte
RaiseException
CloseHandle
DisableThreadLibraryCalls
GetLastError
MultiByteToWideChar
GetModuleHandleA
GetSystemDirectoryW
FindResourceA
InitializeCriticalSectionEx
LeaveCriticalSection
EncodePointer
LoadLibraryExA
lstrlenW
EnterCriticalSection
SizeofResource
GetModuleFileNameA
GlobalUnlock
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
IsDebuggerPresent
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
VirtualProtect
VirtualQuery
HeapSize
GetModuleHandleExW
ExitProcess
LCMapStringW
HeapReAlloc
GetStdHandle
GetFileType

advapi32

RegCreateKeyExW
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegEnumKeyW
RegEnumKeyExA
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegCloseKey

gdi32

DeleteMetaFile
SetMetaFileBitsEx
SetEnhMetaFileBits
GetEnhMetaFileW
GetMetaFileW
SetWinMetaFileBits
GetMetaFileBitsEx

oleaut32

RegisterTypeLi
LoadRegTypeLi
VariantInit
LoadTypeLi
SysFreeString
UnRegisterTypeLi
SysAllocString
SysStringLen
VariantClear
VarUI4FromStr

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
DoDragDrop
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FGetMyTemplatesFolder
HrAddAssetIdToMruListEx
HrExtractTemplateToPath
HrExtractTemplateToPathEx
HrExtractTemplateToStoreLocation
HrExtractTemplateVer
HrVerifyInstallationBasic
TaggedHrExtractTemplateToStoreLocation
TaggedHrExtractTemplateVer
_HrAddAssetIdToMruList@12
_HrExtractTemplate@20

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 269KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04985526b88f5f6d306e1bd7b737f57f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

advapi32

gdi32

oleaut32

ole32

Exports

Exports

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 269KB - Virtual size: 272KB

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 269KB - Virtual size: 272KB