Laravel SMTP Cracker By XCATZE[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Laravel SMTP Cracker By XCATZE.rar
Size

3.5MB
MD5

51255f01b63c88dbb28940b5f1e0839d
SHA1

94c0c741a7bcf81096af4db279ab90654fb31b7c
SHA256

8538affc4fbbb378eeb4718641d3c92c1b511425a32095febc952dbe694135f7
SHA512

013ed438d5e408fc8cdbc5ca47efa66f40ce54fd3c0ba5bbf91ff23e143883337d7b5fd30606b21dbdaf55f09627a8b1623c11b5585611cd72e1987f3df73a63
SSDEEP

49152:P8gxG7JjB5Mxq+oaffPVfa6Il3n3wJ9L9KtecJle9ZlcM6h/FaqZS0ah8BoAt:PBG7V0I+tffP4hgRKtQsNaqkZaBoAt

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NL7Data0404.dll
unpack001/dmview.ocx
unpack001/dnscmmc.dll
unpack001/dot3ui.dll
unpack001/dxdiagn.dll
unpack001/elshyph.dll

Files

Laravel SMTP Cracker By XCATZE.rar
.rar
Laravel SMTP Cracker By XCATZE.exe
.exe windows:6 windows x86 arch:x86

76e66707151203d149d9447dc4eab597

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/01/2023, 00:00

Not After

16/01/2026, 23:59

Subject

CN=NVIDIA Corporation,OU=2-J,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c1:da:69:29:cb:bd:3e:06:bf:14:47:24:1a:46:37:1e:96:79:c2:b1:4d:a1:28:25:36:89:ee:39:90:c0:d3:c2
Signer

Actual PE Digest

c1:da:69:29:cb:bd:3e:06:bf:14:47:24:1a:46:37:1e:96:79:c2:b1:4d:a1:28:25:36:89:ee:39:90:c0:d3:c2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetNumberOfEventLogRecords

kernel32

CloseHandle
WaitForSingleObjectEx
CreateThread
VirtualAlloc
FreeConsole
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThreadId
GetExitCodeThread
ReleaseSRWLockExclusive
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
WakeAllConditionVariable
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BSS
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NL7Data0404.dll
.dll windows:6 windows x64 arch:x64

b9a5cffe10ba517f801fb7c44c89a647

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NL7Data0404.pdb

Imports

msvcrt

realloc
_fileno
_isatty
strncmp
_finite
_iob
_i64tow_s
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
_wfopen_s
fclose
fseek
__C_specific_handler
fread
_resetstkoflw
_wsplitpath_s
_itow_s
wcsncmp
atoi
_itoa_s
swscanf_s
wcsncpy_s
wcschr
_vsnwprintf
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
memmove
free
??1type_info@@UEAA@XZ
_lock
malloc
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
ftell
__CxxFrameHandler3
expf
log
logf
memcpy
memset

kernel32

GetTimeZoneInformation
SetEndOfFile
GetLocaleInfoA
ReadFile
GetFileInformationByHandle
WideCharToMultiByte
GetModuleFileNameW
FormatMessageW
WriteFile
SetFilePointer
FlushFileBuffers
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
GetLocalTime
GetProcAddress
DisableThreadLibraryCalls
FindResourceW
LoadResource
LocalFree
LoadLibraryExW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLastError
InitializeCriticalSectionAndSpinCount
SetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileSize
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
SizeofResource
LockResource
MultiByteToWideChar

oleaut32

SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SysAllocString
SysStringByteLen
VariantCopy
SysFreeString
VariantChangeType
VariantClear
VariantInit

Exports

Exports

LangDataCall

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.txt
dmview.ocx
.dll regsvr32 windows:6 windows x64 arch:x64

cade1bb83eee406153899628af9ee28a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmview.pdb

Imports

mfc42u

ord3920
ord2902
ord629
ord1043
ord493
ord971
ord1875
ord4573
ord4953
ord2488
ord2712
ord287
ord1473
ord1510
ord1527
ord455
ord949
ord408
ord904
ord3742
ord599
ord4209
ord2546
ord5353
ord4808
ord2111
ord3137
ord5890
ord3020
ord2394
ord6257
ord5889
ord4301
ord3310
ord4623
ord5388
ord2992
ord5166
ord1441
ord3396
ord2105
ord2783
ord4436
ord4257
ord4601
ord1561
ord1566
ord5445
ord525
ord984
ord3283
ord3754
ord6175
ord4985
ord4372
ord3165
ord3053
ord3374
ord4816
ord3363
ord3244
ord3050
ord6807
ord2398
ord4895
ord3537
ord2491
ord5385
ord5399
ord4761
ord5416
ord4962
ord4754
ord5110
ord5113
ord5111
ord4697
ord4702
ord4713
ord4941
ord5475
ord4997
ord4998
ord5011
ord5157
ord4695
ord5004
ord5017
ord5434
ord5056
ord5010
ord5031
ord5032
ord5033
ord5307
ord5308
ord5024
ord5339
ord5334
ord5329
ord5395
ord4951
ord4874
ord4904
ord5302
ord5012
ord5143
ord5025
ord5026
ord4412
ord5978
ord3069
ord2917
ord5074
ord5072
ord5572
ord4121
ord3019
ord5629
ord1964
ord2159
ord6380
ord5322
ord5248
ord2181
ord6011
ord4752
ord5054
ord4683
ord1345
ord5946
ord1701
ord2450
ord3850
ord4983
ord3484
ord3384
ord5868
ord4822
ord6800
ord3447
ord6799
ord1891
ord4576
ord1512
ord496
ord974
ord2300
ord4771
ord4986
ord3385
ord4786
ord5708
ord6808
ord1777
ord6437
ord2517
ord5080
ord5406
ord5245
ord4721
ord5687
ord5419
ord5235
ord5038
ord4926
ord6133
ord2574
ord6577
ord6238
ord2846
ord659
ord1063
ord4213
ord2751
ord1517
ord6787
ord1530
ord3837
ord3534
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord1126
ord2463
ord912
ord6385
ord4262
ord3417
ord4567
ord627
ord1041
ord6395
ord6544
ord6349
ord6393
ord3407
ord3806
ord4747
ord2593
ord2629
ord1287
ord1284
ord2845
ord4187
ord1966
ord2461
ord650
ord1055
ord4594
ord3910
ord311
ord827
ord2639
ord1506
ord1524
ord4550
ord4273
ord2754
ord2757
ord2756
ord3748
ord1427
ord1426
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord6880
ord2121
ord5804
ord6821
ord2876
ord5815
ord6832
ord6351
ord6632
ord6522
ord5061
ord2178
ord2138
ord6520
ord2776
ord1646
ord1647
ord2898
ord3346
ord6886
ord2857
ord4481
ord4599
ord3783
ord3790
ord3830
ord286
ord1574
ord2427
ord2408
ord3740
ord851
ord336
ord622
ord620
ord4473
ord1463
ord2393
ord624
ord1040
ord626
ord1122
ord6734
ord2906
ord6887
ord665
ord1067
ord4770
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord5663
ord1778
ord4365
ord5000
ord6440

msvcrt

_initterm
malloc
free
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_purecall
wcsncmp
localeconv
__C_specific_handler
_wtoi
iswdigit
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
_lock
_unlock
__dllonexit
_onexit
wcsstr
??1type_info@@UEAA@XZ
_CxxThrowException
log10
memset

dmdskmgr

?GetScopeNode@CDMScopeNodeCollection@@QEAAH_JPEAPEAVCDMScopeNode@@@Z
?GetParentDiskPtr@CDMNodeObj@@QEAAPEAV1@XZ
?GetUIState@CTaskData@@QEAAKXZ
?EnumDisks@CTaskData@@QEAAXAEAKPEAPEA_J@Z
?EnumVolumes@CTaskData@@QEAAXAEAKPEAPEA_J@Z
?DoDelete@CContextMenu@@QEAAX_J@Z
?GetResultPane@CDMSnapin@@QEAAH_JPEAPEAVCDMResultPane@@@Z
?GetDeviceType@CDMNodeObj@@QEAAKXZ
?EnumFirstVolumeMember@CDMNodeObj@@QEAAXAEA_JAEAJ@Z
?namecmp@@YAHPEBG0@Z
?ShowContextMenu@CContextMenu@@QEAAJPEAVCWnd@@JJ_J@Z
?GetResultStringArray@CDMNodeObj@@QEAAHAEAVCStringArray@@@Z
?PopUpInit@CContextMenu@@QEAAXPEAVCDMNodeObj@@AEAH1H@Z
?GetStorageType@CDMNodeObj@@QEAAXAEAVCString@@H@Z
?UpDateConsoleView@CDMSnapin@@QEAAX_J@Z
?GetSizeString@CDMNodeObj@@QEAAXAEAVCString@@@Z
?GetObjectId@CDMNodeObj@@QEAAXAEA_J@Z
?GetImageNum@CDMNodeObj@@QEAAHXZ
?GetSizeMB@CDMNodeObj@@QEAAXAEA_J@Z
?GetExtendedRegionColor@CDMNodeObj@@QEAAKXZ
?IsHiddenRegion@CDMNodeObj@@QEAAHXZ
?GetSize@CDMNodeObj@@QEAAXAEA_JH@Z
?GetDiskInfo@CDMNodeObj@@QEAAHAEAUdiskinfoex@@@Z
?EnumDiskRegions@CDMNodeObj@@QEAAXPEAPEA_JAEAJ@Z
?GetStorageType@CDMNodeObj@@QEAA?AW4_STORAGE_TYPES@@XZ
?GetPatternRef@CDMNodeObj@@QEAAHXZ
?GetColorRef@CDMNodeObj@@QEAAKXZ
?GetVolumeStatus@CDMNodeObj@@QEAAHAEAVCString@@@Z
?GetFileSystemLabel@CDMNodeObj@@QEAAXAEAVCString@@@Z
?GetFileSystemName@CDMNodeObj@@QEAAXAEAVCString@@@Z
?GetFlags@CDMNodeObj@@QEAAJXZ
?GetParentVolumePtr@CDMNodeObj@@QEAAPEAV1@XZ
?GetDriveLetter@CDMNodeObj@@QEAAXAEAG@Z
?GetName@CDMNodeObj@@QEAAXAEAVCString@@@Z
?GetOfflineReasonText@CDMNodeObj@@QEAAHAEAVCString@@@Z
?IsDiskOffline@CDMNodeObj@@QEAAHXZ
?GetDiskStatus@CDMNodeObj@@QEAAHAEAVCString@@@Z
?EnumVolumeMembers@CDMNodeObj@@QEAAXPEAPEA_JAEAJ@Z
?GetDiskTypeName@CDMNodeObj@@QEAAXAEAVCString@@@Z
?Command@CContextMenu@@QEAAJJPEAUIDataObject@@_J@Z

kernel32

GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
LocalAlloc
LocalFree
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_AddMasked

user32

GetWindowRect
EnableWindow
SendMessageW
RegisterWindowMessageW
NotifyWinEvent
BeginPaint
GetClientRect
EndPaint
GetDC
ReleaseDC
ShowScrollBar
GetSysColor
GetFocus
InvalidateRect
ScreenToClient
SystemParametersInfoW
GetCursorPos
PtInRect
GetKeyState
DrawFrameControl
LoadCursorW
SetCursor
LoadBitmapW
PostMessageW
GetParent
SetRect
ClientToScreen
FillRect
DrawTextExW
DrawIconEx
LoadImageW
DestroyIcon
IsWindow
PostThreadMessageW

oleaut32

LoadRegTypeLi
SysAllocString

gdi32

BitBlt
CreateBitmap
GetDeviceCaps
SelectObject
CreateCompatibleDC
GetTextMetricsW
CreateFontIndirectW
CreateSolidBrush
PatBlt
GetBkColor
ExtTextOutW
CreateHatchBrush
GetTextExtentPoint32W

shlwapi

StrCmpLogicalW

oleacc

AccessibleObjectFromWindow
LresultFromObject

dmutil

ShowMessage

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QEAAXPEAU_LDM_OBJ_MAP_ENTRY@@@Z
?GetDiskCount@CDataCache@@QEAAKXZ
?GetLdmObjectId@CDMNodeObj@@QEAA_JXZ
?GetNumMembers@CDMNodeObj@@QEAAKXZ
?GetOcxFrameCWndPtr@CTaskData@@QEAAPEAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QEAAXPEAPEAU_REGION_COLORS@@AEAH@Z
?GetServerName@CDataCache@@QEAA?AVCString@@XZ
?GetVolumeCount@CDataCache@@QEAAKXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnscmmc.dll
.dll regsvr32 windows:6 windows x64 arch:x64

3922b90b5a2eecbfa5765ccf4dbe450f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dnscmmc.pdb

Imports

msvcrt

??2@YAPEAX_K@Z
_CxxThrowException
_cexit
abort
memmove
??3@YAXPEAX@Z
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_errno
memset

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree
CoCreateInstance

kernel32

RtlVirtualUnwind
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
OutputDebugStringA
GetProcAddress
SetLastError
GetVersion
GetLastError
VirtualQuery
RtlPcToFileHeader
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
lstrlenW
GlobalAlloc
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
Sleep
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter

mscoree

_CorDllMain
CorBindToRuntimeEx

user32

LoadStringW
LoadImageA
RegisterClipboardFormatW

advapi32

RegQueryValueExW
RegDeleteKeyW
RegDeleteTreeW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dot3ui.dll
.dll windows:6 windows x64 arch:x64

807a51a3a4adf5322d1fa6279eea372a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dot3ui.pdb

Imports

msvcrt

realloc
_errno
_onexit
__dllonexit
_unlock
_lock
_initterm
__CxxFrameHandler3
_beginthreadex
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
_itow
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
memcpy
memcmp
logf
log
wcsncpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memmove_s
memset
_purecall
memcpy_s
malloc
free
_endthreadex
wcscmp

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlQueryWnfStateData

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyExW

gdi32

GetDeviceCaps
SetBkMode
DeleteObject
Rectangle
GetStockObject
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
SetTextColor

user32

GetDlgItem
InvalidateRect
SetClassLongPtrW
LoadIconW
BeginPaint
DrawIcon
IsWindowEnabled
DrawTextW
PostMessageW
EndPaint
MessageBoxW
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
UnregisterClassA
SetTimer
GetSysColor
LoadStringW
ShowWindow
EnableWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetDlgItemInt
GetWindowRect
GetParent
GetDC
SetDlgItemInt
ReleaseDC
GetSystemMetrics
SendMessageW
GetDlgCtrlID
CharNextW
MoveWindow
EnumChildWindows
GetWindowLongW
GetWindowInfo
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
SetWindowTextW
GetLastInputInfo
SystemParametersInfoW
TranslateMessage
SetFocus
GetKeyState
KillTimer
GetMessageW
IsWindowVisible

dot3api

Dot3CloseHandle
Dot3OpenHandle
Dot3SetProfileEapUserData
Dot3SetProfile
Dot3GetProfileEapUserDataInfo
Dot3ReasonCodeToString
Dot3FreeMemory
Dot3QueryAutoConfigParameter
Dot3GetCurrentProfile

kernel32

GetLastError
RaiseException
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
DelayLoadFailureHook
ResolveDelayLoadedAPI
lstrcmpW
SetLastError
CloseHandle
GetProcAddress
GetSystemWindowsDirectoryW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
FindResourceW
LockResource
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
GetModuleHandleW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceExW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

Dot3CreatePsPage

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dxdiagn.dll
.dll regsvr32 windows:6 windows x64 arch:x64

79541348d2cc02f1aa1e0f580504266b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dxdiagn.pdb

Imports

msvcrt

towlower
free
towupper
malloc
iswalpha
?what@exception@@UEBAPEBDXZ
_wtoi
wcsrchr
_vsnwprintf
_vsnprintf
wcsncmp
??1exception@@UEAA@XZ
wcsstr
swscanf
isdigit
_wsplitpath_s
_CxxThrowException
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
memset
memcpy
memcmp
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_lock
_unlock
wcschr
__dllonexit
_onexit
iswdigit
realloc
_wcsicmp
memmove_s
_wcsnicmp
wcscmp

advapi32

WmiQuerySingleInstanceW
WmiOpenBlock
WmiCloseBlock
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW

user32

FindWindowW
LoadStringW
CharLowerBuffW
GetDC
ReleaseDC
CharNextW
EnumDisplaySettingsW
GetSystemMetrics
SystemParametersInfoA

gdi32

GetDeviceCaps

kernel32

GetPrivateProfileStringW
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
GetWindowsDirectoryW
CloseHandle
GetCurrentDirectoryW
CreateFileW
FileTimeToSystemTime
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
GetFullPathNameW
LocalFree
GetSystemPowerStatus
GlobalMemoryStatus
GetFileAttributesW
GetVersionExA
FindClose
GetProfileIntW
OpenProcess
GetLocalTime
GetSystemInfo
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
MultiByteToWideChar
GetVersionExW
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryExW
lstrlenA
FindFirstFileW
GetProcAddress
GetLastError
lstrlenW
lstrcmpW
CompareStringW
LoadLibraryW
FreeLibrary
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringW
GetModuleFileNameW

winmm

mmioOpenW
mmioClose
mmioDescend
waveOutMessage
waveOutGetDevCapsW
mmioRead

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfacePropertyW
SetupDiOpenDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList

ole32

CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemFree

powrprof

PowerGetActiveScheme
PowerReadACValue
PowerReadDCValue

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantCopy
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData

dxgi

CreateDXGIFactory1

dwmapi

DwmIsCompositionEnabled

d3d11

D3D11CreateDevice

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
elshyph.dll
.dll windows:6 windows x64 arch:x64

b6b3ace989c6db7ab2cafc69ea32ef86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

elshyph.pdb

Imports

msvcrt

realloc
free
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
??8type_info@@QEBAHAEBV0@@Z
_vsnwprintf
towlower
bsearch
_wtoi
setlocale
memcpy
strerror
___mb_cur_max_func
_errno
__pctype_func
___lc_handle_func
___lc_codepage_func
calloc
__crtLCMapStringW
__uncaught_exception
abort
_CxxThrowException
??0exception@@QEAA@XZ
memcmp
memset
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
wcscpy_s
_XcptFilter
malloc
_purecall
??_V@YAXPEAX@Z
memmove
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

kernel32

DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
GetUserPreferredUILanguages
UnmapViewOfFile
CloseHandle
CreateFileW
GetLastError
LocalFree
CreateFileMappingW
MapViewOfFile
CompareStringOrdinal
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetSystemWindowsDirectoryW
AcquireSRWLockExclusive
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer

advapi32

RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegOpenCurrentUser
RegEnumKeyExW
EventWrite
EventUnregister
EventRegister
RegQueryInfoKeyW
RegEnumValueW

shlwapi

PathAppendW

Exports

Exports

DoAction
FreePropertyBag
FreeService
InitService
RecognizeText

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76e66707151203d149d9447dc4eab597

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

c1:da:69:29:cb:bd:3e:06:bf:14:47:24:1a:46:37:1e:96:79:c2:b1:4d:a1:28:25:36:89:ee:39:90:c0:d3:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 140KB - Virtual size: 139KB

.BSS Size: 2KB - Virtual size: 1KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 7KB - Virtual size: 6KB

b9a5cffe10ba517f801fb7c44c89a647

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 4KB - Virtual size: 29KB

.pdata Size: 9KB - Virtual size: 9KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 11KB - Virtual size: 11KB

cade1bb83eee406153899628af9ee28a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

dmdskmgr

kernel32

comctl32

user32

oleaut32

gdi32

shlwapi

oleacc

dmutil

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.data Size: 2KB - Virtual size: 12KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 11KB - Virtual size: 11KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 3KB - Virtual size: 2KB

3922b90b5a2eecbfa5765ccf4dbe450f

Headers

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

c1:da:69:29:cb:bd:3e:06:bf:14:47:24:1a:46:37:1e:96:79:c2:b1:4d:a1:28:25:36:89:ee:39:90:c0:d3:c2
Signer

.text
Size: 140KB - Virtual size: 139KB

.BSS
Size: 2KB - Virtual size: 1KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 4KB - Virtual size: 29KB

.pdata
Size: 9KB - Virtual size: 9KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 91KB - Virtual size: 91KB

.data
Size: 2KB - Virtual size: 12KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 120KB - Virtual size: 120KB

.nep
Size: 512B - Virtual size: 64B

.data
Size: 1024B - Virtual size: 44KB

.pdata
Size: 1024B - Virtual size: 684B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 858B

.text
Size: 135KB - Virtual size: 135KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 156KB - Virtual size: 156KB

.reloc
Size: 1024B - Virtual size: 744B

.text
Size: 292KB - Virtual size: 291KB

.data
Size: 512B - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB