815471c1c6f508bdbca888de437d7368385fa9943e61faf956e0f17c22b728c5[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

815471c1c6f508bdbca888de437d7368385fa9943e61faf956e0f17c22b728c5.dll
Size

2.9MB
MD5

81ff9cb046888a05bc402a94f707cbec
SHA1

7e8a0954089dec0ffe2d2c95a268449610cc330c
SHA256

815471c1c6f508bdbca888de437d7368385fa9943e61faf956e0f17c22b728c5
SHA512

05d5230ee5c1b3013e39fdcfea1442b153b1a94a6c7f61dc2814aaeba2a3d8532f9af2903bffa9ebda462eb9472f9b23fa7e0e6dc6b3d8685ac5e4bb546af8f7
SSDEEP

49152:2GaGIFzKwpaUcqVCFWwn+MKT35EkdhHnUBfSe/I3QsPI8mlX561HhYDIL:bIFzeyCWwnZKT35EkLUBfvWQsPI81HCo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
815471c1c6f508bdbca888de437d7368385fa9943e61faf956e0f17c22b728c5.dll

Files

815471c1c6f508bdbca888de437d7368385fa9943e61faf956e0f17c22b728c5.dll
.dll regsvr32 windows:5 windows x86 arch:x86

900e3cc71ca53dc83f9d8440a455f451

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\564622\out\Release\AntiAdwa.pdb

Imports

kernel32

Sleep
TerminateProcess
CreateProcessW
GetWindowsDirectoryW
FreeResource
GlobalAlloc
GlobalFree
lstrcmpiW
MoveFileExW
GlobalMemoryStatusEx
GetTickCount
RemoveDirectoryW
SetEvent
FileTimeToLocalFileTime
lstrcmpW
FileTimeToSystemTime
ResetEvent
RaiseException
GetPrivateProfileIntW
WaitForMultipleObjects
GetCurrentDirectoryW
GetFileTime
SetFileAttributesW
DeviceIoControl
ProcessIdToSessionId
OpenProcess
GetSystemInfo
lstrcpynW
MoveFileW
GetFullPathNameW
GetExitCodeProcess
WritePrivateProfileStringW
FlushFileBuffers
GetACP
CompareFileTime
CopyFileW
GetTempFileNameW
GetFileSizeEx
LoadLibraryA
ExpandEnvironmentStringsA
GetSystemDirectoryA
ResumeThread
OpenFileMappingW
HeapCreate
GetEnvironmentVariableW
SystemTimeToTzSpecificLocalTime
GetVersion
TlsAlloc
TlsFree
ReadProcessMemory
SystemTimeToFileTime
WaitForSingleObject
CreateNamedPipeW
ConnectNamedPipe
GetModuleHandleExW
ExitProcess
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateSemaphoreW
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
GetTempPathW
ReadFile
GetFileAttributesExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
QueryDosDeviceW
GetLongPathNameW
GetLogicalDriveStringsW
GetFileSize
GetLocalTime
GetSystemTime
InitializeCriticalSection
SetLastError
WriteFile
SetFilePointer
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
LocalFree
LocalAlloc
CloseHandle
LoadLibraryW
GetCurrentProcessId
GetSystemDirectoryW
GetFileAttributesW
GetDriveTypeW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
TlsSetValue
TlsGetValue
GetCurrentProcess
SearchPathW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FreeLibrary
FindResourceExW
GetVersionExW
GetSystemWindowsDirectoryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateMutexW
ReleaseMutex
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
CreateFileA
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
GetCurrentThreadId
TryEnterCriticalSection
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
CompareStringW
FormatMessageW
OutputDebugStringW
IsDebuggerPresent
HeapDestroy
GetLastError
CreateEventW
GetShortPathNameW

user32

GetIconInfo
WaitForInputIdle
CopyRect
EqualRect
FindWindowExW
GetWindowThreadProcessId
SystemParametersInfoW
GetSystemMetrics
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
CharNextW
RegisterWindowMessageW
FindWindowW
SendMessageTimeoutW
MessageBoxW
GetActiveWindow
LoadStringW
PrivateExtractIconsW
DestroyIcon

gdi32

SelectObject
GetObjectW
DeleteObject
CreateCompatibleDC
BitBlt
DeleteDC
CreateDIBSection

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
EnumServicesStatusW
StartServiceW
ChangeServiceConfigW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenCurrentUser
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegOpenKeyW
RegEnumValueW
RegEnumKeyW
RegEnumKeyExW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
GetUserNameW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
GetAclInformation
GetAce
EqualSid
DeleteAce
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW

shell32

ord165
SHGetFileInfoW
ExtractIconW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetSettings
ExtractIconExW
SHChangeNotify
ShellExecuteExW
SHGetFolderPathW
ord68
ord232
CommandLineToArgvW

ole32

IIDFromString
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

VariantClear
VariantInit
VarBstrCmp
VarUI4FromStr
SysStringLen
VariantCopy
SysAllocString
SysFreeString

shlwapi

StrRChrW
PathRelativePathToW
UrlGetPartW
StrCmpNIW
PathAddBackslashW
StrStrIW
StrCmpW
StrToIntW
StrCpyNW
StrDupW
PathIsRootW
PathIsDirectoryEmptyW
PathFindFileNameW
PathFindExtensionW
StrStrW
StrChrW
StrCmpIW
PathRemoveFileSpecW
SHSetValueW
SHGetValueW
SHDeleteValueW
SHDeleteKeyW
PathRemoveExtensionW
PathCombineW
PathFileExistsW
PathIsDirectoryW
PathAppendW

ws2_32

WSACleanup
inet_ntoa
WSCEnumProtocols
inet_addr
WSCGetProviderPath
WSCDeinstallProvider
WSAStartup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlDllShutdownInProgress

wtsapi32

WTSEnumerateProcessesW
WTSQuerySessionInformationW
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

iphlpapi

GetIpAddrTable

netapi32

NetShareEnum
NetShareDel
NetApiBufferFree

psapi

GetMappedFileNameW

msvcrt

fgetpos
fread
fsetpos
setvbuf
ungetc
_atoi64
_beginthread
_endthread
atoi
wcsftime
strstr
_wfopen
_wcsdup
wcsncpy
tolower
strncpy
_mbschr
_mbscmp
_mbsstr
_mktime64
_itow
_itoa
wcsspn
wcscspn
towupper
strrchr
strncmp
fseek
__uncaught_exception
___mb_cur_max_func
__pctype_func
___lc_codepage_func
___lc_handle_func
setlocale
isspace
_wfsopen
abort
fflush
fclose
memcmp
_amsg_exit
__getmainargs
_initterm
_wcsupr
_CIexp
memcpy
__CxxFrameHandler
__DestructExceptionObject
wcstol
strtol
_localtime64
_write
_tell
_lock
_unlock
_iob
iswctype
_ismbblead
_read
localeconv
?what@exception@@UBEPBDXZ
_lseek
_close
_msize
_XcptFilter
mbtowc
_isatty
_fileno
_isctype
_strnicmp
_CIlog10
ceil
_clearfp
?terminate@@YAXXZ
time
_wopen
??8type_info@@QBEHABV0@@Z
_wcstoui64
_strtoui64
fgetc
_wcslwr
_wcsicmp
wcsstr
_errno
wcsncmp
fputc
fwrite
_beginthreadex
wcstok
_time64
rand
srand
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
ldexp
strtod
_wtoi
_wcsnicmp
wcspbrk
iswspace
_wtol
realloc
_stricmp
isalpha
__RTDynamicCast
free
calloc
wcsrchr
towlower
strpbrk
strcspn
frexp
??0exception@@QAE@XZ
strchr
modf
malloc
_CIpow
_lseeki64
memchr
_CxxThrowException
wcschr
isxdigit
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
memmove
_CIsqrt

msvcp60

_Getcoll
_Mbrtowc
_Wcrtomb
_Getctype
_Toupper
_Tolower

Exports

Exports

AdLib_Init
AdLib_InitEx
AntiWare_CombinationSafeFile
AntiWare_CreateHPControl
AntiWare_CreatePluginControl
AntiWare_CreatePluginControl2
AntiWare_SimpleAdwareScan
AntiWare_SimpleControl
CbSectionRestore
CheckHomePage
Control_RunDLL
CreateAntiInterFace
CreatePluginFactory
CreatePluginFactory2
CreateQuarantObjectFactory
DllRegisterServer
DllUnregisterServer
KillAdware
NewCreatePlugin
RemoveAllAdware
SetDeepscanPath
_CreatePluginFactoryEx@4

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

aL(Kh
Size: 491KB - Virtual size: 492KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

900e3cc71ca53dc83f9d8440a455f451

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

ntdll

wtsapi32

userenv

iphlpapi

netapi32

psapi

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 229KB - Virtual size: 228KB

.data Size: 106KB - Virtual size: 385KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 75KB - Virtual size: 74KB

aL(Kh Size: 491KB - Virtual size: 492KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 106KB - Virtual size: 385KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 75KB - Virtual size: 74KB

aL(Kh
Size: 491KB - Virtual size: 492KB