3b677769614409c8038939c2189534a995db70aea3220c7b782ac79dfd4d0cbd

Sharing

Copy URL

Twitter E-mail

General

Target

3b677769614409c8038939c2189534a995db70aea3220c7b782ac79dfd4d0cbd
Size

1.6MB
MD5

6ea4fb2510e2e4c78ae2756cc5ec1aac
SHA1

d454df91e68902eb00c2416ab0b6b57e5ad4ee9b
SHA256

3b677769614409c8038939c2189534a995db70aea3220c7b782ac79dfd4d0cbd
SHA512

f9da8817a771ea06c1b738adcefc656c7c50270ccdd43a821d4dbb61b6b9feb76da1440e923f71fe4f0502c54eed3c5fcffbd1d52acf9c61f27c4c8ca29bc520
SSDEEP

49152:Ps0s3pzopAtWOaq4tWIFIcOpHGbQxWdu:U0s5zopA7aqsWR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b677769614409c8038939c2189534a995db70aea3220c7b782ac79dfd4d0cbd

Files

3b677769614409c8038939c2189534a995db70aea3220c7b782ac79dfd4d0cbd
.dll windows:6 windows x86 arch:x86

ffeffe141dcf3c02cee0490c233ef51f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\work\nsis\rec_nsis\setupdll\Release\setupdll.pdb

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetModuleFileNameW
GetModuleHandleW
GetVersionExA
GetLocalTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
GetTickCount
MulDiv
FindResourceW
SizeofResource
LockResource
LoadResource
FreeResource
SetLastError
GetFullPathNameW
WriteConsoleW
SetEndOfFile
HeapSize
FlushFileBuffers
CreateFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
FindFirstFileW
IsValidCodePage
FindNextFileW
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeZoneInformation
SetStdHandle
GetFileSizeEx
GetConsoleOutputCP
WriteFile
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
GetFileType
GetStdHandle
GetModuleHandleExW
ReadFile
LoadLibraryExW
TlsFree
GetSystemFirmwareTable
TlsGetValue
TlsAlloc
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalLock
GlobalUnlock
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
FindClose
Sleep
FlushInstructionCache
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetLastError
lstrcpyW
SetDllDirectoryW
SetCurrentDirectoryW
lstrcpynW
MultiByteToWideChar
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
OutputDebugStringA
LocalFree
GetStringTypeW
GetVolumeInformationW
TlsSetValue
ExitProcess
GetACP
WideCharToMultiByte

user32

CallWindowProcW
SetWindowLongW
FindWindowExW
MessageBoxW
IsWindow
DestroyWindow
LoadCursorW
DestroyCursor
ShowWindow
UnregisterClassW
RegisterClassExW
CreateWindowExW
SetWindowPos
GetDlgItem
GetClientRect
GetWindowRect
GetActiveWindow
GetWindowLongW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
TrackMouseEvent
PostQuitMessage
AnimateWindow
SetLayeredWindowAttributes
DrawIconEx
InvertRect
FillRect
IsZoomed
SetFocus
IsIconic
GetCursorPos
SendMessageW
MapWindowPoints
PostMessageW
DefWindowProcW
GetCapture
GetForegroundWindow
MsgWaitForMultipleObjects
UpdateLayeredWindow
GetDesktopWindow
SetActiveWindow
EnableWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
GetSystemMetrics
EnableMenuItem
ClientToScreen
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadIconW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetKeyState
GetFocus
GetIconInfo
CharNextW
OffsetRect
GetSysColor
SetMenuContextHelpId
SetForegroundWindow
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
PtInRect
EqualRect
SetRect
SetCursor
DestroyIcon
GetClassNameW
IsRectEmpty
UnionRect
IntersectRect
InflateRect
CopyRect
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture

gdi32

SetROP2
CreateEllipticRgnIndirect
SetTextColor
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
CreateRoundRectRgn
EnumFontsW
DeleteObject
BitBlt
GetWorldTransform
Arc
CombineRgn
SetRectRgn
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
GetViewportOrgEx
GetCurrentObject
Polyline
ExtCreatePen
CreateDIBSection
SetWorldTransform

advapi32

RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW
SHBrowseForFolderW

ole32

CreateStreamOnHGlobal
IIDFromString
OleInitialize
CoTaskMemFree
OleUninitialize
OleLockRunning
CLSIDFromString
CoCreateInstance
CreateBindCtx
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString

shlwapi

StrToIntExW

wininet

InternetOpenA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetCrackUrlA
HttpQueryInfoA

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

iphlpapi

GetAdaptersInfo

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipBitmapLockBits
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdipGetImageHeight

msimg32

AlphaBlend
GradientFill

Exports

Exports

BindControlAndNSISScript
BindingProgress
ClosePage
FindChildByName
FindStringByName
GetControlProperties
InitWindow
NSISMessageBox
NSISOpenFolderDialog
NSISScriptSendMessage
SetControlProperties
ShowPage

Sections

.text
Size: 851KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffeffe141dcf3c02cee0490c233ef51f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

imm32

iphlpapi

gdiplus

msimg32

Exports

Exports

Sections

.text Size: 851KB - Virtual size: 850KB

.rdata Size: 254KB - Virtual size: 254KB

.data Size: 28KB - Virtual size: 96KB

.rsrc Size: 428KB - Virtual size: 428KB

.reloc Size: 63KB - Virtual size: 63KB

.text
Size: 851KB - Virtual size: 850KB

.rdata
Size: 254KB - Virtual size: 254KB

.data
Size: 28KB - Virtual size: 96KB

.rsrc
Size: 428KB - Virtual size: 428KB

.reloc
Size: 63KB - Virtual size: 63KB