{D4694243-2B69-414C-BF06-50195488F70B}[.]{8488248C-89A1-4C72-A4F1-E938DAD0D591}

Resubmissions

22/07/2024, 13:59

240722-rak58a1bke 3

Sharing

Copy URL Twitter E-mail

General

Target

{D4694243-2B69-414C-BF06-50195488F70B}.{8488248C-89A1-4C72-A4F1-E938DAD0D591}
Size

24.6MB
MD5

f799036c7b6782d04ff970005f456792
SHA1

838b4d9f3ec122fbe1772410754cd1211382420e
SHA256

2aec10ff1938a6b701eef40e90e470689927a0851ac15250084f00594eb4e04f
SHA512

68f329376f47a9ad25124babcae14b423eeb3664061088379bdff52e1be7f3882d84faf7df7508a24fb7591acc0914516234986ee15b7017242b750169f20a61
SSDEEP

393216:pf3tJ3PHzgUIroRfVJSnjKtRbHrrhw2f1l1pu0U3nuYIYDexVb0wrGJkOr:99FHzpZSn+tJHr+29laRI6e/AczOr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
{D4694243-2B69-414C-BF06-50195488F70B}.{8488248C-89A1-4C72-A4F1-E938DAD0D591}

Files

{D4694243-2B69-414C-BF06-50195488F70B}.{8488248C-89A1-4C72-A4F1-E938DAD0D591}
.dll windows:4 windows x86 arch:x86

b003a085a0cab8dbaef154e5d5206fc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PackDDElParam
LoadAcceleratorsA
ClipCursor
GetWindowThreadProcessId
CharNextExA
GetClipboardViewer

ole32

OleCreate
CreateDataCache
WriteClassStm
CreateGenericComposite
STGMEDIUM_UserFree
OleIsRunning
ReadClassStm
OleDestroyMenuDescriptor
CoGetCurrentProcess
StgOpenStorageOnILockBytes
GetHGlobalFromILockBytes
OleNoteObjectVisible
ReleaseStgMedium
OleCreateLink
SetConvertStg
CoFreeLibrary
OleLoad
CoDisconnectObject
OleDuplicateData
CreateStdProgressIndicator
CoGetStandardMarshal
PropVariantCopy
CLIPFORMAT_UserFree
CreateILockBytesOnHGlobal
OleGetClipboard
CoRegisterClassObject
CoRegisterSurrogate
CoCreateFreeThreadedMarshaler
IIDFromString
OleSetClipboard
CoUninitialize
CreatePointerMoniker
HGLOBAL_UserUnmarshal
HBITMAP_UserUnmarshal
SNB_UserUnmarshal
CoRegisterPSClsid
ReadFmtUserTypeStg
OleMetafilePictFromIconAndLabel
StgGetIFillLockBytesOnILockBytes
SNB_UserMarshal
CoGetObject
CLIPFORMAT_UserUnmarshal
HMENU_UserFree
CoUnmarshalHresult
HBITMAP_UserSize
RegisterDragDrop
CoGetClassObject
OleGetAutoConvert
StringFromGUID2
OleCreateEmbeddingHelper
OleConvertIStorageToOLESTREAM
StringFromCLSID
CreateFileMoniker
OleCreateDefaultHandler
GetRunningObjectTable
CoSuspendClassObjects
CreateAntiMoniker
MonikerCommonPrefixWith
CreateBindCtx
OleTranslateAccelerator
OleCreateFromFileEx
OleFlushClipboard
CoFileTimeToDosDateTime
OleGetIconOfFile
OleRun
OleRegEnumFormatEtc
CoTaskMemFree
StgCreateStorageEx
CoGetTreatAsClass
CoLockObjectExternal
WriteFmtUserTypeStg
CoRegisterMessageFilter
StringFromIID
HWND_UserUnmarshal
SNB_UserFree
StgOpenStorageEx
StgCreateDocfileOnILockBytes
CoReleaseServerProcess
CreateOleAdviseHolder
GetConvertStg
StgCreatePropStg
HPALETTE_UserMarshal
HGLOBAL_UserSize
CoLoadLibrary
GetHGlobalFromStream
HACCEL_UserSize
GetClassFile
HMENU_UserUnmarshal
STGMEDIUM_UserUnmarshal
RevokeDragDrop
CoBuildVersion
CoFileTimeNow
CoCreateGuid
StgCreatePropSetStg
HWND_UserSize
CreateItemMoniker

advapi32

CloseServiceHandle
ObjectOpenAuditAlarmA
RegEnumValueA

oleaut32

CreateErrorInfo

winmm

mixerClose
waveOutWrite
auxGetNumDevs
mmioAdvance
midiStreamOpen
mmioDescend
mmioSetBuffer
mciGetErrorStringW
waveOutSetVolume
midiOutCachePatches
DefDriverProc
CloseDriver

comctl32

ImageList_EndDrag
ImageList_SetIconSize
ImageList_BeginDrag
PropertySheetA
ImageList_Replace
DestroyPropertySheetPage
ImageList_DragLeave
ord14
ImageList_LoadImageA
ord15
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetImageInfo
ord13
ord5
ImageList_SetOverlayImage
ord16
ImageList_DragShowNolock

clusapi

ClusterNetInterfaceControl
SetClusterNetworkName
GetClusterGroupState
ClusterResourceTypeControl
ClusterResourceControl
SetClusterResourceName
ClusterNetworkCloseEnum
ClusterRegDeleteValue
ClusterRegSetValue
ClusterRegOpenKey
CreateClusterResource
OpenClusterNetwork
GetClusterQuorumResource
FailClusterResource
ClusterNetworkEnum
ClusterOpenEnum
ChangeClusterResourceGroup
ClusterRegCreateKey
ClusterNodeControl
SetClusterGroupNodeList
OpenCluster
OpenClusterNetInterface
GetClusterResourceState
ClusterCloseEnum
ClusterResourceOpenEnum
CloseClusterNetwork
ResumeClusterNode
RemoveClusterResourceDependency
ClusterGroupOpenEnum
GetClusterNetInterface
ClusterGroupControl
CloseCluster
ClusterNodeOpenEnum
CloseClusterNetInterface
ClusterGroupCloseEnum
ClusterGroupEnum
ClusterRegEnumValue
GetClusterNodeState
ClusterResourceCloseEnum

resutils

ClusWorkerCreate
ResUtilGetResourceDependency
ResUtilGetSzProperty
ResUtilStopResourceService
ResUtilVerifyResourceService
ResUtilIsPathValid
ResUtilGetAllProperties
ResUtilResourcesEqual
ResUtilEnumResources
ResUtilSetSzValue
ResUtilGetBinaryProperty
ResUtilFreeParameterBlock
ResUtilVerifyPrivatePropertyList
ResUtilGetDwordProperty
ClusWorkerTerminate
ResUtilDupParameterBlock

wininet

InternetCanonicalizeUrlW
InternetOpenUrlA
InternetCrackUrlA
GopherGetAttributeA
HttpQueryInfoW
GetUrlCacheEntryInfoA
InternetAttemptConnect
InternetSetFilePointer
FtpRemoveDirectoryA
GetUrlCacheEntryInfoW
SetUrlCacheEntryInfoW
InternetSetStatusCallback
UnlockUrlCacheEntryFile
CommitUrlCacheEntryW
GetUrlCacheEntryInfoExA
InternetWriteFile
InternetFindNextFileA
FtpRenameFileW
FindNextUrlCacheEntryW
HttpOpenRequestA
FindFirstUrlCacheEntryExW
GopherCreateLocatorA

msvcrt

free
_initterm
memcmp
_adjust_fdiv
malloc

urlmon

CreateURLMoniker
IsAsyncMoniker
CreateAsyncBindCtx
URLDownloadToFileA
CoInternetParseUrl
CoInternetCreateSecurityManager
URLOpenStreamA
ReleaseBindInfo
IsValidURL
CreateAsyncBindCtxEx
URLOpenBlockingStreamA
UrlMkSetSessionOption
URLDownloadToCacheFileW
CoInternetGetSecurityUrl
CopyBindInfo
URLDownloadToFileW
CoInternetCombineUrl
URLDownloadToCacheFileA

mpr

MultinetGetConnectionPerformanceA
WNetGetNetworkInformationA
WNetGetLastErrorA
WNetOpenEnumA
WNetConnectionDialog1W
WNetGetUniversalNameA
WNetOpenEnumW
WNetCancelConnectionA

kernel32

FindFirstChangeNotificationA

lz32

GetExpandedNameA

Exports

Exports

J4388g1
KNQQWWQH8ENWNQWK
fRF067B
wS396X8

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b003a085a0cab8dbaef154e5d5206fc5

Headers

File Characteristics

Imports

user32

ole32

advapi32

oleaut32

winmm

comctl32

clusapi

resutils

wininet

msvcrt

urlmon

mpr

kernel32

lz32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 4KB - Virtual size: 872B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 872B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB