65552223ae98ad1870b1a73e1b6745c8718895f5bb6ce6b5d76d577137b8f409

Sharing

Copy URL Twitter E-mail

General

Target

65552223ae98ad1870b1a73e1b6745c8718895f5bb6ce6b5d76d577137b8f409
Size

300KB
MD5

849da1c27da8d0951fa660c7061eba65
SHA1

c87ead0bc22399859c5e436f6a7c4968aec0b507
SHA256

65552223ae98ad1870b1a73e1b6745c8718895f5bb6ce6b5d76d577137b8f409
SHA512

b386f7828c03edcf021d10b0720b6f6125452e666991df86992c85c45b9b768f0c511a10b675bfc5bbece10e7ae89b07525ce6fc3e21f146452c48785dbde42c
SSDEEP

6144:NxuAC94qPSgBr9l2zWvntgVOcKp3q+mKGzq74PeM2XtoO:S74qPSgBr90MCEcKtmXJPe9oO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65552223ae98ad1870b1a73e1b6745c8718895f5bb6ce6b5d76d577137b8f409

Files

65552223ae98ad1870b1a73e1b6745c8718895f5bb6ce6b5d76d577137b8f409
.dll regsvr32 windows:5 windows x64 arch:x64

d2bc5f01d0936c6a6cc8a450353f38ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\code3\rel\XDShellExtHelper64.pdb

Imports

kernel32

lstrcmpiW
lstrlenW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
FindResourceW
FindResourceExW
GetWindowsDirectoryW
GetVersionExW
SystemTimeToFileTime
FileTimeToSystemTime
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
CloseHandle
LoadLibraryExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
EncodePointer
GetThreadLocale
SetThreadLocale
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SizeofResource
LoadResource
IsDebuggerPresent
GetCurrentThread
LocalFree
GetCurrentProcess
GetProcAddress
FreeLibrary
LockResource
RtlCaptureStackBackTrace
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetSystemTime
DecodePointer
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetStringTypeW
CreateFileW
GetFileType
GetStdHandle
GetACP
WideCharToMultiByte
GetModuleFileNameA
ExitProcess
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetLastError
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext

user32

CharLowerBuffW
IsCharAlphaW
SetMenuItemBitmaps
InsertMenuW
CreatePopupMenu
CharNextW

gdi32

SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyW
IsValidSid
GetTokenInformation
OpenProcessToken
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ReleaseStgMedium
CreateStreamOnHGlobal
StringFromGUID2

oleaut32

SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
SysStringLen

shlwapi

StrStrIW
StrRChrW
ord154
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindExtensionW
PathSearchAndQualifyW

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipAlloc
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteGraphics

secur32

GetUserNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2bc5f01d0936c6a6cc8a450353f38ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

secur32

version

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 224B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 224B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 3KB