1073b4877c3b286aa928755b025f37d357661b2d3b10a8dbcfd8fc3e485aed0b

Sharing

Copy URL

Twitter E-mail

General

Target

1073b4877c3b286aa928755b025f37d357661b2d3b10a8dbcfd8fc3e485aed0b
Size

1.7MB
MD5

e8a6c2ab4f7eb60046a6e16fdafc9705
SHA1

a41731a55543ff5071c423c7fcbca63528435aa8
SHA256

1073b4877c3b286aa928755b025f37d357661b2d3b10a8dbcfd8fc3e485aed0b
SHA512

03b8291e0b2bc27fda08beba74201da807a71f2dda51c61e4994e31fd0707b70762880ca5056aecfc39cb2850a32425f72896ed466be3ee9c63ae290f8578d85
SSDEEP

49152:SvzIlE8DCzICEqdLZ0zmhk6M0VWzSB7tsLHkJ5gQU/CIabjKoh9WYWw:ED8DCzICEqdLZ0zE4tDwrFIabjKoh9WA

Score

1^/10

Malware Config

Signatures

Files

1073b4877c3b286aa928755b025f37d357661b2d3b10a8dbcfd8fc3e485aed0b
.dll regsvr32 windows:6 windows x86 arch:x86

071780f9822d968bf24e70c1284e88d2

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:31

Not After

02-12-2021 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:ff:76:04:3d:b7:1c:85:9c:b1:fb:b8:1c:da:7a:b2:9e:53:ab:e2:00:bd:54:1b:a1:f8:06:41:1d:cb:5b:ba
Signer

Actual PE Digest

8e:ff:76:04:3d:b7:1c:85:9c:b1:fb:b8:1c:da:7a:b2:9e:53:ab:e2:00:bd:54:1b:a1:f8:06:41:1d:cb:5b:ba

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\Target\x86\ship\groove\x-none\grooveex.pdb

Imports

msvcr100

_lock
__dllonexit
_unlock
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
memmove
_vsnprintf_s
_snwprintf_s
bsearch
memcpy
wcsncat_s
wcscat_s
_wsplitpath_s
_wfullpath
div
towlower
memcmp
?what@exception@std@@UBEPBDXZ
wcsncpy_s
free
_recalloc
swprintf_s
??_V@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z
_invalid_parameter_noinfo_noreturn
memcpy_s
memmove_s
??_U@YAPAXI@Z
memset
malloc
realloc
_onexit
wcscpy_s
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstok_s
_wcsicmp
_wcsnicmp
_set_errno
_get_errno
calloc
_ltow_s
_ultow_s
wcstod
wcstol
wcstoul
_vsnwprintf_s
localeconv
_HUGE
strncpy_s
_wtof
_wtoi
_snprintf_s
vswprintf_s
swscanf_s
_localtime64_s
_beginthread
_beginthreadex
_endthreadex
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_ftime64_s
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcschr
??3@YAXPAX@Z
__lconv_init
_i64tow_s
vsprintf_s
??0exception@std@@QAE@ABQBDH@Z
wcscmp

msvcp100

?_Xfunc@tr1@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

atl100

ord26
ord68
ord56
ord32
ord30
ord31
ord23
ord58
ord43
ord44
ord61
ord27
ord10
ord11
ord15
ord64
ord50
ord51
ord52
ord49
ord53

advapi32

AllocateAndInitializeSid
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
EventWrite
GetLengthSid
IsValidSid
EventRegister
EventUnregister
RegEnumValueW
RegQueryValueExA
AddAccessAllowedAce
AddAccessDeniedAce
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegGetValueW
RegOpenKeyExA
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
FreeSid
EqualSid
CreateWellKnownSid
CopySid
CheckTokenMembership
RegOpenKeyExW

gdi32

DeleteDC
DeleteObject
SetLayout
LPtoDP
SetViewportOrgEx
CloseMetaFile
CreateMetaFileW
CreateRectRgnIndirect
DeleteMetaFile
GetDeviceCaps
RestoreDC
SaveDC
SetMapMode
SetTextAlign
TextOutW
SetWindowExtEx
SetWindowOrgEx

kernel32

GetNativeSystemInfo
GetProductInfo
GetUserGeoID
GetUserDefaultUILanguage
WaitForMultipleObjectsEx
CreateMutexA
CreateEventA
CreateProcessA
CreateFileMappingA
OpenMutexA
HeapSetInformation
VirtualProtect
WerRegisterMemoryBlock
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
UnhandledExceptionFilter
IsProcessorFeaturePresent
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetStringTypeExW
FlsAlloc
FlsGetValue
FlsFree
GetModuleHandleExW
LoadLibraryA
GetFileType
GetModuleFileNameA
GetShortPathNameA
GetCurrentThread
RtlCaptureStackBackTrace
GetFileAttributesW
OutputDebugStringA
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetVersion
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
FlushInstructionCache
VirtualQuery
CloseHandle
LocalAlloc
LocalFree
FindAtomW
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
lstrlenA
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GetCommandLineW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetFileAttributesExW
GetFileSize
GetFinalPathNameByHandleW
GetLongPathNameW
GetTempFileNameW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
GetTempPathW
IsDebuggerPresent
DebugBreak
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
Sleep
GetCurrentProcessId
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GlobalMemoryStatusEx
GetSystemTime
GetTickCount
GetVersionExW
IsWow64Process
GlobalLock
GlobalUnlock
WaitForMultipleObjects
FormatMessageW
lstrcmpiW
lstrlenW
CreateSemaphoreW
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetFileInformationByHandleEx
GetTimeFormatW
GetStringTypeW
GetACP
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
ConvertDefaultLocale
EnumSystemLocalesW
GetSystemInfo
SetUnhandledExceptionFilter
GetDateFormatW
GetCurrentDirectoryW
CompareFileTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
LocalFileTimeToFileTime
SetFileTime
ReleaseSemaphore
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
LoadResource
LockResource
SizeofResource
GlobalMemoryStatus
FindResourceW
QueueUserWorkItem
GlobalAlloc
InitializeCriticalSectionEx
IsValidLocale
GetSystemDefaultLCID
CompareStringEx
LCIDToLocaleName
LocaleNameToLCID
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
GetUserDefaultLangID
GetLocaleInfoEx
EnumCalendarInfoExEx
EnumSystemLocalesEx
GetDateFormatEx
GetCalendarInfoEx
EnumDateFormatsExEx
EnumTimeFormatsEx
GetProcessHeap
GetThreadUILanguage
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64
DuplicateHandle
WaitForSingleObjectEx
GlobalFree
RaiseFailFastException
GetSystemDirectoryW

ole32

CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
CreateDataAdviseHolder
CoCreateGuid
ProgIDFromCLSID
IIDFromString
CoTaskMemAlloc
CoTaskMemFree
StringFromIID
StringFromCLSID
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize
CLSIDFromString
CLSIDFromProgID

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
OleCreatePropertyFrame
DispCallFunc
SysStringByteLen
LoadTypeLi
VarDateFromStr
GetErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLibEx
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
SafeArrayCreateVector
SafeArrayGetVartype
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayDestroy
SysReAllocStringLen
SysAllocStringLen
VariantTimeToSystemTime
UnRegisterTypeLi
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExecuteSPFSVerbW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

071780f9822d968bf24e70c1284e88d2

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:dfCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

8e:ff:76:04:3d:b7:1c:85:9c:b1:fb:b8:1c:da:7a:b2:9e:53:ab:e2:00:bd:54:1b:a1:f8:06:41:1d:cb:5b:baSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr100

msvcp100

atl100

advapi32

gdi32

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 238KB - Virtual size: 238KB

.rsrc Size: 343KB - Virtual size: 343KB

.reloc Size: 68KB - Virtual size: 67KB

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

8e:ff:76:04:3d:b7:1c:85:9c:b1:fb:b8:1c:da:7a:b2:9e:53:ab:e2:00:bd:54:1b:a1:f8:06:41:1d:cb:5b:ba
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 238KB - Virtual size: 238KB

.rsrc
Size: 343KB - Virtual size: 343KB

.reloc
Size: 68KB - Virtual size: 67KB