294f11df5942d61f639d1fe4b55d96477552892afcc979ae72b5801d3db2516e

Sharing

Copy URL Twitter E-mail

General

Target

294f11df5942d61f639d1fe4b55d96477552892afcc979ae72b5801d3db2516e
Size

316KB
MD5

e44558974ea5357f07a6be4effe5b1dc
SHA1

52b23666b2bd39d10b8ee4a2b971f92a01469bed
SHA256

294f11df5942d61f639d1fe4b55d96477552892afcc979ae72b5801d3db2516e
SHA512

18b319581615a2ff6b83f8df8fec7eddd7826a597b2669ba387047b8dbfbb288d62be92023d9c80bbc887f8aa507f76428ff2622d92a77ffe69584ab20aeb68b
SSDEEP

6144:qpPcn3QlHgrFOSroGS0ya3VzvUJfqfKmJ+5AOoW6QPFgAQfQde4to5W:GPcn3QlHyJrZ33VzvU4K5GIto5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
294f11df5942d61f639d1fe4b55d96477552892afcc979ae72b5801d3db2516e

Files

294f11df5942d61f639d1fe4b55d96477552892afcc979ae72b5801d3db2516e
.dll windows:5 windows x86 arch:x86

20b26467556335be10e36b2bd3467148

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Wolfgang\git\outldd\cpp\outldd\Release_x86\outldd.pdb

Imports

shlwapi

SHCreateStreamOnFileW

psapi

GetModuleFileNameExA
EnumProcessModules
GetModuleInformation

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

RegisterClipboardFormatW
GetClipboardFormatNameW
GetTopWindow
GetWindowThreadProcessId
GetWindow
SetWindowLongW
PostMessageW
GetClassNameW

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleMode
GetConsoleCP
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GlobalReAlloc
LocalAlloc
RaiseException
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GlobalFree
CreateEventW
CloseHandle
SetEvent
GetCurrentProcessId
SetLastError
HeapReAlloc
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FileTimeToSystemTime
GetTempPathW
GetComputerNameW
CreateFileW
WriteFile
GetFileInformationByHandle
GetSystemTime
SystemTimeToFileTime
CompareFileTime
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
GetLocalTime
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentProcess
VirtualProtect
IsValidLocale
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
WaitForMultipleObjects
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType

ole32

OleGetClipboard
CreateILockBytesOnHGlobal
RegisterDragDrop
ReleaseStgMedium
StgCreateDocfileOnILockBytes
StgCreateDocfile
GetHGlobalFromILockBytes

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

?EnableOutlookDragDrop@@YAKH@Z
?HookDllImportFunction@@YAKPAU_HookDllImportParams@@@Z
_Java_de_wim_outldd_HGlobalInputStream_free@16
_Java_de_wim_outldd_HGlobalInputStream_get__JJ@24
_Java_de_wim_outldd_HGlobalInputStream_get__JJ_3BII@36
_Java_de_wim_outldd_HGlobalInputStream_size@16
_Java_de_wim_outldd_OutlDDNativeLib_checkLicense@12
_Java_de_wim_outldd_OutlDDNativeLib_enableDragDrop@12
_Java_de_wim_outldd_OutlDDNativeLib_fileTimeToIso@16
_Java_de_wim_outldd_OutlDDNativeLib_getFileContent@12
_Java_de_wim_outldd_OutlDDNativeLib_getFileGroupDescriptor@8
_Java_de_wim_outldd_OutlDDNativeLib_getText@8
_Java_de_wim_outldd_OutlDDNativeLib_isOutlookClipboardDataAvail@8
_Java_de_wim_outldd_OutlDDNativeLib_isOutlookDataAvail@8
_Java_de_wim_outldd_OutlDDNativeLib_releaseOutlookData@8
_Java_de_wim_outldd_OutlDDNativeLib_saveFileContent@16
_Java_de_wim_outldd_OutlDDNativeLib_setLogFile@16
_Java_de_wim_outldd_OutlDDNativeLib_setTempDir@12

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20b26467556335be10e36b2bd3467148

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

psapi

version

user32

kernel32

ole32

advapi32

Exports

Exports

Sections

.text Size: 210KB - Virtual size: 209KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 210KB - Virtual size: 209KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB