65259146d75855563e5ab7c7c184ab3f8ffe725143586433de329e2062b25a4c

Sharing

Copy URL

Twitter E-mail

General

Target

65259146d75855563e5ab7c7c184ab3f8ffe725143586433de329e2062b25a4c
Size

1.1MB
MD5

858be7585c0c614cb4c111cfcc634d2c
SHA1

2f5ec6e729f81bdaa8ce4a1a166c3e7d2615cbb8
SHA256

65259146d75855563e5ab7c7c184ab3f8ffe725143586433de329e2062b25a4c
SHA512

511fdcca110cb45dfa451a1634986afba47739355a43bfa7632fded5ecc0162f7bf30cd3687a029ffbf846c07d418bc1d676e997ff5f41091f0c0070ec9c53a0
SSDEEP

24576:q/vsQ0EDIynK4wpqRl6vMNtsD3IycBHoiOeOPLVdEHL+lT8Oya++A:q/vsQlDIynK4w2lTSD4y8HOeOPL3iLaE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65259146d75855563e5ab7c7c184ab3f8ffe725143586433de329e2062b25a4c

Files

65259146d75855563e5ab7c7c184ab3f8ffe725143586433de329e2062b25a4c
.dll windows:6 windows x86 arch:x86

3c812c0d49048511dd14f992cb8422c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dbs\el\dec\target\x86\ship\msodll_50\x-none\Mso50Win32Client.pdb

Imports

kernel32

DisableThreadLibraryCalls
SizeofResource
SetLastError
EnterCriticalSection
OutputDebugStringA
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSectionEx
GetModuleHandleA
MultiByteToWideChar
GetLastError
RaiseException
LoadLibraryW
LoadResource
FindResourceW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
HeapFree
HeapAlloc
GetProcessHeap
GetFileAttributesExW
DeleteFileW
CompareStringEx
GetCurrentThreadId
CreateEventExW
ResetEvent
CloseHandle
SetEvent
WaitForSingleObjectEx
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDynamicTimeZoneInformation
GetTickCount64
GetVersionExW
GetLocalTime
FindFirstFileExW
FindNextFileW
MoveFileExW
FindClose
IsDebuggerPresent
OutputDebugStringW
VirtualProtect
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualQuery
GetSystemInfo

mso40uiwin32client

ord3629
ord883
ord2178
ord3837
ord4046
ord4599

mso30win32client

ord103
ord1589
ord1220
ord1691
ord1696
ord91
ord1458
ord460
ord1643
ord9
ord308
ord907
ord1979
ord1356
ord1216
ord1154
ord1918
ord2216
ord206
ord705
ord1895
ord702
ord1913
ord1919
ord1921
ord1868
ord1922
ord880
ord1923
ord2915
ord1781
ord50
ord1249

mso20win32client

ord1836
ord94
ord867
ord218
ord1061
ord789
ord488
ord480
ord1416
ord522
ord285
ord903
ord1624
ord463
ord1643
ord1504
ord2061
ord2478
ord316
ord2134
ord2477
ord2085
ord1794
ord186
ord2093
ord2084
ord2102
ord2154
ord2113
ord2116
ord2184
ord2083
ord2897
ord633
ord1407
ord554
ord990
ord855
ord1493
ord1364
ord1514
ord1554
ord284
ord860
ord2306
ord1935
ord151
ord1743
ord177
ord1998
ord1620
ord2804
ord667
ord1480
ord506
ord68
ord579
ord1145
ord1583
ord2065
ord272
ord1208
ord36
ord1180
ord304
ord1321
ord863
ord2060
ord2287
ord515
ord154
ord593
ord1099
ord291
ord1283
ord103
ord968
ord1368
ord1686
ord1109
ord1732
ord1789
ord234
ord837
ord638
ord2106
ord2126
ord2133
ord2155
ord2105
ord2190
ord2153
ord724
ord1195
ord422
ord2838
ord226
ord2131
ord2142
ord2396
ord1538
ord1761
ord544
ord1362
ord2856
ord2280
ord2290
ord1315
ord954
ord668
ord130
ord1157
ord1655
ord128
ord2098
ord609
ord1352
ord1995
ord1596
ord2313
ord414
ord2476
ord1767
ord715
ord1391
ord1385
ord1350
ord1108
ord181
ord1994
ord2736
ord471
ord719
ord844
ord1565
ord714
ord650
ord261
ord949
ord1913
ord1703
ord1200
ord2315
ord3
ord457
ord2282
ord1065
ord799
ord2916
ord2921
ord2918
ord1121
ord11
ord1622
ord107
ord1793
ord448
ord1937
ord135
ord2442
ord417
ord1658
ord2904
ord1360
ord456
ord951
ord56
ord2055
ord1790
ord287

vcruntime140

strchr
__std_terminate
wcsstr
wcsrchr
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
__std_type_info_compare
memmove
memset
memcpy
memcmp
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list

msvcp140

_Wcsxfrm
_Query_perf_frequency
_Query_perf_counter
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?id@?$collate@_W@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
_Thrd_sleep
?_Xlength_error@std@@YAXPBD@Z
_Thrd_id
?_Xbad_alloc@std@@YAXXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
_Wcscoll

api-ms-win-crt-heap-l1-1-0

malloc
free
_recalloc
realloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
terminate
_execute_onexit_table
_invalid_parameter_noinfo
_initterm
_initterm_e
_register_onexit_function
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcmp
strncpy_s
towlower
wcsncpy_s
wcsnlen

api-ms-win-crt-stdio-l1-1-0

fputc
_get_stream_buffer_pointers
fclose
fread
ungetc
fwrite
fgetc
__stdio_common_vswprintf_s
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
__stdio_common_vsnwprintf_s

api-ms-win-crt-convert-l1-1-0

wcstol
_wtoi
wcstoull
wcstod

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

?GetCampaigns@Governance@Personalization@Mso@@YG?AV?$optional@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@3@PBUIOfficeIdentity@Authentication@3@@Z
?GetUserFacts@UserFacts@Personalization@Mso@@YG?AV?$Future@UUserFactsResult@UserFacts@Personalization@Mso@@@3@PBUIOfficeIdentity@Authentication@3@@Z
?IsOptedInToProgram@ProgramOptIn@Personalization@Mso@@YG_NW4Program@123@@Z
?SetProgramOptInStatus@ProgramOptIn@Personalization@Mso@@YGXW4Program@123@_N@Z

Sections

.text
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 438KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c812c0d49048511dd14f992cb8422c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mso40uiwin32client

mso30win32client

mso20win32client

vcruntime140

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 540KB - Virtual size: 540KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 438KB - Virtual size: 440KB

.text
Size: 540KB - Virtual size: 540KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 438KB - Virtual size: 440KB