ca218f7ba3d9e516165bd7449b090a8547ae61883ceda7f660828c468ba135d2

Sharing

Copy URL Twitter E-mail

General

Target

ca218f7ba3d9e516165bd7449b090a8547ae61883ceda7f660828c468ba135d2
Size

280KB
MD5

436f72fc8cc4202fd2ce4d96bf4666af
SHA1

c461db590772c0ba39b0f7adaba9e82d280d82e2
SHA256

ca218f7ba3d9e516165bd7449b090a8547ae61883ceda7f660828c468ba135d2
SHA512

9f025dd3508be264680bff9e87dceba5929385ecb7944e8cdea19183b286bc91d4a538e289fb4e1950630602be0b60138098e039eb9379a486d5b7d3fbe70172
SSDEEP

3072:Ng4f30/kYwqjNTR3PjiFalAsL1OxEsPlY91vymRgYIXJWVzhO0HHQIP9CSI:5YFNh7aal1BsPOqy2WVzhOE8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca218f7ba3d9e516165bd7449b090a8547ae61883ceda7f660828c468ba135d2

Files

ca218f7ba3d9e516165bd7449b090a8547ae61883ceda7f660828c468ba135d2
.dll regsvr32 windows:5 windows x86 arch:x86

1537d78bcc63d0742cbe4c988a475ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DTSCONN.pdb

Imports

msvcr80

??0exception@std@@QAE@ABV01@@Z
wcsncmp
wcscpy_s
??_U@YAPAXI@Z
_snwprintf_s
memset
memmove
realloc
_wtol
swprintf_s
memcpy
wcsrchr
wcsspn
??2@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
wcscspn
_wcsupr_s
wcsstr
_wcsicmp
iswspace
__RTDynamicCast
_purecall
memmove_s
memcpy_s
wcspbrk
wcschr
__CxxFrameHandler3
_recalloc
calloc
wcsncpy_s
_CxxThrowException
??_V@YAXPAX@Z
free
_vsnwprintf
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_wcsdup
iswalpha
wcstol
_itow_s
_wtoi
vswprintf_s
??3@YAXPAX@Z
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??0exception@std@@QAE@ABQBD@Z

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?widen@?$ctype@G@std@@QBEGD@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?flags@ios_base@std@@QBEHXZ
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?width@ios_base@std@@QBEHXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEHPBGH@Z
?length@?$char_traits@G@std@@SAIPBG@Z
??_D?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?str@?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z

atl80

ord22
ord64
ord15
ord23
ord61
ord30
ord32
ord58
ord31
ord18

kernel32

LocalAlloc
GetFileType
GetLongPathNameW
GetStringTypeW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetModuleHandleW
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ReadFile
GetUserDefaultUILanguage
GetEnvironmentVariableW
LoadLibraryA
SetEnvironmentVariableW
lstrcpyW
lstrcatW
SetLastError
GetSystemTime
SystemTimeToTzSpecificLocalTime
RaiseException
DeleteCriticalSection
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
SetThreadLocale
GetThreadLocale
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetFullPathNameW
GetCurrentDirectoryW
GetLocaleInfoW
CloseHandle
WriteFile
CreateFileW
WideCharToMultiByte
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageW
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary

user32

UnregisterClassA
IsWindow

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

oleaut32

SafeArrayCopy
SafeArrayRedim
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnlock
SafeArrayGetElement
SafeArrayDestroy
VariantChangeType
VariantCopy
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
GetErrorInfo
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCat
SysStringLen
SysAllocString
SysFreeString

ole32

StringFromGUID2
CoCreateFreeThreadedMarshaler
CoCreateGuid
CreateStreamOnHGlobal
CoCreateInstance

dtsmsg100

?GetOleDbErrorInfo@CErrorHelper@@SAJJPAUIErrorInfo@@PAPAG@Z
?FormatMessageW@CErrorHelper@@SAJPAKPBXKPAPAGZZ
?GetErrorDescription@CErrorHelper@@SAJJPAPAG@Z
?FormatMessageWithVaList@CErrorHelper@@SAJPAKPBXKPAPAGPAD@Z

crypt32

CertCloseStore
CertCreateCertificateContext
CryptUnprotectData
CertFindCertificateInStore
CertOpenSystemStoreW
CertGetNameStringW
CertFreeCertificateContext

shell32

SHGetFolderPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1537d78bcc63d0742cbe4c988a475ea7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

msvcp80

atl80

kernel32

user32

advapi32

oleaut32

ole32

dtsmsg100

crypt32

shell32

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 216KB

.data Size: 14KB - Virtual size: 17KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 216KB - Virtual size: 216KB

.data
Size: 14KB - Virtual size: 17KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 25KB - Virtual size: 25KB