7a25029c10830b051f5ed8db336969338e99a7c4c9293c3e33415cb04d4e1613

Sharing

Copy URL

Twitter E-mail

General

Target

7a25029c10830b051f5ed8db336969338e99a7c4c9293c3e33415cb04d4e1613
Size

4.1MB
MD5

9930956877ca5bd1119da6b6d11e7736
SHA1

dfaa551b169cb6590e834bd7ebf3cc7186b02e8a
SHA256

7a25029c10830b051f5ed8db336969338e99a7c4c9293c3e33415cb04d4e1613
SHA512

76ff5634a56454af3f8f02f5f30f117e4daaffb441090a401d4ae9692dc1673ca7288c743f5c78557f36a58bf65050f7a1ee8fe764669e4960aa30438f1bab2a
SSDEEP

98304:cetzCiQaCl/pz+rCdEm3uhtzMjxOGzH/LswWU5w55m:bzCH6hRGzH/3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a25029c10830b051f5ed8db336969338e99a7c4c9293c3e33415cb04d4e1613

Files

7a25029c10830b051f5ed8db336969338e99a7c4c9293c3e33415cb04d4e1613
.dll windows:6 windows x86 arch:x86

1a64458cea8a3ef9d26ad307522cf27d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\workspace\dtultra\setup\plugin\SetupHlp\Release\setuphlp.pdb

Imports

ws2_32

WSAGetLastError
shutdown
inet_ntoa
closesocket
WSAStartup
socket
setsockopt
sendto
recvfrom
ntohs
htons
htonl
bind
gethostbyname

gdi32

SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
ExtTextOutW
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetTextExtentPoint32W
SelectObject
DeleteObject
DeleteDC
CopyMetaFileW
CreateDCW
CreateBitmap
SetBkColor
SetTextColor
GetObjectW
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
TextOutW
MoveToEx
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
GetDeviceCaps
SetTextAlign

user32

DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
SetParent
SetWindowRgn
SetClassLongW
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetDialogBaseUnits
KillTimer
DeleteMenu
SetCursor
ShowOwnedPopups
LoadImageW
InvalidateRect
TrackMouseEvent
IntersectRect
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
CreateDialogIndirectParamW
PostQuitMessage
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
InflateRect
DialogBoxIndirectParamW
DestroyMenu
FillRect
GetWindowDC
TabbedTextOutW
AdjustWindowRect
DrawTextExW
DrawTextW
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
CharUpperW
DestroyIcon
IsDialogMessageW
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetWindowTextLengthW
LoadCursorW
GetSysColorBrush
GetSysColor
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
GetMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
GetSystemMetrics
GetParent
SendMessageTimeoutW
SetTimer
CharLowerA
LoadBitmapW
EnableWindow
SetFocus
EndDialog
DialogBoxParamW
GetWindowThreadProcessId
ScreenToClient
GetWindowRect
ReleaseDC
IsCharAlphaNumericW
GetShellWindow
GrayStringW
GetDC
SetWindowPos
IsWindow
BroadcastSystemMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
GetClassNameW
wsprintfW
AllowSetForegroundWindow
MessageBoxA
GetMenuItemInfoW
GetActiveWindow
SetWindowTextW
GetDlgItem
UnregisterClassW
PostMessageW
EnumWindows
FindWindowExW
EnumChildWindows
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
SendMessageW
RegisterWindowMessageW
SetWindowLongW
GetWindowLongW
GetClientRect
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
MessageBoxW
GetIconInfo

ole32

CoCreateGuid
CoSetProxyBlanket
ReleaseStgMedium
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
OleSetContainedObject
OleDuplicateData
StringFromGUID2
CoDisconnectObject
CoUninitialize
CoInitialize
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoGetClassObject

advapi32

QueryServiceStatus
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
SetEntriesInAclW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyExW
RegCloseKey
TraceMessage
OpenSCManagerW
OpenServiceW
StartServiceW
RegCreateKeyExW
RegDeleteKeyW
RegGetKeySecurity
RegQueryValueExW
RegSetKeySecurity
RegSetValueExW
QueryServiceConfigW
QueryServiceStatusEx
BuildSecurityDescriptorW
RegCreateKeyW
RegOpenKeyExA
RegQueryValueExA
OpenThreadToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
SetNamedSecurityInfoA
LookupAccountNameW
SetNamedSecurityInfoW
CreateProcessAsUserW
CopySid
DuplicateTokenEx
GetLengthSid
GetSidLengthRequired
GetSidSubAuthority
InitializeSid
SetTokenInformation
SaferCreateLevel
SaferCloseLevel
SaferComputeTokenFromLevel
RegCreateKeyA
DeleteService

shell32

ShellExecuteExW
ord680
DuplicateIcon
SHAppBarMessage
SHBrowseForFolderW
ShellExecuteW
ShellExecuteA
CommandLineToArgvW
SHGetFolderPathW
SHGetDesktopFolder
SHChangeNotify
SHGetFileInfoW
SHGetFolderPathA
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
SHGetPathFromIDListW

kernel32

ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
FormatMessageA
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetThreadTimes
SetEnvironmentVariableW
WakeConditionVariable
DeleteAtom
ResetEvent
GetSystemTime
InitializeCriticalSectionEx
SearchPathW
GetProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcpyW
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
WakeAllConditionVariable
FileTimeToLocalFileTime
VirtualProtect
GetUserDefaultUILanguage
GlobalFlags
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
EncodePointer
SystemTimeToFileTime
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpA
CompareStringW
ResumeThread
SetThreadPriority
GetCurrentThreadId
CopyFileW
MulDiv
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
SetLastError
GetModuleFileNameA
GetFileTime
GetSystemTimeAsFileTime
SetFileTime
GetSystemDirectoryA
CreateFileA
GetComputerNameExW
GetVersionExW
DeviceIoControl
GetVolumeInformationW
GetSystemInfo
GetVersionExA
OutputDebugStringA
CreateDirectoryA
GetComputerNameExA
GetUserDefaultLCID
GetLocaleInfoA
MoveFileA
AcquireSRWLockExclusive
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
TerminateProcess
TerminateThread
CreateThread
MoveFileW
GetVersion
OpenProcess
OpenEventW
RemoveDirectoryW
LeaveCriticalSection
IsValidLocale
GetLocaleInfoW
FindNextFileW
FindFirstFileW
FindClose
lstrcatA
lstrcpyA
GetModuleHandleA
GetCurrentProcessId
CreateEventW
CreateEventA
CreateMutexA
SetEvent
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
DecodePointer
GlobalLock
GlobalUnlock
GlobalSize
GetCurrentThread
GetModuleFileNameW
CreateProcessW
WaitNamedPipeW
DisconnectNamedPipe
WriteFile
ReadFile
MultiByteToWideChar
GetFileAttributesW
CreateDirectoryW
MoveFileExW
GetTickCount
GetExitCodeProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetTempPathW
GetTempFileNameW
GlobalFree
GlobalAlloc
WideCharToMultiByte
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask
LocalFree
LocalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemWindowsDirectoryW
GetCurrentProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetSystemDirectoryW
Sleep
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CloseHandle
DeleteFileW
CreateFileW
lstrcmpiW
FormatMessageW
GetLastError
SleepConditionVariableCS
SleepConditionVariableSRW
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
TryEnterCriticalSection
QueryPerformanceFrequency
Module32NextW
VirtualQuery
LoadLibraryExA
OutputDebugStringW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
RtlUnwind
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
InitializeConditionVariable
GetFileAttributesExW
ExitProcess
HeapQueryInformation
WriteConsoleW
GetCommandLineA
SetStdHandle
GetFileType
GetStdHandle
GetDateFormatW
GetTimeFormatW
LCMapStringW
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertNameToStrW
CertDeleteCertificateFromStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetNameStringW
CertStrToNameW
CertOpenStore

rstrtmgr

RmStartSession
RmEndSession
RmRegisterResources
RmShutdown
RmRestart
RmGetList

comctl32

ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
ImageList_Destroy
_TrackMouseEvent

setupapi

SetupDiOpenDeviceInfoW
SetupDiOpenClassRegKey
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupIterateCabinetW
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiSetSelectedDevice
CM_Get_Device_IDW
SetupDiEnumDeviceInfo

oleaut32

VariantCopy
VariantChangeType
VarBstrFromDate
SysFreeString
VariantClear
OleLoadPicture
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
SysAllocString

shlwapi

PathFindFileNameW
PathFileExistsW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

sptdintf

ord2

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight

msimg32

TransparentBlt
AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

uxtheme

IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetThemeSysColor
GetThemePartSize
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText

Exports

Exports

Activate
ActivateViaDTNet
CheckBackupTaskLogAccess
CheckEmail
CheckEmailPassword
CheckGUIStarted
CheckSerialNumber
CleanALLDTSettings
CloseGadget
DecryptString
EncryptString
ExecLowerIntegrity
ExecuteWait
FormatFile
GetAccountLink
GetAdditionalOfferText
GetAdditionalOfferUrl
GetAssocInstalled
GetBuyNowLink
GetFileAssociations
GetFileVersionHlp
GetFinishStr
GetLicenseInfo
GetLicenseServerAddrAndPort
GetOSInfo
GetOfferButtonText
GetOfferHtml
GetOfferLink
GetParamStr
GetStr
GetTextLinkOffsets
GetTextWidth
GetVar
Hlp11
Hlp3
Hlp4
InitFileAssociations
InitInstance
InitLang
InitNewSetupInstance
InstallCommonComp
InstallNETFramework
IsAdmin
IsHighDPI
IsNeedGadget
IsWindows10OrHigher
LoadRTFToReachEdit
MoveControl
MoveSetupWindow
MoveTwoLinks
OnConnectionSettings
OnForgotLink
QuoteStr
RemoveCommonCompDT
RemoveFileAssociations
RemovePhantomDevices
ResizeControl
RestartManagerRemove
RestoreFileAssociations
RevokeLicense
SelectServer
SendCloseGUI
SendGoogleStat
SetRemoteSetup
SetVar
SetupFreeDT
SetupFreeDefault
SetupInitDT
SetupInitDefault
SetupInitForNotNSIS
ShellExecuteGadget
StartUpdating
StartupInitialization
UnloadLanguageLibrary
UnpinProgram
checkNETFrameworkInstalled

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a64458cea8a3ef9d26ad307522cf27d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

gdi32

user32

ole32

advapi32

shell32

kernel32

version

crypt32

rstrtmgr

comctl32

setupapi

oleaut32

shlwapi

sptdintf

gdiplus

msimg32

oleacc

imm32

winmm

winspool.drv

uxtheme

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 512KB - Virtual size: 511KB

.data Size: 50KB - Virtual size: 137KB

.text0 Size: 33KB - Virtual size: 32KB

.reloc Size: 175KB - Virtual size: 175KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 512KB - Virtual size: 511KB

.data
Size: 50KB - Virtual size: 137KB

.text0
Size: 33KB - Virtual size: 32KB

.reloc
Size: 175KB - Virtual size: 175KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB