31916bdacf3769b0d9186b52e2ad025f93fc8eb5f0637ce542d1208a1aa49663

Sharing

Copy URL Twitter E-mail

General

Target

31916bdacf3769b0d9186b52e2ad025f93fc8eb5f0637ce542d1208a1aa49663
Size

640KB
MD5

15aecc532331841b0926227ad669e0a2
SHA1

5dd5a2cfb0585a88f76f9be40c6b98f60b6b4170
SHA256

31916bdacf3769b0d9186b52e2ad025f93fc8eb5f0637ce542d1208a1aa49663
SHA512

763459140d0c7f17616f47ef91109289bfb19f69f40f1054977075b21fce45fe70dc8423ba6be429b69b5aa7b4becfd79ca3a56552fd86d2e0f946999c708361
SSDEEP

12288:L563RvAgrH6Wcwy/IRmci9GeGK/9RUG4cvft+TOlsL3kFlUacI6q5S:L5K4gXpyg09GeGK/UG4cvfLeUyUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31916bdacf3769b0d9186b52e2ad025f93fc8eb5f0637ce542d1208a1aa49663

Files

31916bdacf3769b0d9186b52e2ad025f93fc8eb5f0637ce542d1208a1aa49663
.dll regsvr32 windows:10 windows x64 arch:x64

1f3ac07cbc88d9e058ba4b2bef87062b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wpdshext.pdb

Imports

msvcrt

memset
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
wcsncpy_s
wcsstr
_ui64tow
malloc
vswprintf_s
_vscwprintf
_wcsicmp
wcstok_s
iswspace
wcstol
calloc
free
memmove_s
_wsplitpath_s
__C_specific_handler
wcscspn
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_CxxThrowException
logf
memcmp
memcpy
sqrtf

kernel32

CreateFileW
DelayLoadFailureHook
ResolveDelayLoadedAPI
FreeLibraryWhenCallbackReturns
TlsFree
TlsGetValue
AcquireSRWLockShared
ReleaseSRWLockShared
GetThreadPriority
TlsAlloc
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
Sleep
CompareStringOrdinal
LocalFree
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
QueryActCtxW
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CompareFileTime
GlobalFree
CreateThread
LocalAlloc
lstrcmpW
lstrcmpiW
LoadLibraryExW
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceExW
GetFileAttributesW
GetSystemTime
GetCurrentThread
CreateTimerQueueTimer
WaitForMultipleObjects
DeleteTimerQueueTimer
FileTimeToSystemTime
GlobalAlloc
GlobalReAlloc
SystemTimeToFileTime
GetTickCount
RaiseException
ExpandEnvironmentStringsW
CreateEventExW
DeleteFileW
SystemTimeToTzSpecificLocalTime
ReadFile
WriteFile
SetFilePointerEx
FlushFileBuffers
GetFileInformationByHandle
GlobalSize
GlobalLock
GlobalUnlock
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
ReleaseActCtx
SetFileAttributesW
GetLocaleInfoEx
GetUserPreferredUILanguages
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetThreadpoolTimerEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetDriveTypeW
DisableThreadLibraryCalls
GetSystemDirectoryW
GetNumberFormatW
MulDiv
GetTempPath2W
TzSpecificLocalTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
HeapSize
HeapReAlloc
HeapDestroy
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
GetTickCount64
ResumeThread
CallbackMayRunLong
FreeLibraryAndExitThread
TrySubmitThreadpoolCallback
SetThreadPriority
TlsSetValue

advapi32

GetTraceEnableLevel
TraceEvent
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
RegCloseKey
EventActivityIdControl
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
RegEnumKeyW
RegQueryValueExW

gdi32

DeleteObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
GetStockObject
GetTextExtentPointW
CreateDIBSection

shlwapi

SHRegGetValueW
StrRetToBufW
ord10
ord7
ord174
ord9
ord158
ord176
PathRemoveFileSpecW
SHGetValueW
ord172
PathCombineW
ord168
SHGetThreadRef
ord156
SHCreateStreamOnFileEx
ord8
SHStrDupW
ord219
ord199
PathFindExtensionW
PathStripPathW
PathAddBackslashW
PathAppendW
StrCmpIW
StrStrW
StrCSpnW
PathFindFileNameW
StrCmpW
ord388
ord16
StrCmpLogicalW
PathRemoveBlanksW
AssocQueryKeyW
StrFormatByteSizeW
PathRemoveExtensionW
AssocCreate

user32

MsgWaitForMultipleObjectsEx
DialogBoxParamW
InsertMenuW
RemoveMenu
GetSubMenu
TrackPopupMenu
SetFocus
SetForegroundWindow
GetForegroundWindow
GetShellWindow
LoadMenuW
DestroyMenu
GetMenuItemCount
GetMenuItemInfoW
UnregisterClassA
LoadStringW
SetMenuDefaultItem
SendMessageW
SetWindowTextW
SetDlgItemTextW
EndDialog
GetDlgItem
GetWindowLongPtrW
SetWindowLongPtrW
IsDlgButtonChecked
UnhookWindowsHookEx
SendDlgItemMessageW
CheckDlgButton
EnableWindow
ShowWindow
GetWindowLongW
SetWindowLongW
GetClientRect
GetSystemMetrics
LoadImageW
GetParent
IsChild
CallNextHookEx
CreateWindowExW
SetWindowPos
SetWindowsHookExW
GetDC
ReleaseDC
GetWindowRect
ScreenToClient
SetTimer
KillTimer
PostMessageW
GetDlgCtrlID
DestroyIcon
GetWindowTextW
CopyImage
GetSysColor
GetCursorPos
DefWindowProcW
GetClassInfoW
LoadCursorW
RegisterClassW
FindWindowW
GetWindow
GetClassNameW
GetWindowThreadProcessId
SendMessageTimeoutW
SwitchToThisWindow
GetLastActivePopup
DestroyWindow
RegisterClipboardFormatW

gdiplus

GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromGraphics
GdipDrawImageRect
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipSetSolidFillColor
GdipFillEllipseI
GdipDrawArcI
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdiplusStartup
GdipSetClipRectI
GdipDrawLineI
GdipDrawEllipseI
GdipFillPieI
GdipDrawPieI
GdipCreateBitmapFromScan0
GdipSetCompositingMode
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipGetPathLastPoint

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage

Exports

Exports

CDefFolderMenu_MergeMenu
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f3ac07cbc88d9e058ba4b2bef87062b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

gdi32

shlwapi

user32

gdiplus

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-featurestaging-l1-1-0

Exports

Exports

Sections

.text Size: 492KB - Virtual size: 491KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 20KB - Virtual size: 20KB

.pdata Size: 20KB - Virtual size: 16KB

.didat Size: 4KB - Virtual size: 808B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 492KB - Virtual size: 491KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 20KB - Virtual size: 20KB

.pdata
Size: 20KB - Virtual size: 16KB

.didat
Size: 4KB - Virtual size: 808B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB