MenuEx[.]dll | Triage

Resubmissions

30/04/2024, 10:35

240430-mmyvmaac7x 3

15/04/2024, 17:02

240415-vj4kpsbd75 6

Sharing

Copy URL Twitter E-mail

General

Target

MenuEx.dll
Size

702KB
MD5

1d8d71b4a0870c0dfa3468470fb28a28
SHA1

8edb7b339d957a4a1f1070a082ee8b06353e4df0
SHA256

09ffc4188bf11bf059b616491fcb8a09a474901581f46ec7f2c350fbda4e1e1c
SHA512

299ebba518699921d38723cc2bec5ac58ded28c7c3ab7bed865d29f239dc600d9da0487d9f87e23b7fff67acc4bdba976e0e0ff72f0e4bc959feb73565f2fabc
SSDEEP

12288:zjsoDasPcFtjnHoFsR/raVRjleiUt/tFsui3Abg3qomitjWep4xr0M1:XXasPcFtjnHoFsRrYRbUt/tFsrh3qo56

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MenuEx.dll

Files

MenuEx.dll
.dll regsvr32 windows:5 windows x86 arch:x86

15a533ac68ca96853084544f780c4d18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\500965\out\Release\MenuEx.pdb

Imports

mpr

WNetGetConnectionW

kernel32

FindClose
FindFirstFileW
FlushFileBuffers
GetFileAttributesW
GetLongPathNameW
GetTempFileNameW
WriteFile
GetTempPathW
CloseHandle
WaitForSingleObject
OpenMutexW
Sleep
GetExitCodeProcess
CreateThread
GetExitCodeThread
CreateProcessW
GetSystemInfo
GetVersion
GetVersionExW
FindResourceExW
FreeResource
GetModuleHandleA
LockResource
LoadLibraryW
InitializeCriticalSectionAndSpinCount
DeleteFileW
GlobalLock
GlobalFree
MulDiv
lstrcmpiA
lstrcpynA
lstrcpynW
lstrlenW
GetPrivateProfileStringW
WideCharToMultiByte
OutputDebugStringW
GetFileType
GetFileInformationByHandle
GetDriveTypeW
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
GetSystemDirectoryW
GetTickCount
DeviceIoControl
SetLastError
GetFullPathNameW
LCMapStringW
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
CreateFileW
MultiByteToWideChar
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls
GlobalUnlock
DeleteCriticalSection
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
AreFileApisANSI
GlobalAlloc
PeekNamedPipe
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FormatMessageW
IsDebuggerPresent

user32

SystemParametersInfoW
LoadStringW
WaitForInputIdle
GetSystemMetrics
InsertMenuW
SetMenuItemBitmaps
InsertMenuItemW
DrawTextW
GetDC
ReleaseDC
GetSysColor
FindWindowW
LoadImageW
CharNextW
UnregisterClassW

gdi32

SetDIBits
GetDIBits
ExtTextOutW
GetObjectW
SetTextColor
SetBkMode
SetBkColor
SelectObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC

advapi32

RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SystemFunction036
ImpersonateSelf
RevertToSelf

shell32

ShellExecuteExW
DragQueryFileW

ole32

ReleaseStgMedium
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

LoadTypeLi
SysFreeString
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysStringLen
SysAllocString

shlwapi

PathAppendW
SHGetValueW
PathFileExistsW
SHDeleteKeyW

msimg32

AlphaBlend

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdiplusShutdown
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage

msvcrt

wcsncmp
memmove
strlen
fclose
setlocale
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
_cexit
_amsg_exit
__getmainargs
__wgetmainargs
_environ
_wenviron
atexit
_initterm
__CxxFrameHandler
__DestructExceptionObject
?raw_name@type_info@@QBEPBDXZ
_wcslwr
__pctype_func
_iob
_wgetenv
_wputenv
__doserrno
atof
getenv
_putenv
getwc
_wfopen
_wfreopen
_wtmpnam
__wcserror
_strerror
_wasctime
_wctime64
asctime
_ctime64
_gmtime64
_localtime64
_mktime64
_waccess
_wfindfirst64
_wfindnext64
_wsopen
_access
atoi
_findfirst64
_findnext64
_lseeki64
_sopen
clearerr
fgetpos
??_U@YAPAXI@Z
fread
??3@YAXPAX@Z
fsetpos
getc
tmpnam
___lc_codepage_func
_Getdays
_Getmonths
_Strftime
_fstat64
_ftime64
_lock
_unlock
_assert
wcscmp
_dstbias
_timezone
_tzname
_sys_errlist
_sys_nerr
tolower
___mb_cur_max_func
wcstol
strtol
localeconv
abort
_CxxThrowException
wcslen
wcspbrk
_wfullpath
_getdrive
wcsstr
memset
memcpy
__dllonexit
_itow
_ltow
_ultow
_i64tow
_ui64tow
_wsplitpath
_wsearchenv
_itoa
_ltoa
_ultoa
_i64toa
_ui64toa
_ecvt
_fcvt
_gcvt
_splitpath
_searchenv
_controlfp
_control87
_wmktemp
_chsize
_mktemp
_wstrtime
_strtime
tmpfile
_cgets
_cgetws
_XcptFilter
_pwctype
__lc_collate_cp
_isatty
fflush
_fileno
mbtowc
wctomb
___lc_handle_func
strrchr
iswctype
wcsrchr
_CIlog10
ceil
_clearfp
?terminate@@YAXXZ
_msize
realloc
_wctime
ctime
gmtime
localtime
_ftime
memcmp
_daylight
malloc
free
_errno
??_V@YAXPAX@Z
??2@YAPAXI@Z
fputc
fwrite
fputwc
wcschr
freopen
fopen
_umask
_wcsicmp

ntdll

RtlAdjustPrivilege
RtlNtStatusToDosError
RtlDetermineDosPathNameType_U
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtCreateFile
NtSetInformationFile
NtClose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

15a533ac68ca96853084544f780c4d18

Headers

File Characteristics

PDB Paths

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

gdiplus

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 418KB - Virtual size: 417KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 418KB - Virtual size: 417KB

.reloc
Size: 9KB - Virtual size: 9KB