b41e582aa72caaf45b535ec662c57efe1ef77c652a651c262902dd6990e93b86

Sharing

Copy URL Twitter E-mail

General

Target

b41e582aa72caaf45b535ec662c57efe1ef77c652a651c262902dd6990e93b86
Size

1.1MB
MD5

ae840e460bf1a5d16fc92821a2e0ffe6
SHA1

17c561fc60cce0c14fa2f03be84eb58f5f073957
SHA256

b41e582aa72caaf45b535ec662c57efe1ef77c652a651c262902dd6990e93b86
SHA512

842078793ee681f3e3f674d8b3b47c2e3092f24b5d63bf1b3f1cb8e3c7996d4b5d5fc9ab7c7489c96ca2cb9573347267651542bf52200dde4c874a9a59f7554f
SSDEEP

24576:fKQIJZXANIxKZsFrRdPltK0TIco2dtMTZZs5BXg46DMQOSaQ4W:fKQIJZX8HGV1lhk8OWVkRraxW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b41e582aa72caaf45b535ec662c57efe1ef77c652a651c262902dd6990e93b86

Files

b41e582aa72caaf45b535ec662c57efe1ef77c652a651c262902dd6990e93b86
.exe windows:5 windows x86 arch:x86

eab3a07c63317e7f7d07fb98d7f880dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\dtl_dep\PC\dtlinstallbuilder\bin\DTLUnInstall_NU.pdb

Imports

kernel32

SetLastError
OpenProcess
GetExitCodeProcess
WaitForSingleObject
FormatMessageA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLogicalDriveStringsW
QueryDosDeviceW
GetModuleFileNameW
GetWindowsDirectoryW
GetCurrentDirectoryW
CreateEventW
SetEvent
FindClose
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
MultiByteToWideChar
LoadLibraryExW
OutputDebugStringW
lstrcmpA
lstrcmpW
FreeResource
ExitProcess
SetCurrentDirectoryW
GetFileAttributesW
SetFileAttributesW
TerminateProcess
lstrcmpiW
MoveFileExW
SetEnvironmentVariableW
VirtualProtect
GetVersionExW
GetCommandLineW
FindResourceExW
CreateProcessW
CreateDirectoryW
CopyFileW
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
CreatePipe
GetFileAttributesExW
ReadConsoleW
GetConsoleMode
LocalFree
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentProcess
DeleteFileW
GetTempFileNameW
WriteFile
GetModuleHandleW
GetProcAddress
CreateFileW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW
VerifyVersionInfoW
VerSetConditionMask
FreeLibrary
Sleep
GetTickCount
GetLastError
CreateMutexW
RemoveDirectoryW
CloseHandle
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
ReadFile
CreateProcessA
DuplicateHandle
GetTempPathW
QueryPerformanceFrequency
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
LoadLibraryExA
GetModuleFileNameA
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile

user32

ExitWindowsEx
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SwitchToThisWindow
LoadStringW
CloseClipboard
EmptyClipboard
FindWindowW
EnumWindows
GetWindowThreadProcessId
PostMessageW
MessageBoxW
OpenClipboard

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
AddAce
InitializeAcl
IsValidSid
GetLengthSid
LookupAccountNameW
CopySid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatusEx
EnumDependentServicesW
ControlService
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW
CommandLineToArgvW
ord165
DragQueryFileW
SHChangeNotify
SHGetSpecialFolderPathW
ord190

ole32

OleGetClipboard
CoUninitialize
PropVariantClear
CoInitialize
CoCreateInstance
ReleaseStgMedium
OleInitialize
CoTaskMemFree
OleUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
SysAllocStringLen
VarBstrCmp
VariantInit

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
SHStrDupW
PathAddBackslashW
PathAppendW
PathCombineW
PathIsDirectoryW
StrToIntExW
PathIsRelativeW
PathQuoteSpacesW
PathUnquoteSpacesW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessImageFileNameW

urlmon

URLDownloadToFileW

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 584KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eab3a07c63317e7f7d07fb98d7f880dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

urlmon

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 5KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 516B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 102KB - Virtual size: 102KB

.reloc Size: 584KB - Virtual size: 588KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 5KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 516B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 102KB - Virtual size: 102KB

.reloc
Size: 584KB - Virtual size: 588KB