79762a4c0127da6066da43e993aebf4c42fdba28068b82de8d3c756d54599b61

Sharing

Copy URL

Twitter E-mail

General

Target

79762a4c0127da6066da43e993aebf4c42fdba28068b82de8d3c756d54599b61
Size

4.6MB
MD5

edbe04e2dce101f43f78f2b3dd6c2d8a
SHA1

1a794336d58db2f6554677cfb0467d28c8988f5f
SHA256

79762a4c0127da6066da43e993aebf4c42fdba28068b82de8d3c756d54599b61
SHA512

b97e6edc916cfdb16813ffcfd6677722304ced310a8cd78a91eb231a62f97200b6fbc8a4458e8a0bea4959e7139de6dd02fd621f17649c41a34610dfb9307e25
SSDEEP

98304:oSy8zJSGbaXrx4LhPls8HMe9FOzI7NX4a9B55m:ryNxqPDFOzIt9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79762a4c0127da6066da43e993aebf4c42fdba28068b82de8d3c756d54599b61

Files

79762a4c0127da6066da43e993aebf4c42fdba28068b82de8d3c756d54599b61
.dll windows:6 windows x86 arch:x86

84508fd277a6fbf897e3ee6814e0bd89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\workspace\dtlite\setup\plugin\SetupHlp\Release\setuphlp.pdb

Imports

bcrypt

BCryptCreateHash
BCryptHashData
BCryptImportKeyPair
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptVerifySignature
BCryptGetProperty
BCryptDestroyKey

ws2_32

inet_ntoa
gethostbyname
WSAGetLastError
shutdown
closesocket
WSAStartup
socket
setsockopt
sendto
recvfrom
ntohs
htons
htonl
bind

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetTextExtentPoint32W
SelectObject
DeleteObject
DeleteDC
CopyMetaFileW
CreateDCW
CreateBitmap
SetBkColor
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
CreatePolygonRgn
GetObjectW
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
GetDeviceCaps
SelectPalette

user32

DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
SetParent
SetWindowRgn
SetClassLongW
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
DialogBoxIndirectParamW
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetDialogBaseUnits
KillTimer
DeleteMenu
SetCursor
ShowOwnedPopups
LoadImageW
InvalidateRect
TrackMouseEvent
IntersectRect
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
CreateDialogIndirectParamW
PostQuitMessage
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
AdjustWindowRect
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
CharUpperW
DestroyIcon
IsDialogMessageW
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
IsCharAlphaNumericW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetWindowTextLengthW
LoadCursorW
GetSysColorBrush
GetSysColor
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
GetMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
GetSystemMetrics
GetParent
SendMessageTimeoutW
SetTimer
CharLowerA
LoadBitmapW
EnableWindow
SetFocus
EndDialog
DialogBoxParamW
GetWindowThreadProcessId
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
SetWindowPos
IsWindow
BroadcastSystemMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
GetClassNameW
GetShellWindow
GetWindowLongW
EnumWindows
FindWindowExW
EnumChildWindows
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
wsprintfW
AllowSetForegroundWindow
MessageBoxA
GetActiveWindow
SetWindowTextW
GetClientRect
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
DrawTextW
DefWindowProcW
MessageBoxW
GetDlgItem
UnregisterClassW
PostMessageW
SendMessageW
RegisterWindowMessageW
SetWindowLongW
GetIconInfo
IsIconic

ole32

CoCreateGuid
ReleaseStgMedium
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
OleSetContainedObject
CoGetClassObject
CoInitialize
CoCreateInstance
CoSetProxyBlanket
OleDuplicateData
StringFromGUID2
CoDisconnectObject
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoUninitialize

advapi32

CreateServiceW
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyExW
RegCloseKey
TraceMessage
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RegCreateKeyExW
RegDeleteKeyW
RegGetKeySecurity
RegQueryValueExW
RegSetKeySecurity
RegSetValueExW
QueryServiceConfigW
QueryServiceStatusEx
BuildSecurityDescriptorW
RegCreateKeyW
RegOpenKeyExA
RegQueryValueExA
OpenThreadToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
SetNamedSecurityInfoA
LookupAccountNameW
SetNamedSecurityInfoW
CreateProcessAsUserW
CopySid
DuplicateTokenEx
GetLengthSid
GetSidLengthRequired
GetSidSubAuthority
InitializeSid
SetTokenInformation
SaferCreateLevel
SaferCloseLevel
SaferComputeTokenFromLevel
RegCreateKeyA
FreeSid

shell32

DragFinish
SHBrowseForFolderW
SHAppBarMessage
DuplicateIcon
ord680
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
ShellExecuteA
CommandLineToArgvW
SHGetDesktopFolder
SHChangeNotify
DragQueryFileW
SHGetFileInfoW
SHGetFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListW

kernel32

ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
FormatMessageA
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetThreadTimes
SetEnvironmentVariableW
WakeConditionVariable
GetDriveTypeW
DeleteAtom
ResetEvent
GetSystemTime
InitializeCriticalSectionEx
SearchPathW
GetProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
WakeAllConditionVariable
lstrcpyW
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
VirtualProtect
GetUserDefaultUILanguage
GlobalFlags
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
EncodePointer
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpA
CompareStringW
ResumeThread
SetThreadPriority
GetCurrentThreadId
CopyFileW
MulDiv
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
SetLastError
GetModuleFileNameA
GetFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
SetFileTime
GetSystemDirectoryA
CreateFileA
GetComputerNameExW
GetVersionExW
DeviceIoControl
GetVolumeInformationW
GetSystemInfo
GetVersionExA
OutputDebugStringA
CreateDirectoryA
GetComputerNameExA
GetUserDefaultLCID
GetLocaleInfoA
MoveFileA
AcquireSRWLockExclusive
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
TerminateProcess
TerminateThread
CreateThread
MoveFileW
GetVersion
OpenProcess
OpenEventW
RemoveDirectoryW
LeaveCriticalSection
IsValidLocale
GetLocaleInfoW
FindNextFileW
FindFirstFileW
FindClose
lstrcatA
lstrcpyA
GetModuleHandleA
GetCurrentProcessId
CreateEventW
CreateEventA
CreateMutexA
SetEvent
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
DecodePointer
GlobalLock
GlobalUnlock
GlobalSize
GetCurrentThread
GetModuleFileNameW
CreateProcessW
WaitNamedPipeW
DisconnectNamedPipe
WriteFile
ReadFile
MultiByteToWideChar
GetFileAttributesW
CreateDirectoryW
MoveFileExW
GetTickCount
GetExitCodeProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetTempPathW
GetTempFileNameW
GlobalFree
GlobalAlloc
WideCharToMultiByte
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask
LocalFree
LocalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemWindowsDirectoryW
GetCurrentProcess
CreateMutexW
WaitForSingleObject
ReleaseMutex
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetSystemDirectoryW
Sleep
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CloseHandle
DeleteFileW
CreateFileW
lstrcmpiW
FormatMessageW
GetLastError
SleepConditionVariableCS
SleepConditionVariableSRW
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
QueryPerformanceFrequency
TryEnterCriticalSection
Module32NextW
VirtualQuery
LoadLibraryExA
InitializeConditionVariable
OutputDebugStringW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
RtlUnwind
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
HeapQueryInformation
GetCommandLineA
SetStdHandle
GetFileType
GetStdHandle
WriteConsoleW
GetDateFormatW
GetTimeFormatW
LCMapStringW
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertGetNameStringW
CertStrToNameW
CryptStringToBinaryA
CertNameToStrW
CertDeleteCertificateFromStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertOpenStore

rstrtmgr

RmGetList
RmShutdown
RmRestart
RmRegisterResources
RmStartSession
RmEndSession

comctl32

ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
ImageList_Destroy
_TrackMouseEvent

setupapi

SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
CM_Get_Device_IDW
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenClassRegKey
SetupIterateCabinetW
SetupDiSetSelectedDevice
SetupDiEnumDeviceInfo

oleaut32

VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
LoadTypeLi
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString
VarBstrFromDate
OleLoadPicture

shlwapi

PathFileExistsW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

sptdintf

ord2

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight

msimg32

AlphaBlend
TransparentBlt

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

uxtheme

OpenThemeData
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
GetThemeColor

Exports

Exports

Activate
ActivateViaDTNet
CheckBackupTaskLogAccess
CheckEmail
CheckEmailPassword
CheckGUIStarted
CheckSerialNumber
CleanALLDTSettings
CloseGadget
DecryptString
EncryptString
ExecLowerIntegrity
ExecuteWait
FormatFile
GetAccountLink
GetAdditionalOfferText
GetAdditionalOfferUrl
GetAssocInstalled
GetBuyNowLink
GetFileAssociations
GetFileVersionHlp
GetFinishStr
GetLicenseInfo
GetLicenseServerAddrAndPort
GetOSInfo
GetOfferButtonText
GetOfferHtml
GetOfferLink
GetParamStr
GetStr
GetTextLinkOffsets
GetTextWidth
GetVar
Hlp11
Hlp3
Hlp4
InitFileAssociations
InitInstance
InitLang
InitNewSetupInstance
InstallCommonComp
InstallNETFramework
IsAdmin
IsFeatureActivated
IsHighDPI
IsNeedGadget
IsWindows10OrHigher
LoadRTFToReachEdit
MoveControl
MoveSetupWindow
MoveTwoLinks
OnConnectionSettings
OnForgotLink
QuoteStr
RemoveCommonCompDT
RemoveFileAssociations
RemovePhantomDevices
ResizeControl
RestartManagerRemove
RestoreFileAssociations
RevokeLicense
SelectServer
SendCloseGUI
SendGoogleStat
SetRemoteSetup
SetVar
SetupFreeDT
SetupFreeDefault
SetupInitDT
SetupInitDefault
SetupInitForNotNSIS
ShellExecuteGadget
StartUpdating
StartupInitialization
UnloadLanguageLibrary
UnpinProgram
checkNETFrameworkInstalled

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84508fd277a6fbf897e3ee6814e0bd89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

ws2_32

gdi32

user32

ole32

advapi32

shell32

kernel32

version

crypt32

rstrtmgr

comctl32

setupapi

oleaut32

shlwapi

sptdintf

gdiplus

msimg32

oleacc

imm32

winmm

winspool.drv

uxtheme

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 520KB - Virtual size: 520KB

.data Size: 50KB - Virtual size: 141KB

.text0 Size: 601KB - Virtual size: 600KB

.reloc Size: 177KB - Virtual size: 177KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 520KB - Virtual size: 520KB

.data
Size: 50KB - Virtual size: 141KB

.text0
Size: 601KB - Virtual size: 600KB

.reloc
Size: 177KB - Virtual size: 177KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB