33f34dc8dce59f5d0474ad3c25dbb5c332ccc8c8cfe52469ddffc42a0e341648

Sharing

Copy URL

Twitter E-mail

General

Target

33f34dc8dce59f5d0474ad3c25dbb5c332ccc8c8cfe52469ddffc42a0e341648
Size

307KB
MD5

8b321debbfbe6eac7b451e3456ce6a84
SHA1

b1bab7f8abd3178e4b77d5a180b78988ab662cfd
SHA256

33f34dc8dce59f5d0474ad3c25dbb5c332ccc8c8cfe52469ddffc42a0e341648
SHA512

c604c5dbd5c3e15793644096448055513d3ef25ee32e2312d1a333e26d252cd6d6f91182ea775d82268564e82c6f394e1cc597d537f67fdd996eb7a09a184c3c
SSDEEP

6144:ij0fYJ83TcIeEdIOeyCcufgtRDzKUEiFAKtDY3Xj:ijsY6oXEdIO6ccmKUZSlj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33f34dc8dce59f5d0474ad3c25dbb5c332ccc8c8cfe52469ddffc42a0e341648

Files

33f34dc8dce59f5d0474ad3c25dbb5c332ccc8c8cfe52469ddffc42a0e341648
.dll windows:6 windows x86 arch:x86

9e62b788f7abdaea6c378df676c65fa9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Data\Projects\SetupKit\Utility\SKUtil\Release\SKUtil.pdb

Imports

shlwapi

StrTrimA
PathIsDirectoryA
PathFileExistsW
PathFileExistsA
StrCmpIW
PathRemoveBackslashA

advapi32

OpenProcessToken
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegEnumKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionA
InternetSetOptionW
InternetGetLastResponseInfoW
InternetOpenW

kernel32

HeapReAlloc
InterlockedExchange
FatalAppExitA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringA
OutputDebugStringW
CreateFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileSize
LockFile
ReadFile
RemoveDirectoryW
SetFileAttributesA
SetFilePointer
UnlockFile
WriteFile
CloseHandle
GetLastError
InitializeCriticalSectionEx
WaitForSingleObject
Sleep
InterlockedDecrement
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetStringTypeW
CreateProcessW
OpenProcess
GetLocalTime
GetVersionExA
GetVersionExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
lstrcpyA
lstrlenA
lstrlenW
LoadLibraryA
LoadLibraryW
GetPrivateProfileStringW
GetPrivateProfileSectionW
QueryDosDeviceA
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExA
CreateFileW
GetSystemTime
VirtualAlloc
VirtualFree
_llseek
IsBadReadPtr
IsBadWritePtr
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetDriveTypeW
GetProcessHeap
GetCurrentThread
GetCPInfo
HeapFree
SetCurrentDirectoryW
GetCurrentDirectoryW
SetStdHandle
WriteConsoleW
FlushFileBuffers
HeapAlloc
GetFullPathNameA
HeapSize
CreateProcessA
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
SetFileAttributesW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCommandLineA
UnhandledExceptionFilter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCurrentThreadId
GetFileAttributesExW

user32

SetForegroundWindow
IsIconic
ShowWindow
wsprintfA
LoadStringW
PostMessageA
GetDC
GetWindow
GetWindowThreadProcessId
GetTopWindow
GetClassNameW
GetClassNameA
FindWindowExW
FindWindowW
EnumChildWindows
ReleaseDC

gdi32

GetDIBits
SelectObject
StretchDIBits
SetStretchBltMode
GetObjectA
CreateCompatibleBitmap
DeleteObject
DeleteDC
CreateCompatibleDC

shell32

SHFileOperationW
SHGetFolderPathA
ShellExecuteExA
ShellExecuteExW
ord526
SHGetFolderPathW
SHChangeNotify

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize

oleaut32

OleLoadPicturePath
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysFreeString
SysAllocStringLen
SysAllocString
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo

msi

ord112

gdiplus

GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree

Exports

Exports

AddMpPreference
IsEnableCFA
RemoveMpPreference
SK_CallURL
SK_CheckUpgradeRule
SK_CheckVGAVenderAndDeviceID
SK_CheckVcRuntime
SK_CreateLink
SK_CreateLinkEx
SK_CreateLinkExW
SK_DeleteFolderW
SK_DeleteFolderW2
SK_DeletePatchRedundantRegKey
SK_DetectRunProgramW
SK_DumpFile
SK_DumpMsg
SK_EnableWow64FsRedirection
SK_FileEncode
SK_FileEncodeEx
SK_FileEncodeW
SK_FindProcess
SK_FindProcessByID
SK_FindProcessEx
SK_Get64KeyValue
SK_GetAbsPath
SK_GetFileCount
SK_GetHWNDByID
SK_GetIniKeyCount2W
SK_GetIniKeyCountW
SK_GetIniKeyValue2W
SK_GetIniKeyValueW
SK_GetMUIData
SK_GetModulePath
SK_GetModulePathByID
SK_GetOSVerNo
SK_GetOSVerNo_BuildNo
SK_GetOSVersion
SK_GetProcessID
SK_GetProcessIDList
SK_GetProcessReturnValue
SK_GetReverseID
SK_GetServicePackMajorNumber
SK_GetShellFolderPathA
SK_GetShellFolderPathW
SK_GetUserDefaultUILanguage
SK_GetUserInfo
SK_GetXMLChildNodeCount
SK_GetXMLChildNodeValue
SK_GetXMLChildNodeValueEx
SK_GetXMLNodeCount
SK_GetXMLNodeValue
SK_IsEmbedded
SK_IsPyPathSafe
SK_IsPyPathSafeW
SK_IsWow64
SK_KillProcess
SK_KillProcessByID
SK_KillProcessEx
SK_LaunchAppAndWait
SK_LaunchAppAndWait2
SK_LaunchAppAndWait2W
SK_LoadImageFile
SK_LoadImageFileEx
SK_LoadImageToHandle
SK_LoadXMLFile
SK_MergeSimFile
SK_ParseBuildNumber
SK_ParseCopyFolderPath
SK_ParseExePath
SK_PathIsDirectory
SK_RefreshAddRemoveProgram
SK_RefreshDesktop
SK_RegDBDelKey_64
SK_RegDBSetKeyValue_64
SK_RegDeleteValue_64
SK_SetDefaultAutoPlayer
SK_SetFileAttribute
SK_ShellExecute
SK_StringReverse
SK_UnLoadXMLFile
SK_UnloadImageFile
SendUNOLog

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e62b788f7abdaea6c378df676c65fa9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

advapi32

setupapi

wininet

kernel32

user32

gdi32

shell32

ole32

oleaut32

msi

gdiplus

Exports

Exports

Sections

.text Size: 209KB - Virtual size: 208KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 5KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 209KB - Virtual size: 208KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 5KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB