31ea4622a0cf060144987e9b88dbfff7c9fe653cd944bc0f978ed9bc025918d4

Sharing

Copy URL Twitter E-mail

General

Target

31ea4622a0cf060144987e9b88dbfff7c9fe653cd944bc0f978ed9bc025918d4
Size

621KB
MD5

91ed3230b6192a2c69ba624a3f1ccb61
SHA1

29e6f1c84e8d53464cb58df77b6c9eadbb8a4c8f
SHA256

31ea4622a0cf060144987e9b88dbfff7c9fe653cd944bc0f978ed9bc025918d4
SHA512

15bb666ba435650249efa5e718a6267830f5f0328bb770455cb5e893fc5d213ce1508cb8b75f116000616afbf5a35d162462f35e423b7bd52d6c39f42d79c3b4
SSDEEP

12288:n3S5EWAKK4NKcDDrb35KKaCj9DrdCngt7BjvrEH77:n3wEWAKK4kcDDvpKe9DrYgrrEH77

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31ea4622a0cf060144987e9b88dbfff7c9fe653cd944bc0f978ed9bc025918d4

Files

31ea4622a0cf060144987e9b88dbfff7c9fe653cd944bc0f978ed9bc025918d4
.dll windows:6 windows x86 arch:x86

7bf241a877869287cb4345d5da894ea6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DEVEL\StartIsBackPlusPlus\Release\StartIsBack32.pdb

Imports

shlwapi

PathParseIconLocationW
PathAddBackslashW
StrStrIW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
SHOpenRegStream2W
ord12
PathRemoveBlanksW
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathFileExistsW
PathRemoveBackslashW
StrToIntW
ord16
PathRemoveFileSpecW
PathAppendW
StrNCatW
SHSetValueW
StrStrW
PathIsRelativeW
ord172
PathIsDirectoryW
PathIsUNCW
ord174
ord256
PathIsFileSpecW
PathStripToRootW
PathIsRootW
ord168
StrCmpIW
PathIsNetworkPathW
ord388
ord215
ord158
StrStrIA
StrCSpnA
SHRegGetValueW
StrCmpNIW
ord487
StrCpyNW
SHStrDupW

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

uxtheme

SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
OpenThemeData
GetThemeInt
DrawThemeTextEx
CloseThemeData
GetThemeColor
DrawThemeBackground
DrawThemeParentBackground
BufferedPaintSetAlpha
GetThemeBackgroundContentRect
ord47
GetThemePartSize
GetBufferedPaintTargetDC
GetThemeEnumValue
GetThemeFont
GetThemeBool
GetThemeRect
GetThemeTextExtent
GetThemeMargins
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
GetThemePropertyOrigin
IsThemePartDefined
GetWindowTheme
GetThemeMetric
GetThemeBackgroundExtent

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

msvcrt

wcscpy_s
wcscat_s
malloc
free
_vsnwprintf
isspace
_wcsnicmp
isprint
wcstok_s
wcsstr
vswprintf_s
_wcsicmp
??3@YAXPAX@Z
atoi
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
memmove
_except_handler4_common
wcsncmp
vsprintf_s
??2@YAPAXI@Z
tolower
wcschr
memcpy
memcmp
memset

kernel32

ExitThread
SleepEx
TerminateProcess
IsBadReadPtr
GlobalLock
FindResourceW
GetPrivateProfileIntW
GetPrivateProfileStringW
MapViewOfFile
UnmapViewOfFile
lstrcatW
lstrcpynW
GetApplicationUserModelId
OpenProcess
GetWindowsDirectoryW
LoadLibraryW
DeleteFileW
MoveFileExW
LocalAlloc
LocalFree
TlsAlloc
TlsGetValue
TlsSetValue
QueueUserWorkItem
CompareStringOrdinal
CompareFileTime
GetTempPathW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
GetCurrentProcessId
ProcessIdToSessionId
FindPackagesByPackageFamily
PackageFamilyNameFromFullName
GlobalUnlock
DisableThreadLibraryCalls
GetModuleHandleExW
GlobalAddAtomW
RtlCaptureContext
GetComputerNameExW
OpenEventW
LoadResource
SizeofResource
DebugBreak
lstrcpynA
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetLastError
LoadLibraryA
GetUserDefaultLangID
GetUserDefaultUILanguage
OutputDebugStringA
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
WaitForSingleObject
CreateThread
SetThreadPriority
Sleep
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetAtomNameW
lstrcmpW
CreateThreadpoolWork
InitializeCriticalSection
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
SubmitThreadpoolWork
ExpandEnvironmentStringsW
GetCurrentProcess
CreateProcessW
CreateFileA
GetSystemFirmwareTable
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryExW
FreeLibrary
QueueUserAPC
SetEvent
RaiseException
CreateEventW
ParseApplicationUserModelId
GetPackagesByPackageFamily
FindFirstFileW
FindNextFileW
FindClose
MoveFileW
InitOnceExecuteOnce
RegisterWaitForSingleObject
UnregisterWaitEx
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetVersionExW
OpenMutexW
GetModuleFileNameW

user32

EndDeferWindowPos
IsWindowVisible
GetWindow
MapWindowPoints
LockSetForegroundWindow
GetFocus
IsWindow
SetFocus
SetLayeredWindowAttributes
PeekMessageW
SystemParametersInfoW
NotifyWinEvent
ShowWindow
GetParent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuItem
RegisterWindowMessageW
GetClassWord
GetSystemMetrics
InflateRect
PrintWindow
GetAsyncKeyState
BeginDeferWindowPos
CallNextHookEx
SetWinEventHook
UnhookWinEvent
SetWindowsHookExW
TrackPopupMenuEx
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetWindowTextW
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetCursor
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
DrawFocusRect
EndDialog
GetSysColorBrush
GetActiveWindow
SetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
SetMenuItemInfoW
TrackPopupMenu
TranslateMessage
GetMenuItemID
GetMenuDefaultItem
GetDC
PtInRect
InvalidateRect
GetMenuState
ExitWindowsEx
GetDoubleClickTime
EnableWindow
WindowFromDC
CallWindowProcW
CharLowerW
SetCapture
ReleaseCapture
DrawTextW
FillRect
IsRectEmpty
EqualRect
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
LoadImageW
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
GetMessageW
GetRawInputDeviceList
EnumThreadWindows
DrawIconEx
UnionRect
UnregisterClassW
MonitorFromRect
SetForegroundWindow
GetWindowRgnBox
GetLayeredWindowAttributes
IsIconic
GetForegroundWindow
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
AllowSetForegroundWindow
SwitchToThisWindow
SetActiveWindow
RegisterClipboardFormatW
GetMessageExtraInfo
ChildWindowFromPointEx
LookupIconIdFromDirectoryEx
PostThreadMessageW
SetRect
GetMonitorInfoW
RegisterClassW
LoadCursorW
DeferWindowPos
DestroyWindow
SetWindowLongW
GetWindowRgn
UpdateLayeredWindow
GetWindowDC
MonitorFromWindow
IsChild
GetGUIThreadInfo
GetAncestor
DefWindowProcW
RemovePropW
GetWindowLongW
SetWindowPos
SetTimer
FindWindowW
KillTimer
GetShellWindow
CreateWindowExW
GetWindowThreadProcessId
FindWindowExW
DialogBoxParamW
EndPaint
OffsetRect
GetWindowRect
GetWindowInfo
BeginPaint
SetPropW
GetPropW
GetDlgItem
GetComboBoxInfo
GetClassNameW
ReleaseDC
GetDCEx
PostMessageW
SendMessageW
RedrawWindow
EnumChildWindows
GetClientRect
SetWindowRgn
GetSysColor
CreateIconIndirect
GetKeyState
wsprintfW
LoadStringW
wsprintfA
SendNotifyMessageW

gdi32

GetLayout
GetCharWidth32W
CreateFontW
RestoreDC
ExcludeClipRect
SaveDC
GdiFlush
GetRgnBox
CombineRgn
CreateRectRgnIndirect
GetStockObject
ExtTextOutW
CreateSolidBrush
SetBkColor
SetTextColor
BitBlt
SetLayout
CreateRectRgn
DeleteObject
CreateBitmap
DeleteDC
GdiAlphaBlend
GetObjectW
SelectObject
CreateCompatibleDC
CreateDIBSection
GetTextExtentExPointW
OffsetClipRgn
SelectClipRgn
StretchBlt
GetDeviceCaps
StretchDIBits
OffsetRgn
GetBoundsRect
SetBoundsRect
GetClipBox
GetCurrentObject
GetBkMode
SetBkMode
TextOutW
GetBkColor
GetTextColor
GetTextExtentPointW
SetWindowOrgEx
CreateFontIndirectW

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyW
RegCreateKeyW
RegSetKeyValueW
RegGetValueW
RegDeleteKeyValueW
RegOpenKeyExW
RegEnumKeyW
RegNotifyChangeKeyValue
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
InitiateShutdownW
GetUserNameW
RegQueryValueExA
RegDeleteValueA

shell32

ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
Shell_NotifyIconGetRect
ShellExecuteW
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
SHGetIDListFromObject
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
SHGetFileInfoW
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord22
ord134
ord132
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88
ord644
ord645
ord4
ord2
SHCreateItemWithParent
ord62
SHFileOperationW
SHGetStockIconInfo

ole32

CoInitialize
CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
StringFromGUID2
ReleaseStgMedium
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LoadSystemOrb2
PickGlyphDlg
RemoteInit

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bf241a877869287cb4345d5da894ea6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

dwmapi

uxtheme

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 308KB - Virtual size: 307KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 145KB - Virtual size: 145KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 308KB - Virtual size: 307KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 145KB - Virtual size: 145KB

.reloc
Size: 27KB - Virtual size: 27KB