9c1fc07caa1a140c9129b0535fb51514c57eec0ff1c9ce99c9e434c041663ea5

Sharing

Copy URL

Twitter E-mail

General

Target

9c1fc07caa1a140c9129b0535fb51514c57eec0ff1c9ce99c9e434c041663ea5
Size

611KB
MD5

79d02d92c3f4b095db397085e7cf3906
SHA1

aa399da96c19f60d378c1e6c80336e8148715644
SHA256

9c1fc07caa1a140c9129b0535fb51514c57eec0ff1c9ce99c9e434c041663ea5
SHA512

82368c96838371b0db74d08d0f3aefbb23283b3a8e71e28cdfb644cb854d0627db29992975ecc6f0bffbe2d7e3b64e0289dd4653cf12c774004b3bb0a2075026
SSDEEP

12288:Gyf5rSjj2taDMyFaAT3Gqu4rJaY6jIdafAwAqYbgKsPoy2PZkn:tfsjj2t6FaAT3laYtgAqwgKSd24

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c1fc07caa1a140c9129b0535fb51514c57eec0ff1c9ce99c9e434c041663ea5

Files

9c1fc07caa1a140c9129b0535fb51514c57eec0ff1c9ce99c9e434c041663ea5
.dll regsvr32 windows:5 windows x64 arch:x64

4f24c58abf54bd4fbc477970e27932e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\workpath\netOffice\officeaddin\v2\NativeWPSAddin\bin\Release\NativeWPSAddin64.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

HeapFree
HeapSize
GetProcessHeap
GetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
CloseHandle
GetModuleHandleW
CreateFileW
QueryPerformanceCounter
QueryPerformanceFrequency
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
FreeLibrary
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
lstrlenW
LoadLibraryW
GetModuleHandleA
OutputDebugStringW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RaiseException
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryExW
HeapReAlloc
DecodePointer
SetCurrentDirectoryW
GetModuleFileNameA
EncodePointer
GetThreadLocale
SetThreadLocale
CreateProcessA
GetTempPathW
MoveFileW
MoveFileExW
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
WriteConsoleW
SetStdHandle
HeapAlloc
HeapDestroy
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
FindNextFileW
FindFirstFileW
DeleteFileW
RtlUnwind
GetModuleFileNameW
FindClose
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TerminateThread
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
SetEvent
LocalFree
GetCPInfo
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetCurrentThreadId
FindResourceW
FlushFileBuffers
GetFileType
GetStdHandle
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ExitProcess
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
IsDebuggerPresent
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetStringTypeW
InitializeSListHead

user32

wsprintfA
CharNextW
wsprintfW

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegGetValueA
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
CheckTokenMembership
GetUserNameA
FreeSid
AllocateAndInitializeSid
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
StringFromCLSID
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree

oleaut32

LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
RegisterTypeLi
VariantInit
SysAllocString
VariantClear
UnRegisterTypeLi

shlwapi

wnsprintfA
ord176
PathAddBackslashW

iphlpapi

GetAdaptersInfo

winhttp

WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSetOption
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpWriteData
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpAddRequestHeaders

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
StartInstall

Sections

.text
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f24c58abf54bd4fbc477970e27932e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 407KB - Virtual size: 407KB

.rdata Size: 163KB - Virtual size: 162KB

.data Size: 10KB - Virtual size: 16KB

.pdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 407KB - Virtual size: 407KB

.rdata
Size: 163KB - Virtual size: 162KB

.data
Size: 10KB - Virtual size: 16KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB