a46a3daaeaffb8bd3f68af5e9201fa2638251f897127956120b7235292a45e1c

Sharing

Copy URL Twitter E-mail

General

Target

a46a3daaeaffb8bd3f68af5e9201fa2638251f897127956120b7235292a45e1c
Size

996KB
MD5

53e926146ef243b5463a98abb1150f47
SHA1

e5442da8e8d87e9936ac1e822c90947064d3f171
SHA256

a46a3daaeaffb8bd3f68af5e9201fa2638251f897127956120b7235292a45e1c
SHA512

5485b3118626db337d38033007c92fa0abf94f5fd99aeb85427d05156897895ad5d8c4c322e74cbe97903ee448a4bfb8b810bab7a4c5b7668a25358e2e18170c
SSDEEP

24576:DIDSrbOlB5cUIIHWnlCTXY4udVHq4nUvV:D6SrhCqCTXY4u78

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a46a3daaeaffb8bd3f68af5e9201fa2638251f897127956120b7235292a45e1c

Files

a46a3daaeaffb8bd3f68af5e9201fa2638251f897127956120b7235292a45e1c
.dll windows:4 windows x86 arch:x86

e90f81400fc1957b5471d22055387c09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\buildsys\co\ti90\exe\vs\release\korean\tishell.pdb

Imports

timounter

vbGetBusInfo
vbGetDeviceInfo
vbUnPlug
vbDone
vbInit

advapi32

RegDeleteValueA
IsValidSid
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
GetUserNameW
RegEnumKeyExA
RegEnumValueA
GetUserNameA
SetFileSecurityW
GetSecurityDescriptorOwner
GetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority

kernel32

GetCurrentProcessId
SetEvent
ResetEvent
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
GetTempPathW
GetTempFileNameW
GetLogicalDriveStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
GetFullPathNameW
OutputDebugStringW
ExpandEnvironmentStringsW
LoadLibraryW
LoadLibraryExW
CreateProcessW
GetStartupInfoW
GetModuleFileNameW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
GetEnvironmentVariableW
SetEnvironmentVariableW
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
LocalAlloc
FormatMessageA
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsA
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CopyFileA
MoveFileA
GetFullPathNameA
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryA
LoadLibraryExA
CreateProcessA
GetModuleFileNameA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
WriteConsoleA
GetConsoleOutputCP
GetEnvironmentVariableA
SetEnvironmentVariableA
FreeLibrary
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
GetTimeZoneInformation
GetThreadLocale
GetACP
FindClose
GetLogicalDrives
SetFileApisToANSI
SetErrorMode
FindCloseChangeNotification
FindNextChangeNotification
ReadFile
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcess
DeviceIoControl
SetFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CompareStringW
FindFirstChangeNotificationW
SetLastError
GetVolumeInformationW
GetCompressedFileSizeW
InterlockedExchange
GetDiskFreeSpaceW
CompareStringA
FindFirstChangeNotificationA
WritePrivateProfileStringA
GetDiskFreeSpaceA
GetVolumeInformationA
EnumResourceLanguagesW
LockResource
LoadResource
FindResourceExW
GetSystemDefaultLangID
EnumResourceNamesW
GetSystemTimeAsFileTime
BackupRead
BackupWrite
GetFileTime
GetOEMCP
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
HeapSize
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
ExitProcess
CreateThread
ExitThread
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
GetVersionExA
GetCommandLineA
RtlUnwind
CloseHandle
GetCurrentThreadId
FormatMessageW
MultiByteToWideChar
LocalFree
GetLastError
WaitForMultipleObjects
GetExitCodeProcess
GetTickCount
GetDriveTypeW
GetDriveTypeA
GetModuleHandleA
GetVersion
WideCharToMultiByte
GetCPInfo
GetSystemInfo
QueryPerformanceCounter
SetStdHandle
GetStartupInfoA
GetFileInformationByHandle
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
VirtualProtect
VirtualQuery

user32

CreateWindowExA
GetMessageA
TranslateMessage
CharUpperBuffA
CharUpperBuffW
DispatchMessageA
PeekMessageA
CreateDialogIndirectParamA
PostMessageA
SendNotifyMessageA
SendMessageA
SetWindowLongA
GetWindowLongA
DefWindowProcA
VkKeyScanExA
WinHelpA
GetClipboardFormatNameA
SystemParametersInfoA
SetWindowTextA
ModifyMenuA
AppendMenuA
RegisterClipboardFormatA
RegisterClassExA
WinHelpW
VkKeyScanExW
VkKeyScanW
SystemParametersInfoW
SetWindowTextW
ModifyMenuW
AppendMenuW
GetClipboardFormatNameW
RegisterClipboardFormatW
DispatchMessageW
PeekMessageW
CreateDialogIndirectParamW
PostMessageW
SendNotifyMessageW
SendMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
RegisterClassExW
MessageBoxA
InsertMenuW
InsertMenuA
wsprintfW
VkKeyScanA

gdi32

GetTextMetricsW
EnumFontFamiliesExW
CreateFontIndirectA
EnumFontFamiliesExA
CreateFontIndirectW
GetTextMetricsA

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
DragQueryFileW
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA
SHGetFileInfoA
ShellExecuteExW
ShellExecuteW
DragQueryFileA

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA

mpr

WNetAddConnection3A
WNetGetUniversalNameA
WNetAddConnection3W
WNetGetUniversalNameW

ole32

CoCreateInstance
OleInitialize

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 468KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e90f81400fc1957b5471d22055387c09

Headers

File Characteristics

PDB Paths

Imports

timounter

advapi32

kernel32

user32

gdi32

shell32

comdlg32

mpr

ole32

version

Exports

Exports

Sections

.text Size: 468KB - Virtual size: 466KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 28KB - Virtual size: 41KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 468KB - Virtual size: 466KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 28KB - Virtual size: 41KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 48KB - Virtual size: 44KB