32f79f9a6aebab89e0e089e34036775bcf3600758aa6f5c0e1456d508168385b

Sharing

Copy URL Twitter E-mail

General

Target

32f79f9a6aebab89e0e089e34036775bcf3600758aa6f5c0e1456d508168385b
Size

411KB
MD5

416179e2b136022f2a8ccc21cb907a3d
SHA1

eb9e76d0cbdbe004ba1e836b2e99081a841ca7bf
SHA256

32f79f9a6aebab89e0e089e34036775bcf3600758aa6f5c0e1456d508168385b
SHA512

50d6909ee17fef0287d2e698365e82d8cfe9447d09ba87cf8f6ac0114d1276f6551c3f77221d42c5feaafdd7bad6c55abbab302af636303e243dc7f7bb542ac8
SSDEEP

12288:sGQIYF8MwVJdZvleQ6fswHykRy2O1ye4R:stcnZvleQGhjRe0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32f79f9a6aebab89e0e089e34036775bcf3600758aa6f5c0e1456d508168385b

Files

32f79f9a6aebab89e0e089e34036775bcf3600758aa6f5c0e1456d508168385b
.dll regsvr32 windows:6 windows x86 arch:x86

b39f8b06cc5ebf8c66b642c5e488d5b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dbs\el\dec\target\x86\ship\osfsandbox\x-none\msosb.pdb

Imports

kernel32

HeapAlloc
LoadLibraryW
GetModuleHandleA
OutputDebugStringA
SetLastError
HeapFree
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
SetThreadLocale
WideCharToMultiByte
DuplicateHandle
ResumeThread
GetProcessHeap
GetThreadLocale
GetCurrentThreadId
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
LoadLibraryExW
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
GlobalFree
GlobalAlloc
LocalAlloc
SetErrorMode
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
UnmapViewOfFile
HeapDestroy
HeapReAlloc
HeapSize
OpenEventW
GlobalMemoryStatusEx
SetProcessWorkingSetSize
HeapCompact
K32GetProcessMemoryInfo
GetTickCount64
GetThreadTimes
CreateMutexW
ReleaseMutex
K32GetProcessImageFileNameW
GetCurrentProcessId
OpenProcess
SetEvent
OpenMutexW
FreeLibraryAndExitThread
WaitForSingleObject
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
CloseHandle
CreateThread
GetModuleHandleExW
CreateEventW
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
IsDebuggerPresent

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
EventWriteTransfer

ole32

OleUninitialize
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoRegisterPSClsid
CoUnmarshalInterface
CoCreateInstance
StringFromGUID2
CoRevokeClassObject
CoDisconnectObject
OleInitialize
CoTaskMemAlloc
CoRegisterClassObject
CoGetInterfaceAndReleaseStream

oleaut32

SysAllocString
LoadTypeLi
SysFreeString
LoadRegTypeLi
SafeArrayLock
SafeArrayCopy
SafeArrayGetVartype
SysStringLen
SafeArrayCreate
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SafeArrayGetElement
SafeArrayDestroy
SafeArrayUnlock
VarBstrCat

vcruntime140

memcpy
__CxxFrameHandler3
__std_terminate
wcsstr
_except_handler4_common
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
_purecall
memset
_CxxThrowException
memchr
memcmp
memmove

msvcp140

?exceptions@ios_base@std@@QAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
_Mtx_unlock
_Query_perf_frequency
_Query_perf_counter
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-string-l1-1-0

strncpy_s
strncmp
wcsncpy_s
_wcsnicmp
wcsncmp
tolower
towlower
wcscat_s
_wcsicmp
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_initterm
_initterm_e
_execute_onexit_table
_seh_filter_dll
terminate
_cexit
_crt_atexit
_configure_narrow_argv
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
__stdio_common_vswprintf_s
ungetc
fgetc
fread
fclose
fwrite
fgetpos
_fseeki64
fsetpos
fputc
setvbuf
fflush

api-ms-win-crt-convert-l1-1-0

_itow_s
wcstombs_s

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char

gdi32

CreateCompatibleBitmap
DeleteDC
GetObjectW
CreateDCW
GetDIBits
CreateCompatibleDC
SelectObject

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b39f8b06cc5ebf8c66b642c5e488d5b1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

vcruntime140

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

gdi32

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 248KB - Virtual size: 252KB

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 248KB - Virtual size: 252KB