11a30b3270091fe3a1adb9cffe1d5aec3d8fe822abe874d1c67942181841182e

Sharing

Copy URL

Twitter E-mail

General

Target

11a30b3270091fe3a1adb9cffe1d5aec3d8fe822abe874d1c67942181841182e
Size

1.2MB
MD5

f305386e6d9b848ea5e62abeb99c8898
SHA1

573118f26277121770102a0a779b694a164653f4
SHA256

11a30b3270091fe3a1adb9cffe1d5aec3d8fe822abe874d1c67942181841182e
SHA512

b57fcd94f0904fede5f8bd181dcf7f19824f02d008b83d2278eb0e8b7531dc7eb896c327a24da68ae18f7cfef19bbf164eb3e82e83758eb2748940d6cfc3e105
SSDEEP

24576:4DJnkNuKWjrVyfYvrZmZ409KOArrmAG6etwX:8kNuTP8ZfUs68w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11a30b3270091fe3a1adb9cffe1d5aec3d8fe822abe874d1c67942181841182e

Files

11a30b3270091fe3a1adb9cffe1d5aec3d8fe822abe874d1c67942181841182e
.dll regsvr32 windows:5 windows x86 arch:x86

4c5e2ce04b4d12f9f0e9854e84e7fbfe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\PowerTest\PowerTest_VC6\PowerTestVC6_Release\ParseSCL.pdb

Imports

kernel32

GetFileInformationByHandle
PeekNamedPipe
DeleteFileA
CreateMutexA
ReleaseMutex
CreateEventA
WaitForMultipleObjects
PulseEvent
ResetEvent
FormatMessageA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FileTimeToLocalFileTime
OpenEventA
GetLocalTime
SetEnvironmentVariableA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringW
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapAlloc
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
ExitProcess
GetModuleFileNameA
ExitThread
CreateThread
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsBadReadPtr
HeapValidate
RtlUnwind
GetFileSizeEx
GetFileTime
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
DuplicateHandle
FileTimeToSystemTime
GlobalFlags
GetAtomNameW
lstrlenA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetTickCount
GetProfileIntW
WritePrivateProfileStringW
CompareStringA
InterlockedExchange
lstrcmpA
GetCurrentThread
GetLocaleInfoW
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleHandleA
GetCurrentProcessId
CreateEventW
SetEvent
WaitForSingleObject
CloseHandle
SuspendThread
ResumeThread
SetThreadPriority
CompareStringW
LoadLibraryA
lstrcmpW
GetCurrentThreadId
GlobalGetAtomNameW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExA
MulDiv
CopyFileW
GlobalSize
FormatMessageW
LocalFree
FreeResource
SetLastError
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpynW
DebugBreak
LoadLibraryW
GetVersionExW
GetThreadLocale
SetThreadLocale
GetSystemDefaultLangID
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
LockResource
DeleteCriticalSection
RaiseException
GetProcAddress
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection

user32

UnpackDDElParam
GetClipboardFormatNameW
GetClipboardFormatNameA
SetRectEmpty
UnregisterClassW
SystemParametersInfoW
DestroyMenu
PostQuitMessage
GetWindowThreadProcessId
TranslateMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
LoadCursorW
GetForegroundWindow
SetForegroundWindow
OpenClipboard
WindowFromPoint
GetLastActivePopup
GetNextDlgTabItem
SetCapture
KillTimer
SetTimer
ShowOwnedPopups
IsWindowVisible
ValidateRect
InvalidateRect
UpdateWindow
ReleaseDC
GetWindowDC
EndPaint
LoadAcceleratorsW
ClientToScreen
BringWindowToTop
GetMenuCheckMarkDimensions
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
GetClientRect
MapWindowPoints
PeekMessageW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetScrollRange
GetScrollPos
GetTopWindow
GetParent
GetWindow
WinHelpW
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
SetMenu
GetMenu
GetMessageTime
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
PostMessageW
RegisterWindowMessageW
GetFocus
SetFocus
EndDialog
GetActiveWindow
SetActiveWindow
EnableWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
UnhookWindowsHookEx
TranslateAcceleratorW
ReuseDDElParam
CharUpperW
RegisterClipboardFormatW
IsRectEmpty
BeginPaint
LoadMenuW
SetMenuItemBitmaps
ModifyMenuW
InsertMenuItemW
InflateRect
SetRect
PtInRect
InsertMenuW
GetSubMenu
GetMenuItemInfoW
GetMenuState
GetMenuItemID
GetMenuItemCount
EnableMenuItem
CheckMenuItem
AppendMenuW
IsMenu
CreatePopupMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DrawFocusRect
FillRect
LoadBitmapW
GetSysColorBrush
EmptyClipboard
CloseClipboard
SetClipboardData
GetKeyState
GetDesktopWindow
GetDC
GetSysColor
IsWindow
SendMessageW
GetSystemMetrics
GetCapture
ClipCursor
GetMessageW
DispatchMessageW
ReleaseCapture
SetCursor
GetMessagePos
GetCursorPos
GetWindowLongW
SetWindowLongW
CharNextW

gdi32

PtVisible
RectVisible
Polygon
PatBlt
BitBlt
GetPixel
TextOutW
ExtTextOutW
GetTextExtentPoint32W
GetObjectW
Escape
CopyMetaFileW
GetClipBox
SetTextColor
SetBkColor
DeleteDC
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
GetStockObject
GetObjectType
CreateSolidBrush
GetDeviceCaps
CreateCompatibleDC
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
CreateBitmap
CreateFontIndirectW
CreatePatternBrush
SelectObject
DeleteObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

SetThreadToken
OpenThreadToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyW
RegEnumKeyW
RegQueryValueW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RevertToSelf

shell32

DragFinish
DragQueryFileW

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW
PathFindExtensionW
PathStripToRootW

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
ReleaseStgMedium
StringFromCLSID
OleDuplicateData
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
OleRun
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

GetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
VariantChangeType
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr
SysAllocStringLen

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 870KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c5e2ce04b4d12f9f0e9854e84e7fbfe

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 870KB - Virtual size: 869KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 30KB - Virtual size: 50KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 99KB - Virtual size: 99KB

.text
Size: 870KB - Virtual size: 869KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 30KB - Virtual size: 50KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 99KB - Virtual size: 99KB