02bd3c689aeb98ac8f0c6c2b7e4669801f32fa2f53e6ee2e09f343a3e1e14ff0

Sharing

Copy URL Twitter E-mail

General

Target

02bd3c689aeb98ac8f0c6c2b7e4669801f32fa2f53e6ee2e09f343a3e1e14ff0
Size

2.0MB
MD5

aeeac2bce8f5713dfe7a2b9f2689e323
SHA1

8ad397314790193a68cd1018a968c517bbf272aa
SHA256

02bd3c689aeb98ac8f0c6c2b7e4669801f32fa2f53e6ee2e09f343a3e1e14ff0
SHA512

985bd53ee95dc9472c1fa0cead07055a5b18cb5390aa41553b420f448cb7cebc9ea29598ff7569cffb172f1d67c11ae9ad6af184b152f450e9ebcfa8216c9efc
SSDEEP

24576:IPnCDzhNyZgpG6BlXcjpBtDj+Cn2nfzA6:I+zaCpN/ADj+Cn27A6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02bd3c689aeb98ac8f0c6c2b7e4669801f32fa2f53e6ee2e09f343a3e1e14ff0

Files

02bd3c689aeb98ac8f0c6c2b7e4669801f32fa2f53e6ee2e09f343a3e1e14ff0
.dll windows:6 windows x86 arch:x86

9e23b0b3a0f61ffcc25cd63ec6b98d2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

themecpl.pdb

Imports

msvcrt

_ftol2
floor
free
_ftol2_sse
memcpy
_vsnwprintf
_itow_s
qsort
_XcptFilter
malloc
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_wcsicmp
memset
memmove
_purecall
_CIsqrt

atl

ord30

kernel32

LocalAlloc
TlsFree
SetLastError
TlsAlloc
DisableThreadLibraryCalls
DelayLoadFailureHook
GetProcAddress
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObject
CompareStringW
GetLastError
CompareStringOrdinal
ReleaseMutex
CloseHandle
InterlockedIncrement
MulDiv
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
lstrlenW
FreeLibrary
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
TlsGetValue
lstrcmpA
MultiByteToWideChar
WideCharToMultiByte
FindResourceW
lstrlenA
GetModuleFileNameW
TlsSetValue
GetCurrentProcessId
ProcessIdToSessionId
WriteProfileStringW
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
LocalFree
FormatMessageW
CreateFileW
CreateMutexW
ActivateActCtx
ReleaseActCtx
CreateActCtxW
LoadLibraryW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
InterlockedDecrement
DeactivateActCtx

advapi32

RegEnumKeyExW
EventEnabled
RegSetKeyValueW
RegCloseKey
RegEnumValueW
EventUnregister
EventRegister
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW
EventWrite

shlwapi

ord538
ord494
SHRegQueryInfoUSKeyW
SHRegEnumUSKeyW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegCloseUSKey
SHRegGetValueW
ord168
ord174
PathCanonicalizeW
PathRemoveFileSpecW
SHDeleteValueW
ord199
ord487
PathRemoveExtensionW
ord256
ord176
ord24
ord514
ord164
ord278
ord260
ord177
ord493
ord618
ord637
ord172
ord219
PathFindFileNameW
StrRStrIW
ord437
ord460
PathAddBackslashW
StrToIntExW
StrTrimW
StrStrW
SHSetValueW
PathCombineW
StrCmpW
ord204
SHStrDupW
ord158
PathAppendW
ord215
ord12
ord217
ord213
StrChrW
StrPBrkW
ord156

powrprof

GetPwrCapabilities
PowerGetActiveScheme
PowerReadDCValueIndex
PowerReadACValueIndex
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerSetActiveScheme

ole32

CreateBindCtx
CoUninitialize
CoInitializeEx
PropVariantClear
CoGetMalloc
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantClear
SysStringLen
SysFreeString
SysAllocString
SafeArrayGetElement

propsys

PropVariantChangeType
PropVariantToBSTR
PSGetPropertyKeyFromName
PSCreateMemoryPropertyStore
PropVariantToStringAlloc
PropVariantToGUID
PropVariantToBooleanWithDefault
PropVariantToBoolean

gdi32

GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateSolidBrush
GetDeviceCaps
CreateDIBSection
DeleteObject
GetObjectW

user32

EnumWindows
GetMenuItemInfoW
GetClassNameW
FindWindowW
DestroyWindow
GetSysColor
GetSystemMetrics
SendMessageW
EndDialog
EnableWindow
GetDlgItem
GetDlgItemTextW
LoadStringW
GetWindowLongW
SetWindowLongW
SetCursor
LoadImageW
TrackPopupMenu
DestroyMenu
SetWindowPos
GetAncestor
SendNotifyMessageW
SetWindowsHookExW
FillRect
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetSysColors
GetParent
GetDC
ReleaseDC
MessageBoxW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
LoadCursorW
UpdateWindow
DefWindowProcW
DialogBoxParamW
FindWindowExW
PostMessageW
GetMenuItemCount
GetFocus
DestroyIcon
GetWindowRect
IsProcessDPIAware
DeleteMenu

duser

AttachWndProcW
ForwardGadgetMessage

uxtheme

IsThemeActive
SetWindowTheme
IsCompositionActive
GetCurrentThemeName
ord1

dwmapi

ord131
ord107
ord106
ord127

slc

SLGetWindowsInformationDWORD

shell32

SHBrowseForFolderW
SHCreateShellItemArrayFromIDLists
ord19
SHBindToParent
ShellExecuteW
SHParseDisplayName
ord25
SHBindToObject
ord152
ord21
ord95
ord850
SHGetPathFromIDListW
SHGetKnownFolderIDList
ord24
ord704
SHCreateDirectoryExW
SHGetKnownFolderPath
ord27
SHGetIDListFromObject
SHCreateItemFromIDList
ord16
SHGetKnownFolderItem
SHGetNameFromIDList
ord28
ord155
ord846
ord18
SHGetFolderPathEx
ShellExecuteExW
SHCreateItemFromParsingName
ord100
ord901

ntdll

EtwLogTraceEvent
WinSqmAddToStream

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e23b0b3a0f61ffcc25cd63ec6b98d2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

kernel32

advapi32

shlwapi

powrprof

ole32

oleaut32

propsys

gdi32

user32

duser

uxtheme

dwmapi

slc

shell32

ntdll

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 22KB - Virtual size: 21KB