20e11d6ebc5baec48933bac057965e237f6e4485a9de758e4b6b5ade1cedc729

Sharing

Copy URL Twitter E-mail

General

Target

20e11d6ebc5baec48933bac057965e237f6e4485a9de758e4b6b5ade1cedc729
Size

57KB
MD5

cca0d038c65c0215afeb3abf15b1a98e
SHA1

ad9b62f38b4f079445cf30ae29778116dfe5ab84
SHA256

20e11d6ebc5baec48933bac057965e237f6e4485a9de758e4b6b5ade1cedc729
SHA512

23df80eac90ab3ff6718116e607f55203ccffdce0ccd94028c7608b316a980a92666f72bee2a4b0155e7c36962f95b61c156754801a566330ff998cddafbb5c9
SSDEEP

1536:NroPvSB0CWrDW2rkRuYqOxgh6Mt05Aw2z9QS8D:OPvSB0CWrb+ubOxW05Ad9M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20e11d6ebc5baec48933bac057965e237f6e4485a9de758e4b6b5ade1cedc729

Files

20e11d6ebc5baec48933bac057965e237f6e4485a9de758e4b6b5ade1cedc729
.dll regsvr32 windows:10 windows x86 arch:x86

7e136071f2bd11c956826a2d7403887e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WPDShServiceObj.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_except_handler4_common
__std_terminate
__CxxFrameHandler3
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_CxxThrowException
memcmp
memcpy

advapi32

RegOpenKeyExW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceEvent
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
TraceMessage
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids

kernel32

HeapAlloc
DelayLoadFailureHook
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
GetProcessHeap
ResolveDelayLoadedAPI
HeapFree
HeapReAlloc
HeapSize
SetEvent
WaitForSingleObject
TrySubmitThreadpoolCallback
CreateFileW
CloseHandle
CreateEventW
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW

user32

UnregisterClassA
DefWindowProcW
PostQuitMessage
GetWindowLongW
PostMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
SetWindowLongW
CreateWindowExW
RegisterClassW
DestroyWindow
CharNextW

oleaut32

VarUI4FromStr

comctl32

ord336
ord332
ord386
ord334
ord328

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e136071f2bd11c956826a2d7403887e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

advapi32

kernel32

user32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 68B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 68B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB