ieshims.pdb
Static task
static1
1 signatures
General
-
Target
Albion.Menu.zip
-
Size
1.5MB
-
MD5
ca8a0b415c88af750d1e4d5c62f61291
-
SHA1
0110843bc1b7a135c1fc126c99f06321ddc7ce5b
-
SHA256
b0b3d9fb91e1f213077da2415c64f6d40245990631480211ec1455acbf54203d
-
SHA512
658b998264a1ac4ce1bf10165beb89506d87d1860c0b57fb04a0b55230e530f3d2b44ea5ce2c1a188bf37a78aaedca90c31d92589a1a5ce5423e4fc27e3952e0
-
SSDEEP
12288:RONrkN9cp6meFXbsv+f0JcmdMiavwYHU6rOTHR9j:IakleFrtykiayA6RJ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Debug/Debug.dll unpack001/Launcher.exe unpack001/Packaget/pack.dll
Files
-
Albion.Menu.zip.zip
-
Debug/Debug.dll.dll windows:10 windows x86 arch:x86
e92c2d8fe98ad511bae5bd55f68d684c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
_amsg_exit
_initterm
?terminate@@YAXXZ
calloc
??1type_info@@UAE@XZ
memcmp
_CxxThrowException
_stricmp
fclose
_wfopen
fputws
_lock
wcsncmp
_wcsicmp
_XcptFilter
_vsnwprintf
_vscwprintf
wcsrchr
wcsstr
_wcslwr
wcspbrk
wcschr
memmove_s
towlower
iswctype
wcsspn
memcpy_s
realloc
free
wcstok_s
iswspace
_wcsnicmp
malloc
_unlock
__dllonexit
_onexit
_except_handler4_common
memmove
__CxxFrameHandler3
memset
kernel32
OutputDebugStringW
DelayLoadFailureHook
ResolveDelayLoadedAPI
RaiseException
QueryFullProcessImageNameW
GetLogicalDriveStringsW
QueryDosDeviceW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
IsWow64Process
AcquireSRWLockShared
ReleaseSRWLockShared
GetTickCount64
OpenProcess
ReleaseMutex
WaitForSingleObject
CreateMutexW
InitializeCriticalSection
InitializeSRWLock
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
OutputDebugStringA
GetModuleHandleA
DeleteCriticalSection
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CopyFileExW
SetFileAttributesW
DeviceIoControl
GetFileInformationByHandle
CreateDirectoryW
lstrcmpiW
EncodePointer
EnterCriticalSection
FindClose
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameW
SearchPathW
GetFileAttributesW
SetLastError
LocalAlloc
VirtualQuery
GetCurrentDirectoryW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetCurrentProcessId
GetProcessId
GetLastError
TlsSetValue
ExitThread
GetProcessIdOfThread
GetThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetSystemDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
GetFullPathNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TlsGetValue
TlsAlloc
OpenEventW
WaitForSingleObjectEx
CloseHandle
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
TerminateProcess
DecodePointer
CreateFileW
GetFileSizeEx
GetModuleHandleW
RaiseFailFastException
VirtualProtect
FindNextFileW
TlsFree
FindFirstFileW
api-ms-win-downlevel-shlwapi-l1-1-0
StrCmpNIA
PathGetArgsW
PathSkipRootW
PathIsUNCW
StrCmpCW
StrCmpICA
StrDupW
StrCmpNICW
StrCmpICW
PathFindFileNameW
StrCmpIW
StrCmpNCW
api-ms-win-downlevel-advapi32-l1-1-0
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
ntdll
RtlNtStatusToDosError
NtQueryObject
iertutil
ord137
ord45
ord58
ord916
ord101
ord791
ord820
ord170
ord50
ord134
ord793
Exports
Exports
AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_AdminCheckAndLaunch
IEShims_CreateWindowEx
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize
Sections
.text Size: 255KB - Virtual size: 254KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.mrdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Launcher.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 424KB - Virtual size: 424KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Packaget/main.dll.dll windows:10 windows x86 arch:x86
34a0375d777d590987ece523ca7d41bc
Code Sign
33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before03/07/2018, 20:45Not After26/07/2019, 20:45SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c7:cb:9d:85:d2:6f:ab:86:31:1e:2b:1f:36:6d:af:90:c6:07:ea:8e:40:d1:0e:f2:da:02:ac:18:09:73:6f:daSigner
Actual PE Digestc7:cb:9d:85:d2:6f:ab:86:31:1e:2b:1f:36:6d:af:90:c6:07:ea:8e:40:d1:0e:f2:da:02:ac:18:09:73:6f:daDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
sqmapi.pdb
Imports
msvcrt
_unlock
_lock
__dllonexit
_onexit
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
memcpy_s
wcsrchr
_vsnwprintf
__CxxFrameHandler3
_callnewh
malloc
free
memset
advapi32
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
kernel32
GetCurrentThreadId
ReleaseMutex
OutputDebugStringW
OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
DebugBreak
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
FormatMessageW
DisableThreadLibraryCalls
SetLastError
GetLastError
GetCurrentProcess
CloseHandle
LocalFree
ExpandEnvironmentStringsW
FindFirstFileW
DeleteFileW
GetSystemTimeAsFileTime
FindClose
GetSystemDirectoryW
Sleep
CreateDirectoryW
GetTickCount
WaitForSingleObjectEx
FindNextFileW
ntdll
EtwTraceMessage
Exports
Exports
SqmAddToAverage
SqmAddToStream
SqmAddToStreamDWord
SqmAddToStreamDWord64
SqmAddToStreamString
SqmAddToStreamV
SqmCheckEscalationAddToStreamDWord
SqmCheckEscalationAddToStreamDWord64
SqmCheckEscalationAddToStreamString
SqmCheckEscalationSetDWord
SqmCheckEscalationSetDWord64
SqmCheckEscalationSetString
SqmCleanup
SqmClearFlags
SqmCreateNewId
SqmEndSession
SqmEndSessionEx
SqmFlushSession
SqmGetEnabled
SqmGetEscalationRuleStatus
SqmGetFlags
SqmGetInstrumentationProperty
SqmGetLastUploadTime
SqmGetMachineId
SqmGetSession
SqmGetSessionStartTime
SqmGetUserId
SqmIncrement
SqmIsNamespaceEnabled
SqmIsWindowsOptedIn
SqmLoadEscalationManifest
SqmReadSharedMachineId
SqmReadSharedUserId
SqmSet
SqmSetAppId
SqmSetAppVersion
SqmSetBits
SqmSetBool
SqmSetCurrentTimeAsUploadTime
SqmSetDWord64
SqmSetEnabled
SqmSetEscalationInfo
SqmSetFlags
SqmSetIfMax
SqmSetIfMin
SqmSetMachineId
SqmSetString
SqmSetUserId
SqmStartSession
SqmStartUpload
SqmStartUploadEx
SqmSysprepCleanup
SqmSysprepGeneralize
SqmTimerAccumulate
SqmTimerAddToAverage
SqmTimerRecord
SqmTimerStart
SqmUnattendedSetup
SqmUnloadEscalationManifest
SqmWaitForUploadComplete
SqmWriteSharedMachineId
SqmWriteSharedUserId
Sections
.text Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Packaget/pack.dll.dll regsvr32 windows:10 windows x86 arch:x86
830127705155748df0c8417ebb0bc879
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
hmmapi.pdb
Imports
msvcrt
_vsnprintf
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset
api-ms-win-core-libraryloader-l1-1-0
DisableThreadLibraryCalls
LoadStringA
GetModuleFileNameA
api-ms-win-core-registry-l1-1-0
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsA
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-file-l1-1-0
SetFileAttributesA
CreateFileA
GetFileSize
GetFileTime
api-ms-win-core-sysinfo-l1-1-0
GetVersionExA
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-localization-l1-2-0
FormatMessageA
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
advapi32
RegDeleteKeyA
kernel32
GetShortPathNameA
CompareStringA
lstrlenA
MoveFileA
LocalFree
lstrcmpA
GetTempPathA
shell32
ShellExecuteA
shlwapi
SHGetValueA
PathRemoveBackslashA
PathIsPrefixA
StrChrA
urlmon
CreateUriFromMultiByteString
user32
MessageBoxA
wininet
GetUrlCacheConfigInfoA
Exports
Exports
AddService
BMAPIAddress
BMAPIDetails
BMAPIFindNext
BMAPIGetAddress
BMAPIGetReadMail
BMAPIReadMail
BMAPIResolveName
BMAPISaveMail
BMAPISendMail
DllRegisterServer
DllUnregisterServer
MAPIAddress
MAPIDeleteMail
MAPIDetails
MAPIFindNext
MAPIFreeBuffer
MAPILogoff
MAPILogon
MAPIReadMail
MAPIResolveName
MAPISaveMail
MAPISendDocuments
MAPISendMail
MailToProtocolHandler
OpenInboxHandler
RemoveService
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 740B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ