15972de7a1698be061067dfa1ac6c2d99fd62cb33abda91a3bdb04225afed32c

Sharing

Copy URL Twitter E-mail

General

Target

15972de7a1698be061067dfa1ac6c2d99fd62cb33abda91a3bdb04225afed32c
Size

1.1MB
MD5

9a812ced5b087a15edf5fc566d0ea159
SHA1

dc0d99139b8cbdfb2016dac62164850781df134d
SHA256

15972de7a1698be061067dfa1ac6c2d99fd62cb33abda91a3bdb04225afed32c
SHA512

dbae271166e8f0305ee652219f941fda777d0f125149d456756a4cedfdf866b39f7903ae9781df28bcc29367a004b066e686f471f4d09d83a01ab23ddc227128
SSDEEP

24576:C6QWUocPK7RTCBX3fY3zzjLq7aP+yMHaWJ6pA43X/HEkku:C6QWUocPjBHe++P+yM6WJ6pDX/HEkku

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15972de7a1698be061067dfa1ac6c2d99fd62cb33abda91a3bdb04225afed32c

Files

15972de7a1698be061067dfa1ac6c2d99fd62cb33abda91a3bdb04225afed32c
.dll windows:5 windows x64 arch:x64

953b01306330bf1c7bce158ed1c4b9ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

h:\WorkshopAgent\DevelopProjX\TWaterMask\20230202_V4.64.708.8301_B4.64.708.0\Bin\Release\TWaterMask64.pdb

Imports

kernel32

GetCurrentProcessId
WaitForSingleObject
MoveFileW
DeleteFileW
CopyFileW
GetTickCount
GetModuleFileNameW
MulDiv
GetLastError
IsBadReadPtr
WriteFile
SetEndOfFile
GetSystemDirectoryA
GetCurrentDirectoryA
GetSystemDirectoryW
GetCurrentDirectoryW
GetModuleFileNameA
LoadLibraryW
CreateFileA
MultiByteToWideChar
IsBadWritePtr
WideCharToMultiByte
GetModuleHandleA
GetFileInformationByHandle
GetModuleHandleW
GetFileAttributesExW
CreateThread
GetCurrentProcess
GetProfileStringA
OpenProcess
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
Sleep
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
GetCurrentThreadId
LoadLibraryExW
GetProcAddress
FreeLibrary
QueryDosDeviceW
GetDriveTypeA
DefineDosDeviceA
QueryDosDeviceA
GetDiskFreeSpaceExA
LoadResource
FindResourceExA
lstrlenA
lstrlenW
GetVersionExA
LocalFree
FormatMessageA
GetACP
FormatMessageW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
CreateEventA
SetEvent
PulseEvent
ResetEvent
WaitForMultipleObjects
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
GetExitCodeThread
FileTimeToSystemTime
FileTimeToLocalFileTime
OutputDebugStringW
FreeConsole
WriteConsoleA
GetStdHandle
AllocConsole
GetLocalTime
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
FlsSetValue
GetCommandLineA
GetDateFormatA
GetTimeFormatA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
HeapSize
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FatalAppExitA
HeapReAlloc
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
SetFileAttributesW
GetFileAttributesW
MoveFileA
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
MoveFileExW
MoveFileExA
CopyFileA
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
lstrcmpA
CreateProcessA
CreateProcessW
SetPriorityClass
GetPriorityClass
GetThreadPriority
GetExitCodeProcess
VirtualQueryEx
GetSystemInfo
LocalAlloc
GetDriveTypeW
GetLogicalDrives
GetVolumeInformationA
SetVolumeLabelA

user32

wsprintfW
ReleaseDC
GetDC
MsgWaitForMultipleObjects
wsprintfA
MessageBoxW
GetSystemMetrics
SystemParametersInfoW
FillRect
GetWindowDC
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseDesktop
LoadCursorA
SetCursor
GetClientRect
ClientToScreen
GetWindowRect
IsRectEmpty
GetParent
GetClassNameW
GetWindowTextW
DrawTextW

gdi32

SetBkMode
Ellipse
LineTo
CreateDCA
CreatePalette
RealizePalette
CreateDIBitmap
SetDIBits
GetDIBits
SetDIBColorTable
GdiFlush
GetPaletteEntries
CreateCompatibleBitmap
SetPixel
GetCurrentObject
SelectPalette
GetBkColor
GetViewportOrgEx
GetViewportExtEx
SetViewportExtEx
GetStockObject
GetObjectW
GetTextColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
SetBkColor
ExtTextOutA
CreateSolidBrush
DeleteDC
CreateFontIndirectW
CreatePen
BeginPath
TextOutW
EndPath
StrokePath
GetDeviceCaps
RestoreDC
SetWorldTransform
GetWorldTransform
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
GetMapMode
SaveDC
MoveToEx
GetTextMetricsA
GetTextAlign
GetTextExtentExPointW
GetTextCharacterExtra
GetTextExtentPoint32W
LPtoDP
DeleteObject
ExtTextOutW
SelectObject
SetStretchBltMode
SetTextAlign
GetObjectA
CreateDIBSection
CreateCompatibleDC
StretchBlt
BitBlt

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegConnectRegistryA
RegQueryValueExW
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegSetValueExW
RegEnumValueA
RegOpenKeyW
RegCreateKeyW
RegCreateKeyExW
GetTokenInformation
SetFileSecurityA
RegSetKeySecurity
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW
GetUserNameA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA

ole32

CoUninitialize
CoInitializeEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oleaut32

DosDateTimeToVariantTime

Exports

Exports

FreeReply
GetRegFuncsInfo
TDMFCreateInstance
TDMFDelete
TDMFDestroyContentKeys
TDMFDestroyInstance
TDMFGetContentKeys
TDMFInit
TDMFInit2
TDMFInitCheckWatermarkFlag
TDMFInitContent
TDMFInitDeleteFlag
TDMFInitSDKPath
TDMFIsFileHasWatermark
TDMFOFCDelete
TDMFOFCInitSDKPath
TDMFOFCSet
TDMFSet
TDMFSetEx
TDMFTransformCheckResult
TDMFTransformResult
TDMFTransformResult2
TDMFUnInit
TWMBlindCreatePolicy
TWMBlindDestroyPolicy
TWMBlindDraw
TWMBlindDrawXml
TWMBlindDrawXmlPreview
TWMBlindSetPolicy
TWMBlindSetPolicyXml
TWMCreatePolicy
TWMDebugEnableDrawLine
TWMDebugEnableSaveDib
TWMDebugGetFlag
TWMDebugSetBorderConfig
TWMDebugSetFlag
TWMDebugSetFontColorDif
TWMDebugSetLevel
TWMDebugSetPath
TWMDelFlowPropertyRaw
TWMDelProperty
TWMDelPropertyRaw
TWMDelPropertyRawEx
TWMDelWaterMark
TWMDestroyBuf
TWMDestroyParamRangeBuf
TWMDestroyPolicy
TWMDraw
TWMDrawEx
TWMDrawEx2
TWMDrawNoSnapshotXML
TWMDrawXml
TWMDrawXmlEx
TWMDrawXmlEx2
TWMFillBlindDataObject
TWMFillBlindDotsRelease
TWMFinalize
TWMGetFlowPropertyRaw
TWMGetParamRange
TWMGetProperty
TWMGetPropertyRaw
TWMGetPropertyRawEx
TWMGetTextMask
TWMGetTextSize
TWMGetTextSizeEx
TWMGetWaterMark
TWMHaveColorAutoPolicy
TWMInitDocWaterMarkPropertyParam
TWMIsInstallWPS
TWMIsSmallImage
TWMIsUse64Image
TWMLatticeCreatePolicy
TWMLatticeDestroyPolicy
TWMLatticeDraw
TWMLatticeDrawEx
TWMLatticeDrawEx2
TWMLatticeDrawXml
TWMLatticeDrawXmlEx
TWMLatticeDrawXmlEx2
TWMLatticeGenCode
TWMLatticeHaveColorAutoPolicy
TWMLatticeSetCode
TWMLatticeSetCodeSize
TWMLatticeSetPolicy
TWMLatticeSetPolicyXml
TWMPolicyDestroyStruct
TWMPolicyDestroyStructEx
TWMPolicyDestroyXml
TWMPolicyStructToXml
TWMPolicyStructToXmlEx
TWMPolicyXmlRemoveAutoColor
TWMPolicyXmlToStruct
TWMPolicyXmlToStructEx
TWMPolicyXmlToStructEx2
TWMRegisterDocProperty
TWMReplaceWMXmlParamToCustom
TWMSetFlowPropertyRaw
TWMSetNoClearType
TWMSetPolicy
TWMSetPolicyXml
TWMSetPropertyRaw
TWMSetPropertyRawEx
TWMSetSDKPath
TWMSetTextValue
TWMSetWaterMarkProperty
TWMSetWaterMarkPropertyEx
TWMSetWaterMarkPropertyXml
TWMSetWaterMarkPropertyXmlEx
TWMSetWaterMarkPropertyXmlLock
TWMSyncServerTime
TWMXorDraw
TWMXorDrawXml

Sections

.text
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

953b01306330bf1c7bce158ed1c4b9ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

version

oleaut32

Exports

Exports

Sections

.text Size: 764KB - Virtual size: 763KB

.rdata Size: 269KB - Virtual size: 269KB

.data Size: 21KB - Virtual size: 65KB

.pdata Size: 57KB - Virtual size: 57KB

text Size: 4KB - Virtual size: 4KB

data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 764KB - Virtual size: 763KB

.rdata
Size: 269KB - Virtual size: 269KB

.data
Size: 21KB - Virtual size: 65KB

.pdata
Size: 57KB - Virtual size: 57KB

text
Size: 4KB - Virtual size: 4KB

data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB