0b19ddf4b4070d3d038591c369ea2c78d155afda78c858344e9deba5b7701696

Sharing

Copy URL Twitter E-mail

General

Target

0b19ddf4b4070d3d038591c369ea2c78d155afda78c858344e9deba5b7701696
Size

159KB
MD5

5eedbd25f5d3aee8ef2e96593dbd969c
SHA1

de408300085a9bcee764ff329fd22df66fb0c9ae
SHA256

0b19ddf4b4070d3d038591c369ea2c78d155afda78c858344e9deba5b7701696
SHA512

6fc0d088f3e82f37f725382f7943e7e258f866d95a6a652b6e3acb5870a061df87253f1830532a1a4570db47db2402b029c78182f59660cfb851bf86012578d9
SSDEEP

3072:pZolxH3m7aAprIsuqVaoePd9gThmqYBp4AWWp+s5nnKLXd:pjriqUsNhAJnnqXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b19ddf4b4070d3d038591c369ea2c78d155afda78c858344e9deba5b7701696

Files

0b19ddf4b4070d3d038591c369ea2c78d155afda78c858344e9deba5b7701696
.dll windows:5 windows x86 arch:x86

0546472d5ba743ef30358a78ca8f2e43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILDMACHINE\TESTMACHINE\MODULES\STANDALONEINNOINSTALLERMODULE\Builders\Thread_1\ewb\Release\webview.pdb

Imports

webkit

shutDownWebKit
WebKitCreateInstance

mfc140u

ord7653
ord7712
ord7723
ord7722
ord5228
ord5411
ord5252
ord5763
ord5525
ord9350
ord5760
ord5549
ord5249
ord12928
ord12219
ord12251
ord10433
ord8217
ord4589
ord995
ord7997
ord6860
ord9209
ord10250
ord12239
ord8219
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12247
ord12865
ord5409
ord8386
ord8470
ord1513
ord3849
ord1514
ord325
ord1053
ord2365
ord2246
ord324
ord1052
ord2408
ord2411
ord2376
ord2410
ord485
ord2268
ord2374
ord2184
ord2300
ord2399
ord1472
ord266
ord265
ord1511

kernel32

GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
InterlockedDecrement
CloseHandle
CreateMutexW
GetLocalTime
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
GetModuleHandleW
GetComputerNameW
LocalFree
GetVolumeInformationW
GetSystemDirectoryW
GetUserGeoID
GetLastError
GetLocaleInfoW
GetUserDefaultUILanguage
GetFileAttributesW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
WaitForSingleObject
ReleaseMutex

user32

DestroyWindow
GetClientRect
wsprintfW
ShowWindow

advapi32

CryptReleaseContext
ConvertSidToStringSidW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
LookupAccountNameW

comctl32

InitCommonControlsEx

ole32

OleUninitialize
OleInitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysReAllocString

msvcp140

?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
_Mtx_init_in_situ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Mtx_destroy_in_situ

vcruntime140

_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common
__std_exception_destroy
memcpy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
memmove
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

ungetwc
fgetwc
fgetc
ungetc
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
fputwc
fwrite
fclose

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

wcsncpy
wcstok
tolower
wcspbrk
isspace

api-ms-win-crt-convert-l1-1-0

wcstoull
wcstoul
wcstod

api-ms-win-crt-heap-l1-1-0

free
malloc

Exports

Exports

_CREATE@16
_DESTROY@4
_GET_CURRENT_OFFER@4
_GET_STRING@16
_GET_STRING_LENGTH@8
_SET_CACHE_PATH@8
_SET_CALLBACK@12
_SET_MACHINE_STAT@12
_SHOW@4

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0546472d5ba743ef30358a78ca8f2e43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

webkit

mfc140u

kernel32

user32

advapi32

comctl32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB