370ae1aec2770da9ffe4d6c428a308936b12b08b5108b2ca9593650b0372e9f7

Sharing

Copy URL Twitter E-mail

General

Target

370ae1aec2770da9ffe4d6c428a308936b12b08b5108b2ca9593650b0372e9f7
Size

1.4MB
MD5

626b3e76d60a13ff15376e483d53c41d
SHA1

0b7229f62ebfc1c04ffb7e290d347887ece6e082
SHA256

370ae1aec2770da9ffe4d6c428a308936b12b08b5108b2ca9593650b0372e9f7
SHA512

fd202bd066965a3ba7fbe598ba54e61f93431d4e096aa87724c66f997d18660fb6b3e8d8f2576b3d664311ef4e3a36b58b0ab742b41b07b1456ffe1843cf4cdb
SSDEEP

12288:tODeUOSsTRbtu/TNd1UMBJyNYD6+RoTop5+pwVFQiqTr1Ov:VUAbtu7Nd1UeMC++RQozWAGiqT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
370ae1aec2770da9ffe4d6c428a308936b12b08b5108b2ca9593650b0372e9f7

Files

370ae1aec2770da9ffe4d6c428a308936b12b08b5108b2ca9593650b0372e9f7
.dll regsvr32 windows:10 windows x64 arch:x64

9d56cc5559eace3d28bf3a781de895cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wdsmgmt.pdb

Imports

msvcrt

fgetc
fclose
_get_errno
_set_errno
_wtoi64
wcstol
bsearch
iswalnum
wcsncat_s
wcstoul
iswxdigit
towlower
iswdigit
toupper
clock
wprintf
towupper
_vsnprintf
feof
__CxxFrameHandler3
__RTDynamicCast
memcpy
memmove
memset
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_wtoi
_wcslwr
swscanf_s
wcstok
_wcsnicmp
iswspace
?what@exception@@UEBAPEBDXZ
wcsrchr
wcsstr
_wcsicmp
wcschr
memmove_s
wcsncmp
??0exception@@QEAA@XZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_wfopen
memcmp
_vsnwprintf
calloc
_purecall
_resetstkoflw
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
wcscmp

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WakeAllConditionVariable
SleepConditionVariableSRW
OutputDebugStringA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
ExpandEnvironmentStringsW
GetEnvironmentVariableW
HeapDestroy
HeapReAlloc
HeapSize
VirtualQuery
GetSystemInfo
LoadLibraryExA
VirtualProtect
GetTempFileNameW
SetEvent
CreateEventW
CompareStringW
GetVolumeInformationW
GetVolumePathNameW
GetPrivateProfileStringW
FindFirstFileW
SetFilePointer
ReadFile
CreateFileW
RtlVirtualUnwind
GetLongPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFullPathNameW
GetCurrentDirectoryW
FindClose
FindNextFileW
GetTempPathW
GetCurrentThread
GetComputerNameExW
GetVersionExW
GetLocaleInfoW
WriteFile
GetFileTime
CompareFileTime
GetFileAttributesExW
RemoveDirectoryW
GetFileSizeEx
SystemTimeToFileTime
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
InitializeSListHead
InterlockedPopEntrySList
WritePrivateProfileSectionW
CopyFileW
CopyFileExW
DeleteFileW
FileTimeToSystemTime
CreateSemaphoreExW
CreateMutexExW
SearchPathW
GetSystemDefaultUILanguage
DeviceIoControl
GetComputerNameW
GetCurrentProcessId
LocalFree
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateThreadpoolTimer
OpenSemaphoreW
WaitForSingleObject
LocalAlloc
InitializeCriticalSectionEx
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
CloseHandle
CreateFileMappingW
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThreadId
FormatMessageW
SetThreadLocale
GetThreadLocale
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MapViewOfFile
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
UnmapViewOfFile
GetUserDefaultUILanguage
SetEnvironmentVariableW

advapi32

CryptAcquireContextW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceW
StartServiceW
CryptReleaseContext
ControlService
CloseServiceHandle
QueryServiceStatus
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
LookupAccountSidW
LookupAccountNameW
GetLengthSid
GetSecurityDescriptorControl
RegConnectRegistryW
OpenSCManagerW
ChangeServiceConfigW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
SetNamedSecurityInfoW
EqualSid
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidW
GetExplicitEntriesFromAclW
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey
ImpersonateSelf
OpenThreadToken
RevertToSelf
FreeSid
LogonUserW
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
MakeSelfRelativeSD
CryptGetHashParam
CryptDestroyHash
CryptCreateHash
CryptHashData
CreateWellKnownSid

netapi32

NetShareGetInfo
NetShareDel
NetShareAdd
NetUserSetInfo
NetGetJoinInformation
NetApiBufferFree
NetWkstaGetInfo
DsGetDcNameW
NetValidateName

user32

UnregisterClassA
LoadStringW
CharNextW

ws2_32

ntohs
inet_addr
closesocket
WSAIoctl
WSASocketW
WSAGetLastError
WSAAddressToStringW
FreeAddrInfoW
GetAddrInfoW
WSACleanup
ntohl
WSAStartup

ole32

CoCreateInstance
StringFromGUID2
CLSIDFromProgID
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc

oleaut32

RegisterTypeLi
SysFreeString
VarUI4FromStr
SafeArrayGetLBound
SafeArrayCopy
LoadTypeLi
SysAllocString
SafeArrayGetUBound
SafeArrayGetElement
VariantTimeToSystemTime
GetErrorInfo
SafeArrayGetVartype
SysStringLen
LoadRegTypeLi
VariantInit
VariantClear
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayCreate
SetErrorInfo
SafeArrayPutElement
UnRegisterTypeLi

wldap32

ord12
ord41
ord26
ord27
ord133
ord140
ord206
ord73
ord155
ord208
ord88
ord135
ord36
ord13
ord145
ord142
ord191
ord79
ord69
ord120
ord18
ord224
ord147
ord113
ord16
ord157

setupapi

SetupOpenFileQueue
SetupOpenAppendInfFileW
SetupCloseInfFile
SetupOpenInfFileW
SetupQueueCopyW
SetupCommitFileQueueW
SetupCloseFileQueue
SetupFindFirstLineW
SetupGetFieldCount
SetupGetStringFieldW
SetupDiClassNameFromGuidW
SetupVerifyInfFileW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupFindNextLine

dnsapi

DnsValidateName_W

unattend

UnattendCtxDeserialize
UnattendCtxOpenNode
UnattendCtxCleanup
UnattendCtxGetCountByNode
UnattendCtxGetStringByNode

ntdll

NtQuerySystemInformation
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ntdsapi

DsCrackNamesW
DsFreeNameResultW
DsUnBindW
DsBindW

wintrust

WinVerifyTrust

normaliz

IdnToAscii

wdscsl

WdsClientFreeLibrary
WdsClientInitializeLibrary
WdsCpRecvPacketInitialize
WdsCpParameterValidate
WdsClientExecute
WdsCpPacketRelease
WdsClientSessionExecute
WdsClientSessionShutdown
WdsClientSessionCreate
WdsClientPacketFree
WdsCpPacketInitialize
WdsCpParameterAdd
WdsCpParameterQuery
WdsCpPacketGetBuffer

wdsimage

WdsImgGetPartitionStyle
WdsImgGetCompressionType
WdsImgGetSystemRoot
WdsImgIsFoundationImage
WdsImgGetProductName
WdsImgGetProductFamily
WdsImgGetServicePackLevel
WdsImgGetVersion
WdsImgGetDependantFiles
WdsImgGetLanguage
WdsImgGetLanguages
WdsImgGetSize
WdsImgGetLastModifiedTime
WdsImgGetCreationTime
WdsImgGetHalName
WdsImgGetArchitecture
WdsImgGetEnabled
WdsImgGetSecurity
WdsImgGetDescription
WdsImgGetName
WdsImgRefreshData
WdsImgDeleteImage
WdsImgGetUnattendFilePresent
WdsImgSetUnattendFile
WdsImgDeleteUnattendFile
WdsImgGetBootIndex
WdsImgClose
WdsImgGetIndex
WdsImgGetPath
WdsImgIsBootImage
WdsImgIsAccessible
WdsImgSetDescription
WdsImgSetSecurity
WdsImgSetEnabled
WdsImgApplyImage
WdsImgGetImageIdentifierPresent
WdsImgGetImageIdentifier
WdsImgGroupGetImageFormat
WdsImgGroupGetName
WdsImgGroupGetSecurity
WdsImgGroupSetName
WdsImgGroupSetSecurity
WdsImgGroupCanImportImage
WdsImgOpenImage
WdsImgClearImageIdentifier
WdsImgAssignPredefinedImageIdentifier
WdsImgAssignImageIdentifier
WdsImgExtractFiles
WdsImgImportImage
WdsImgCopyImage
WdsImgExportImage
WdsImgReplaceImage
WdsImgOpenImageStore
WdsImgOpenBootImageGroup
WdsImgOpenImageGroup
WdsImgFindFirstImageGroup
WdsImgGetHandleFromFindHandle
WdsImgFindNextImageGroup
WdsImgGetImageFormat
WdsImgCreateImageGroup
WdsImgDeleteImageGroup
WDSFreeImageInformation
WdsImgGetXml
WDSParseImageInformation
WDSInitializeEmptyImageInformation
WdsImgCaptureImage
WdsImgSetBootImage
WdsImgVerifyImageFile
WdsImgFindFirstImage
WdsImgFindNextImage
WdsImgIsValidImageFile
WdsImgSetName

iphlpapi

GetAdaptersAddresses

shlwapi

StrCmpNIW
PathIsUNCW

mpr

WNetCancelConnection2W
WNetAddConnection2W

drvstore

DriverPackageEnumDriversW
DriverPackageGetVersionInfoW
DriverPackageOpenW
DriverPackageClose
DriverPackageEnumFilesW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d56cc5559eace3d28bf3a781de895cf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

netapi32

user32

ws2_32

ole32

oleaut32

wldap32

setupapi

dnsapi

unattend

ntdll

version

ntdsapi

wintrust

normaliz

wdscsl

wdsimage

iphlpapi

shlwapi

mpr

drvstore

Exports

Exports

Sections

.text Size: 766KB - Virtual size: 765KB

.rdata Size: 419KB - Virtual size: 418KB

.data Size: 40KB - Virtual size: 45KB

.pdata Size: 28KB - Virtual size: 27KB

.didat Size: 512B - Virtual size: 184B

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 766KB - Virtual size: 765KB

.rdata
Size: 419KB - Virtual size: 418KB

.data
Size: 40KB - Virtual size: 45KB

.pdata
Size: 28KB - Virtual size: 27KB

.didat
Size: 512B - Virtual size: 184B

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 9KB - Virtual size: 8KB