5cd21d4e8d3546cfb1358374bf3fef106c0ba1f4ec22f5e50488c0a61027a188

Sharing

Copy URL

Twitter E-mail

General

Target

5cd21d4e8d3546cfb1358374bf3fef106c0ba1f4ec22f5e50488c0a61027a188
Size

233KB
MD5

7943ceda8238d28a81e5790a8d3d4429
SHA1

ab51c513047923b48512871d52f06cb70d2090a7
SHA256

5cd21d4e8d3546cfb1358374bf3fef106c0ba1f4ec22f5e50488c0a61027a188
SHA512

ec672dbad285a125e8b1e26ffab52aae4b24c6f007519098e868b3fbb07360b8a20d64819330b9220aa627b24130ee6219c2aa725914e2af5aa2611ad1892d80
SSDEEP

6144:pvKzl+gnlqBVS/e3zKkMMgx2X6D+wNUYaJhtB:wUzBg/ejKDMoh+wy7JhtB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cd21d4e8d3546cfb1358374bf3fef106c0ba1f4ec22f5e50488c0a61027a188

Files

5cd21d4e8d3546cfb1358374bf3fef106c0ba1f4ec22f5e50488c0a61027a188
.dll regsvr32 windows:5 windows x86 arch:x86

228504c386820659d7c40df0e3c6edd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\svn\masterPdf_build\rel\XDShellExtHelper.pdb

Imports

kernel32

SizeofResource
CloseHandle
lstrcmpiW
lstrlenW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
FindResourceW
FindResourceExW
GetWindowsDirectoryW
GetVersionExW
SystemTimeToFileTime
FileTimeToSystemTime
InterlockedExchange
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
LeaveCriticalSection
GetSystemTime
LoadLibraryExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
EncodePointer
GetThreadLocale
SetThreadLocale
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
IsDebuggerPresent
GetCurrentThread
GetCurrentProcess
LocalFree
FreeLibrary
GetProcAddress
LockResource
RtlCaptureStackBackTrace
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
DecodePointer
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
CreateFileW
GetStringTypeW
GetFileType
GetStdHandle
GetACP
WideCharToMultiByte
GetModuleFileNameA
ExitProcess
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId

user32

CharLowerBuffW
IsCharAlphaW
SetMenuItemBitmaps
InsertMenuW
CreatePopupMenu
CharNextW

gdi32

SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyW
IsValidSid
GetTokenInformation
OpenProcessToken
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ReleaseStgMedium
CreateStreamOnHGlobal
StringFromGUID2

oleaut32

SysAllocString
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocStringLen

shlwapi

StrRChrW
StrStrIW
ord154
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindExtensionW
PathSearchAndQualifyW

gdiplus

GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipAlloc
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteGraphics

secur32

GetUserNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

228504c386820659d7c40df0e3c6edd2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

secur32

version

Exports

Exports

Sections

.text Size: 154KB - Virtual size: 153KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 5KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 288B

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 154KB - Virtual size: 153KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 5KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 288B

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 10KB - Virtual size: 9KB